Data Protection & Confidentiality Policy

This policy was adopted on 30 August 2022 and is reviewed annually

Policy Statement

At Natural Nurture we recognise that we hold sensitive/confidential information about children and their families and the staff we employ. This information is used to meet children’s needs, for registers, invoices and emergency contacts. We store all records in a locked cabinet or on the office computer with files that are password protected in line with data protection principles. Any information shared with the staff team is done on a ‘need to know’ basis and treated in confidence. This policy works alongside the Privacy Notice to ensure compliance under General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) and Data Protection Act 2018.
  • We follow the legal requirements set out in the Statutory Framework for the Early Years Foundation Stage (EYFS) 2021 and accompanying regulations about the information we must hold about registered children and their families and the staff working at the nursery
  • We follow the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR), Data Protection Act 2018 and the Freedom of Information Act 2000 with regard to the storage of data and access to it.


It is our intention to respect the privacy of children and their families and we do so by:
  • Storing confidential records in a locked filing cabinet or on the office computers which are password protected
  • Ensuring staff, student and volunteer inductions include an awareness of the importance of the need to protect the privacy of the children in their care as well as the legal requirements that exist to ensure that information relating to the child is handled in a way that ensures confidentiality. This includes ensuring that information about the child and family is not shared outside of the nursery other than with relevant professionals who need to know that information. It is not shared with friends and family, discussions on the bus or at the local bar. If staff breach any confidentiality provisions, this may result in disciplinary action and, in serious cases, dismissal. Students on placement in the nursery are advised of our confidentiality policy and required to respect it
  • Ensuring that all staff, volunteers and students are aware that information about children and families is confidential and only for use within the nursery and to support the child’s best interests with parental permission
  • Ensuring that parents have access to files and records of their own children but not to those of any other child, other than where relevant professionals such as the police or local authority children’s social care team decide this is not in the child’s best interest
  • Ensuring all staff are aware that this information is confidential and only for use within the nursery setting. If any of this information is requested for whatever reason, the parent’s permission will always be sought other than in the safeguarding circumstances above
  • Ensuring staff do not discuss personal information given by parents with other members of staff, except where it affects planning for the child's needs
  • Ensuring staff, students and volunteers are aware of and follow our social networking policy in relation to confidentiality
  • Ensuring issues concerning the employment of staff remain confidential to the people directly involved with making personnel decisions
  • Ensuring any concerns/evidence relating to a child's personal safety are kept in a secure, confidential file and are shared with as few people as possible on a ‘need-to-know’ basis. If, however, a child is considered at risk, our safeguarding/child protection policy will override confidentiality.
All the undertakings above are subject to the paramount commitment of the nursery, which is to the safety and well-being of the child.

General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) compliance

In order to meet our requirements under GDPR we will also undertake the following:
  1. 1.
    We will ensure our terms & conditions, privacy and consent notices are easily accessed/made available in accurate and easy to understand language
  2. 2.
    We will use your data to ensure the safe, operational and regulatory requirements of running our Nursery. We will only contact you in relation to the safe, operational and regulatory requirements of running our Nursery. We will not share or use your data for other purposes. Further detail can be found in our GDPR policy.
  3. 3.
    Everyone in our nursery understands that people have the right to access their records or have their records amended or deleted (subject to other laws and regulations).
  4. 4.
    We will ensure staff have due regard to the relevant data protection principles, which allow them to share (and withhold) personal information, as provided for in the Data Protection Ac 2018 and the GDPR. This includes:
  • Being confident of the processing conditions which allow them to store and share information for safeguarding purposes, including information which is sensitive and personal, and should be treated as ‘special category personal data.’
  • Understanding that ‘safeguarding of children and individuals at risk’ is a processing condition that allows practitioners to share special category personal data. This includes allowing practitioners to share information without consent where there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner but it is not possible to gain consent, it cannot be reasonably expected that a practitioner gains consent, or if to gain consent would place a child at risk.

Who is Responsible?

It is the responsibility of all members of staff to ensure that all confidential information including personal records for children, parents and staff remain confidential. The information stored in the nursery files about the children is available only to setting staff and the individual child's parents. This information is stored securely.
All members of staff will be aware of the Confidentiality Policy and procedures and will be required to accept and sign the setting’s confidentiality agreement. At all times, any information given by parents or children will be treated with the safety and wellbeing of the children in mind.
The setting will consider any unauthorised sharing of information as a serious offence and will take appropriate disciplinary action against anyone who breaks the confidentiality agreement.
All parents should note that in cases where there is a child protection concern for a child, the setting has a legal responsibility to share this information and, as such, it does not fall within the scope of this policy.

Who has access to stored information?

Staff members have access to the Personal File’s of the children they are key workers for, Accident and Incident Forms, medical information, consent forms, admissions forms and attendance records. The Operations Manager stores this information securely and staff members request the files as needed. These files never leave the premises. Electronic copies of these files are only accessible by the Management Team and require a password to view.
Developmental Records are held electronically. Online information is password-protected and can only be accessed by staff and pre-agreed members of the child’s family. These online records are contributed to and used by all teaching staff to inform planning and reporting to parents. Online files can be accessed and updated by Key Workers via the nursery iPads but are not left open and unattended. iPads are password-protected. To further ensure that no unauthorised person has access to children's developmental records; staff agree that any assessments uploaded at home are added using a designated PC/iPad and that they always logout as soon as they leave the computer. The Nursery Management software app, Famly, also has an automatic logout function for added security.
Parents have a right to request access to their children’s files from the Nursery Operations Manager at any time.
Children’s records include:
  • Developmental progress and achievements
  • Photos and copies of their work as evidence
  • Admissions forms
  • Consent forms
  • Attendance records
  • Contact information
  • Medical information
  • Accident or Incident reports
  • Any other information provided by parents.

Meetings with Parents and Staff

Confidential information may often be shared verbally between parents and staff. This should be done in a quiet setting where other parents and children are not in earshot and, wherever possible, in a separate room.
When staff members discuss children with each other, they should do so confidentially and away from other parents and children.

Personnel Information

Staff members’ files are stored securely by the Operations Manager and are viewed and contributed to only by the Management Team. Staff have access to their own file on request.
Personnel Records include:
  • Applications/CVs
  • Contracts
  • Payroll Information
  • Absence and sickness records
  • Continuing Professional Development and Training records
  • Peer observation and inspection records (internal or external)

Retention of Files

When a child leaves the setting, the Nursery Manager decides which of their developmental records should be given to parents and which should be passed on to the child’s next school or nursery.
When a staff member leaves the setting, they take with them their Continuing Professional Development Records and other files at the discretion of the Nursery Manager.
Other files may be retained at the nursery for a reasonable period of time after the child or staff member has left.
The Management Committee will periodically decide when to destroy other files that have been retained by the Nursery.
Please see our Document Retention Policy for further information.
If you wish to speak to us about this policy please contact the Operations Manager.