Bright and Beautiful Maternity Care
Qualified and experienced maternity nanny in Hampshire
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Data Protection Policy
In order to provide a quality childcare service and comply with legislation, I will need to request information from parents about their child and family.
Some of this will be personal data.
I take families’ privacy seriously, and in accordance with the General Data Protection Regulation (GDPR), I will process any personal data according to the seven principles below:
1. I must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. I will be clear about what data I am collecting, and why.
2. I must only use the data for the reason it is initially obtained. This means that I may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.
3. I must not collect any more data than is necessary. I will only collect the data I need to hold in order to do the job for which I have collected the data.
4. I will ensure that the data is accurate, and ask parents to check annually and confirm that the data held is still accurate.
5. I will not keep data any longer than needed. I must only keep the data for as long as is needed to complete the tasks it was collected for.
6. I must protect the personal data. I am responsible for ensuring that I, and anyone else charged with using the data, processes and stores it securely.
7. I will be accountable for the data. This means that I will be able to show how I (and anyone working with me) am complying with the law.
Procedure
I have registered with the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. All aspect of the family personal circumstances will be kept confidential, unless a child protection issue arises. I will be asking parents for personal data about themselves and their child/ren in order to deliver a childcare service (see privacy notice). I am legally required to hold and use this personal data in order to comply with the statutory framework for a period of 7 years.
Subject access
Parents have the right to inspect records about their child at any time. This will be provided without delay and no later than one month after the request, which should be made in writing. I will ask parents to regularly check that the data is correct and update it where necessary.
Storage
I will keep all paper-based records, such as baby’s daily diary’s, consultancy based notes locked away in a securely locked desk at my home office. Records relating to individual children on my computer or telephone, externally or in cloud storage such as iCloud, Google Drive, Dropbox or Whats App,including digital photos or videos, I will obtain parents’ permission. This also includes CCTV. I will store the information securely, for example, password-protected files or finger print/passcode protected on my mobile phone, to prevent viewing of the information by others with access to the computer or mobile phone. Backup files will be stored on an external hard drive which I will be locked away when not being used. Firewall and virus protection software are in place.
Information sharing
I am expected to share information with other maternity nurses if the role dictates. I will not share any information with anyone without parents’ consent, unless there is a child protection concern.
Record keeping
I keep a baby diary and share this with you as the parents of the child, it will be left at the family home when “off duty” I keep digital notes when working on a consultancy basis or troublsehooting basis. I record all accidents in an accident book. I will notify the parents and public liability insurance company of any accidents which may result in an insurance claim, e.g. an accident resulting in a doctor or hospital visit. I record all significant incidents in an incident book and I will share these with parents so that together we can work to resolve any issues. I will only share information if it is in a child’s best interests to do so. For example in a medical emergency I will share medical information with a healthcare professional. If I am worried about a child’s welfare I have a duty of care to follow the Local Safeguarding Children Board procedures and make a referral. Where possible I will discuss concerns with you before making a referral.
External links and Social Media Platforms
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt caution before clicking any external web links mentioned. Any communications, engagement and actions taken through external social media platforms that this website uses, are custom to the terms and conditions and privacy policies held with each social media platform. Wise communication and due care/caution are advised in regard to their own privacy and personal details. At no time will any personal or sensitive information be requested through social media platforms.
Wix Website Cookies
janebarnfield.wixsite.com: My website is hosted by Wix, Inc. Your information including personal information may be stored through Wix's servers. By using this website you consent to Wix collection, disclosure, storage of your personal information in accordance with Wix's privacy policy available at www.wix.com/about/privacy
Jane Barnfield does not use cookies and or collate, share or use any information, apart from responding to an initial enquiry, where the contact form on Jane Barnfield has been used.
Safe Disposal of Data
I am required by law to keep data for a period of 7 years after the end of the contract. I have a review plan in place and ensure that data is disposed of appropriately and securely. Suspected Breach: If I suspect that data has been accessed unlawfully, I will inform the relevant parties immediately and report to the Information Commisioners Office within 72 hours. I will keep a record of the data breach.
Last updated: This Data Protection Policy was last updated on the 7th June 2018.