Your data's journey through Nuffield Health Children's services
Discover how your data may be processed through our Children's services
Information you may be asked to provide
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to make it really clear which information is optional, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
When you first sign up to one of our Children’s Services you will be asked to complete a child’s registration form and any necessary consent forms. You may be asked to provide:
- Personal details – including details about your child, including characteristics such as ethnicity, language and nationality.
- Emergency contact details – including additional people, other than parents/guardians, with authorisation to collect the child from the setting.
- Details about any allergies, medication or information we might need to know about your child in an emergency.
- We require Health Visitor and GP details for Day Nursery Registrations
It is really important that we have the most accurate and up to date information about you and your child so please ensure that you let us know as soon as possible if any of the information you have given us previously has changed. To update your details please speak to your Children’s Service Manager.
Information we may collect about you or your child
- Contractual matters – including the child’s days and times of attendance, a record of the child’s fees, any records of fee reminders and/or disputes.
- Children’s health and well-being – including discussions about every day matters regarding the health and well-being of the child with the parent/guardian, records of accidents and medication records.
- Safeguarding and child protection concerns – including records of all welfare and protection concerns and our resulting actions, meetings and telephone conversations about the child and any information regarding a Looked After Child.
- Early support and SEN – including any focussed intervention provided by our setting, a record of the child’s IEP (Individualised Education Program) and, where relevant, their Statement of Special Education Need.
- Correspondence and reports – including letters and emails to and from other agencies and any confidential reports relating to specific children.
Why we need this information and how we might use it
Nuffield Health hold all of you and your child’s information in one record. There is one record for each child attending our setting. If you have more than one child attending our setting you will have a separate record for each child.
We might use you or your child’s data to:
- Safeguard the children in our care in accordance with relevant legislation.
- Comply with Government legislation.
- Assess the quality of our services.
Who your information may be shared with
Internally: We ensure that access to children’s files is restricted to those authorised to see them such as the manager, deputy, designated person for child protection, the child’s key person or the setting SENCo.
Externally: The information that you provide to us, whether mandatory or voluntary, will be regarded as confidential. We do not share information about your child with anyone without consent, unless the law and our policies allow us to do so.
Notwithstanding, we are obliged to share confidential information without authorisation from the person who provided it, or to whom it relates, when:
- There is evidence that the child is suffering, or is at risk of suffering significant harm.
- There is reasonable cause to believe that a child may be suffering, or is at risk of suffering, significant harm.
It is to prevent significant harm
arising to children, young people or adults, including the prevention,
detection and prosecution of serious crime.
Your rights in respect of your personal data
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of the key rights available to you.
- Data Subject Access Request - with some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. Where the data is data that you have given to us, you have the right to receive your copy of it in a common electronic format, and to provide copies of it to other people if you wish (Right to Data Portability).
- Right to Rectification - you have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as assessments of performance or fitness to work.
- Right to Erasure - in some limited circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (for example, because we are obliged to do so by law).
- Right to Restrict Processing - you also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, for example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.
The above is not a complete and exhaustive statement of the law.
Fair and lawful processing
Each organisation is required to demonstrate that they are processing personal data fairly and lawfully, to do this we must have a ‘lawful basis for processing’ personal data. Consent is probably the condition that has gained the most attention but we only rely on consent in limited circumstances e.g. to share information with a third party or your GP.
The Children’s Services Team will mainly be processing data based on the following lawful basis for processing:
- Article 6
is necessary for the performance of a contract to which the individual is party
or in order to take steps at the request of the individual prior to entering
into a contract.
Article 6 (1)(f) Legitimate interests: the processing is necessary because of a legitimate interest or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Article 6 (1)(c) Processing is necessary for compliance with a legal obligation to which Nuffield Health are subject.
Article 9 (2)(c) Processing is necessary to protect the vital interests of the individual or any other person where the individual is incapable of giving consent.
What does that actually mean?
In order to provide you with the level of support agreed to in our contracts in a safe and effective way we need to process the data discussed, and as such, we are doing so lawfully. This means we may not always ask your consent each time we use your data if what we are doing is linked to your treatment or doing something we must do by law.
When things go wrong
- Nuffield Health pride ourselves with the quality of our services and consistent positive customer satisfaction, however, we understand that in a small number of cases you may have cause to raise a concern regarding an element of your patient journey. It is important that Nuffield Health learn from these episodes to continually enhance services and as such we carry out thorough investigations. In order to fully investigate your concern we may need to share information with our compliance team, senior leaders or other parties not directly involved with your care. For example, if you were referred to PDS via your insurer, GP or hospital we might need to discuss your concern with your insurer, GP or hospital staff in order to fully investigate it. In any case, we will only share a limited amount of information, as little as is necessary to investigate the concern. We may also need to share details of your concern with health professionals involved in your care for the purposes of the investigation.
- If the concern has come via a third party e.g. a regulator, body or solicitor, we may need to disclose your data with them in order to resolve, defend or investigate a concern.
How long we will keep your personal data for
Children: We retain children’s
records for 3 years after they have left the setting, unless the records relate
to an accident or child protection matter. These are kept until the child
reaches the age of 21 years or 24 years respectively.
Adults: We retain parent’s records for 3 years after their child has left the setting, except records that relate to an accident or child protection matter. These are kept until the child reaches the age of 21 years or 24 years respectively.
If you would like to discuss anything in this document or you would like further information about how your personal data may be processed please contact your Children’s Services Manager.If you are not satisfied with how we handle your personal data or a request to exercise one of your rights in relation to your data, you can contact the Data Protection Officer firstname.lastname@example.org
Should you remain dissatisfied you have a right to complain to the Information Commissioner’s Office on 0303 123 1113 or through their websitehttps://ico.org.uk/