Tinies Settings Privacy Notice
Tinies Daycare ("Tinies/we") is a managed service and consultancy business providing childcare solutions. Whether you are a parent looking for a space in one of our nurseries, crèches or holiday clubs or a business looking to provide childcare, Tinies must process personal data so that we can provide these services to you. Tinies knows that you care how information about you is used, shared and stored, and Tinies assures you that we will do so carefully, sensibly and always in accordance with UK Data Protection laws.
You may give your personal details to Tinies directly, such as on an enquiry form or on a registration form, via our website, or when speaking or meeting a member of the Tinies team. Under UK law, Tinies must have a legal basis for processing your personal data once collected. For the purposes of providing you with childcare services, we will only use your personal data in accordance with the terms of this Privacy Notice.
Tinies has never and will never sell your data to any third party, and we will only share your data in accordance with this Privacy Notice and in order to provide our childcare services to you.
For more information on Tinies' Setting Data Protection Policy and Procedures please click here.
1. Collection and use of personal data
A. Purpose of processing and legal basis
Tinies will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with childcare services. The legal bases we rely upon to offer these services to you are:
1) Explicit consent - where we are processing sensitive personal data;
2) Contractual necessity - where we are processing your data in order to enter into a contract with you or to perform our duties under an existing contract;
3) For the purposes of our legitimate interests - in other circumstances including where data is provided to us on behalf of a data subject; and
4) In rare cases, a legal obligation - where we are required to pass on details to a regulatory authority such as Ofsted, DBS, LADO and the NHS for track and trace and test and trace purposes
B. Recipients of data
Tinies will process and share your personal data and/or sensitive personal data with the following recipients:
1) Tinies Settings: Your details will be shared with those running the setting that you are enquiring about - Nursery, Creche or Holiday Club.
2) Our IT company, Sapnagroup: Sapna develop our website, holiday club and retail database and maintain the servers that run them. Sapna are required to abide by UK Data Protection Laws and are trusted partners of Tinies.
3) iConnect: iConnect is one of our nursery database system providers. They are required to abide by UK Data Protection Laws and are trusted partners of Tinies.
4) Regulatory Authorities: if we are required to do so, we may have to share your data with the childcare regulatory body, LADO or equivalent.
The database systems provided by Sapnagroup and iConnect help us to manage our settings smoothly. Your data is stored securely and can only be accessed by authorised personnel.
C. Contractual requirement
Your personal data is required to enable us to fulfil our obligations under our Terms and Conditions with you. We cannot offer or provide our childcare services without having to take your data, process it and share it. You are obliged to provide the personal data under the contractual terms with Tinies but if you choose not to provide the data,we cannot perform any childcare service for you.That means we cannot offer your child a place at one of our settings for example, or discuss childcare solutions with you.
D. Personal data we collect
1) We may need personal details which might include details of members of your family, family structure, health and wellbeing.
2) We will only collect what is necessary and will only keep it for as long as we are required to do so in line with our data retention register. You can ask us for a copy.
3) We may also collect via our website information about your computer and about your visits to and use of this website including; your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths; information that you post to our website for publication on the internet including your user name, your profile pictures and the content of your posts.
2. Data retention
Tinies will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
To comply with the EYFS, Ofsted, Care Inspectorate, CSSIW, HSC, and other regulatory bodies there is a large amount of data that we must hold, and keep hold of. For example, Child and Parent details must be kept and recorded for a minimum of 2 years and accident reports must be kept for 21 years and 3 months. We keep children's and parent records for 4 years prior to deletion. Our Data Retention Register can be viewed on request; please be aware that the Data retention period becomes active when you are no longer using Tinies services, not from the date of joining or collecting/creating the data.
In any case, you have a legal right to ask us to delete your data at any time by contacting Tinies, but please note if you do, we can no longer offer your child a place at our setting. If however, there is any safeguarding issue, or safeguarding allegation, we are obliged to keep your data indefinitely.
3. Your rights
Please be aware that you have the following data protection rights:
- The right to be informed about the personal data Tinies processes on you;
- The right of access to the personal data Tinies processes on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Right to Withdraw Consent: where you have consented to Tinies processing your data you have the right to withdraw that consent at any time by contacting the Tinies Data Protection Officer (see details below) or by emailing firstname.lastname@example.org but please note if you do, we can no longer offer your child a place at our setting.
Right to Erasure of Data: where you wish Tinies to delete your data (subject to certain conditions being met for which see our Data Protection Policy and Procedure), please contact the Tinies Data Protection Officer (see details below) or email email@example.com. Please note that we are legally obliged to retain certain data even if you make a data deletion request, in accordance with legislation requirements (detailed in paragraph 3, clause 2 above).
Cookies being used by Tinies:
Used for PHP session maintenance. This allows the client to identify itself to the server and without this the site cannot function. Valid for 1 hour after the cookie is set.
2. ga, gid, _ga_
Third party Google Analytics cookies. Click here for more information about Google Analytics.
5. Safeguarding Measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have several layers of security measures in place, including measures such as:
1) SharePoint system (the cloud-based system we use to store and access all of our data) has been built by Microsoft with security in mind. This includes threat detection, phishing and social engineering mitigation, and the option for multifactor authentication.
2) Data is transferred directly within the SharePoint environment whenever possible. When data must be shared with external parties, it is done so via temporary direct access and any login details are sent in split communications (e.g., encrypted email and SMS).
3) All transmission of data from our system across the public internet and out to our settings is conducted with encryption in transit via SSL.
4) If you provide us with information via our website, you acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
5) You are responsible for keeping the password you use for accessing our website or booking systems confidential; we will not ask you for your password (except when you log in our systems).
6. Complaints or Enquiries
Tinies has appointed a Data Protection Officer (DPO) who is responsible for ensuring Tinies compliance with the Data Protection Laws. The DPO's contact details are:
Name: Lindsey Doe
Tel: 020 7384 0322
If you have a complaint or suggestion or query about Tinies' handling of personal data then please contact the DPO.
Alternatively you can contact the ICO directly on 0303 123 1113 or here.