ABCDE Playgroup complies with the Data protection laws in the Netherlands and in the EU, that is the General Data Protection Regulations 2016/679 (GDPR). We are fully committed to safeguard the privacy and data of children, young people, parents and carers that are in contact with us.
This policy describes how this personal data must be collected, handled and stored to meet ABCDE Playgroups data protection standards.
6 Principles about Personal Data which shall be abided by according to the GDPR are that:
- Personal Data (including email address and name and surname, home address, amongst others) must be processed fairly, lawfully and in a transparent manner in relation to the data subject;
- Personal Data is collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes;
- Personal is adequate, relevant and limited to what is necessary in relation to the purpose for which data is processed;
- Personal Data is accurate and where necessary, kept up to date;
- Personal Data is kept in a form that permits identification of data subjects for no longer than is necessary for the purpose for which data is processed; and that
- Personal Data is processed in a way that ensures appropriate security of the personal data including protection against accidental loss, destruction or damage
ABCDE Playgroup shall be obliged to share confidential information without authorisation from the person who provided it, or to whom it relates, if it is in the public interest. That is when:
- it is to prevent a crime from being committed or to intervene where one may have been, or to prevent harm to a child or adult; or
- not sharing it could be worse than the outcome of having shared it.
Special mention has to be made in relation to GDPR Article 8 which relates to the Conditions Applicable to child’s consent in relation to information society services. Specifically Article 8(1) states that:
“Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.”
When parents choose to participate in the activities of ABCDE Playgroup, they will share information about themselves and their families. This information is regarded as confidential.
- Parents sign our Registration Form at registration to confirm that they understand this;
- We ask parents to give written consent to share information on our private or public social media channels;
- Consent must be freely given and informed - that is the person giving consent needs to understand why information will be shared, what will be shared, who will see information, the purpose of sharing it and the implications for them of sharing that information as detailed in the Privacy Notice.
- Consent may be explicit, verbally but preferably in writing, or implicit, implied if the context is such that sharing information is an intrinsic part of our service or it has been explained and agreed at the outset.
- Consent can be withdrawn at any time.
- We explain our GDPR and Information Sharing Policy to parents.
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the ABCDE Playgroup Core Volunteers.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Subject access requests
- Data should be protected by strong passwords that are changed regularly and never shared between employees
- Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing services
- Data should be backed up frequently. Those backups should be tested regularly, in line with the playgroups standard backup procedures
- All servers and computers containing data should be protected by approved security software and a firewall
- All areas of our website use SSL encryption
All individuals who are the subject of personal data held by ABCDE Playgroup are entitled to:
- Ask what information the Playgroup holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the playgroup is meeting its data protection obligations
A subject access request is possible by sending an email to: email@example.com
Last updated December 2020