Bearsden Before and After School Care (“BBASC”)
The General Data Protection Regulation (GDPR) was implemented in May 2018 and governs the protection of the rights and privacy of individuals, ensuring that information about them is not processed without their knowledge or consent. Bearsden After School Care is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data.
GDPR means that we must:
Manage and process personal data correctly
All data will be reviewed every six months
Protect the individual’s right to privacy
Allow an individual access to the personal information held on them.
GDPR applies to electronic and paper records held in structured filing systems containing personal data, meaning data which relates of living individuals who can be identified from the data. It also applies to personal data held visually in photographs or video clips.
The Information that we collect
BBASC hold records of all Children registered with us, name, address, contact details for parents, medical conditions and allergies and how to best care for the individual child whilst in our care. Parent/Carer information includes names, addresses, phone numbers, email addresses and bank details in line with Care Inspectorate Guidelines.
Our Legal Basis
The information and personal data we collect is under a ‘consent’ legal basis insofar as this is defined, and in accordance with, General Data Protect Regulation guidelines.
Access to information
BBASC holds personal and sensitive data in respect of its Children and Parents/Carers in accordance with General Data Protection Regulation 2018. We promise that your information will remain confidential and be stored safely and securely. Only BBASC employees will have access to members’ personal data however, there may be occasions, during an inspection or when your information may be disclosed to The Care Inspectorate however, they are only interested in checking our procedures and not your personal details.
BBASC will respect the privacy of Children and their Families and we will do so by:
Storing confidential records in a locked filing cabinet;
Ensuring that all staff, volunteers and students are aware that this information is confidential and only for use within the facility;
Ensuring that parents have access to files and records of their own children but not to those of any other child;
Ensuring that children have access to their records – however if they request personal data to be erased which we are required to have by law, then we would not be able to provide a service for them. Where a child is too young to give informed consent the parent or carers consent will be sought;
Gaining parental permission for any information to be used other than for the above reasons;
Ensuring staff do not discuss personal information given by parents with other members of staff, except where it affects planning for the child's needs;
Ensuring staff, student and volunteer inductions include an awareness of the importance of confidentiality in the role of the key person.
General consent to keep/display photographs in the playroom is sought through our child application form. Please note that we will now require to gain specific and additional written consent from both the Child and Parent/Carer before posting a photograph on our website, facebook, twitter etc. if a child/parent is identifiable.
Disposal of Data
We retain children’s records for up to one year for admin purposes and up to six years for financial purposes after they have left the setting, except records that relate to an accident or child protection matter. These are kept until the child reaches the age of 21 years or 24 years respectively. For insurance purposes, we will keep records of accidents/ incidents for 40 years.
All data will be shredded and disposed of through our head office