Skip to main content

GDPR Privacy Policy

At Tiddlywinks Day Nursery LTD we take privacy very seriously and we are currently updating all our records to ensure that we are fully meeting the new data protection standards (General Data Protection Regulation (GDPR)).

We are registered with the Information Commissioner’s Office (ICO).

The categories of children’s information that we collect, hold and share include:

  • personal information (such as name, address, date of birth)
  • characteristics (such as ethnicity, language, nationality, country of birth, early years pupil

premium eligibility)

  • attendance information (such as sessions attended, number of absences and absence


  • observations and assessment information and tracking of progress
  • medical information
  • information on special educational needs and disabilities (including if accessing Disability

Living Allowance and entitled the Disability Access Fund)

  • referrals to other relevant services
  • safeguarding information.

We also collect, hold and share information on the children’s parents/guardians only with working professionals and trusted third party organisations:

  • personal information (names, address, contact numbers and emails)
  • National Insurance numbers.

Why we collect and use this information

We use the children’s and parents’ data to:

  • support their learning and development, to enable staff to plan suitable activities to extend

their knowledge and skills

  • ensure that all children are safe within our childcare provision
  • monitor and report on their progress
  • provide appropriate behavioural and emotional support as required
  • assess the quality of our services as a childcare provider
  • comply with the law regarding data sharing (GDPR)
  • meet the requirements of the early years foundation stage (EYFS)
  • make claims for funding.

The lawful basis on which we use this information

We collect and use children’s information under the following lawful bases:

  • Contract: the processing is necessary for a contract we have with you the parents/guardian

of the child to provide childcare and the contract that we have with the local authority to

provide funded childcare to eligible families.

  • Legal obligation: the processing is necessary for us to comply with the law (submitting data

for the early years census).

Collecting children’s information

While the majority of children’s information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain children’s information to us or if you have a choice in this.

Storing children’s data

We are required to hold children’s data for a reasonable period of time after children have left the provision (eg until after the next Ofsted inspection) as a requirement under the EYFS. The Limitation Act 1980 recommends that we retain data until the child reaches the age of 21 — or until the child reaches the age of 24 for child protection records.

Your data will be held securely and will only be accessible by staff who are authorised to do so.

Who we share children’s information with

We routinely share children’s information with:

  • schools that the child attends after leaving our provision
  • other local childcare providers where the child is engaging currently (wrap around of blended childcare)
  • our local authority (for funding claims and the early years census)
  • the DfE (annual early years census)
  • special education needs co-ordinators
  • NHS services (health visitors and speech and language therapists).


Why we share children’s information

We do not share information about our children with anyone without your consent unless the law and our policies allow us to do so.

We share children’s data with the DfE on a statutory basis. We are required to submit data to our local authority (Manchester City Council) for them to submit as part of the annual early years census in January and to access childcare funding.

Data collection requirements

To be granted access to children’s information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

Requesting access to your personal data

Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s early years record, contact Gaynor Mott via email

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • claim compensation for damages caused by a breach of the Data Protection Regulations.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the ICO.

If you would like to discuss anything in this privacy notice, please contact:

Name of childcare provision:         Tiddlywinks Day Nursery LTD

Name of Data Protection officer:    Gaynor Mott



Ofsted Judgement – Effective Leadership and Management

Statutory Framework for the Early Years Foundation Stage – The Safeguarding & Welfare Requirements – Introduction – 3.2, Information & Records – 3.68 & 3.69

Tiddlywinks Policies & Procedures – Access to Information, Confidentiality, Legislation, Records, Working in Partnership with Parents & Carers, Working in Partnership with Multi-Agencies, GDPR, Recruitment, Safeguarding,

Please sign and date below to confirm you have read and understood the above Policy & Procedure