GDPR Policy

Allaboutbabies GDPR Policy

In order to provide a quality service and comply with legislation, I will need to request information from parents about their child and family. Some of this will be personal data.    

I take families’ privacy seriously, and in accordance with the General Data Protection Regulation (GDPR), I will process any personal data according to the seven principles below:

  1. I must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. I will be clear about what data I am collecting, and why.  
  2. I must only use the data for the reason it is initially obtained. This means that I may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.  
  3. I must not collect any more data than is necessary. I will only collect the data I need to hold in order to do the job for which I have collected the data.  
  4. I will ensure that the data is accurate, and if working with parents for a prolong period will ask parents to check annually and confirm that the data held is still accurate.  
  5. I will not keep data any longer than needed. I must only keep the data for as long as is needed to complete the tasks it was collected for.   
  6. I must protect the personal data. I am responsible for ensuring that I, and anyone else charged with using the data, processes and stores it securely. 
  7. I will be accountable for the data. This means that I will be able to show how I am complying with the law.

Procedure

I have registered with the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. 

I expect parents to keep private and confidential any sensitive information they may accidentally learn about any other families attending my workshops and courses, unless it is a child protection issue. 

I will be asking parents for personal data about themselves and their child/ren in order to deliver my services effectively. I will only hold this data for as long as necessary to effectively carry out my service effectively.

Storage 

I do not keep paper records. All information is stored via my computer which is password-protected files, to prevent viewing of the information by others with access to the computer. Some data is stored via Jotform and WordPress which are both GDPR compliant. 

Information sharing 

I will not share any information with anyone without parents’ consent, unless there is a child protection concern. 

Record keeping 

I will only share information if it is in a child’s best interests to do so. For example in a medical emergency I will share medical information with a healthcare professional. If I am worried about a child’s welfare I have a duty of care to follow the Local Safeguarding Children Board procedures and make a referral. Where possible I will discuss concerns with you before making a referral. 

Additional  

BLOGS: Anyone who voluntarily signs up to my blog will receive an email every time an update is made. I will be sent your email address however this will be deleted from my systems and I will not use this information to send anything other than the blog for which you voluntarily signed up for.  

JOTFORM INFORMATION: Any information obtained via Jotform on signing up to a workshop or course will only ever be used to contact you with information for that specific workshop/course you have signed up for.