General Data Protection Regulations (GDPR)





Safeguarding and Welfare Requirement: Information and records

Records must be easily accessible and available to those. who have a right or professional need to see them. Providers must ensure that all staff understand the need to protect privacy of the children in their care as well as the legal requirements that exists to ensure confidentiality.

Statement of Intent:


Ladybirds Preschool complies with the obligations of the General Data Protection Regulations (GDPR, 2018). We have systems in place to ensure that our collection, storage and retention of personal and general data meets all legal requirements. Although consent is a huge part of GDPR, as a preschool we have lawful obligations that require us to collect, process and store personal data.


Data Controllers determine the purposes and means of processing personal data. Ladybirds data controllers are; Zoe Marler-Hausen (Executive Manager) with support from Jade Parker (Parkside Manager)


Data processors are responsible for processing personal data on behalf of a controller. Ladybirds data processors are; Carmel Gardener (Administrator for Porchester Road) and Emily Payne (Parkside Setting)


Reasons for collecting data


We only collect data that is necessary for us to carry out our duties as a preschool.  We collect information from you and may receive information about you from your previous Early Years Provider or education provider, local authorities and the Department for Education (DfE).


A great deal of the information we collect is included in the Parent Declaration Form, completed on your child’s admission to an Early Years Provider which, when signed, indicates that you understand how your families data will be processed. In addition, we collect information for 30 hours eligibility, 2 year old funding eligibility, on learning and development, on safeguarding and welfare & special educational needs and disabilities.


What we use data for


We hold this personal data and use it to:


  • Support teaching and learning.  In order to facilitate this, we may share information with a software supplier to set up the systems needed for children and parent/carers to access. When your child applies for a school place, information may be forwarded to your child’s new school to aid transition into their next phase of education. If your child changes Early Years Provider or attends more than one provider, information may be shared between Early Years Providers.
  • Monitor and report on learning and development.
  • Provide appropriate pastoral care (Keeping Children Safe in Education 2019).
  • Assess how well we, as an education provider, are doing.
  • Co-operate with Southampton City Council and external partners to improve the well-being of children, under the duty of the Children Act 2004

Working together to safeguard children - GOV.UK (  updated Feb 2024

  • Share information with Southampton City Council and external partners to support the duty to safeguard and promote the welfare of children, under the Children Act 1989 and 2004, Section 17
  • Provide information via statutory census returns to the DfE and in turn this will be available for the use of Southampton City Council to carry out its official functions, or a task in the public interest. 
  • Send Child level information to Southampton City Council on a regular basis in accordance with our information sharing agreement to enable the local authority to meet its duty under Data Protection legislation to ensure that the data it holds is accurate and also to carry out its official functions, or a task, in the public interest.


Your information will not be used for any other purpose or shared with any other organisation unless provided for by law or covered in this Privacy Notice.


The Early Years Provider’s member of staff responsible for data protection, who should be contacted in writing if you would like to receive a copy of the information about you that we hold or share, is:


  • Settings Administrator –  Carmel (Porchester)  Emily Payne (Parkside)


For information on how long the Early Years Provider will store the information collected please refer to the providers Retention of Records Policy.


Should you have any concerns with how your data is being processed, the following steps should be taken:


Step 1:             Contact the Early Years Provider Data Protection Officer.

Step 2:             If concerns remain unresolved, follow the Early Years Provider Complaints procedure.

Step 3:             Contact the Information Commissioner's Office (


For further information on the circumstances under which you have the right to request access to, or rectification\erasure of, your personal data please visit the Information Commissioner’s website.



Where we do not have a lawful basis to hold data, we will ensure that we have permission to do so.  Examples of this include (but are not limited to);


  • Photographs of children. No photographs will be taken or displayed without the parents/carers permission. We routinely delete photographs stored on our computer systems.
  • Every Child a Talker audit.

Where permission has been given, access to records is available and permission can be withdrawn by informing preschool in writing.


Retention Periods for Records


The following table outlines the retention periods that the preschool will follow, if a request to deletion of records has not been made.  Some records have a legal retention period, others are a recommended retention period.



Children’s records


Retention period



Children’s records  including registers and medication record books

A reasonable period of time after children have left the provision.  Ladybirds will keep these records until after the next Ofsted inspection.


Statutory Framework for the Early Years Foundation Stage

Children’s records of accidents and injuries

Until the child reaches the age of 21


Limitations Act 1980

Safeguarding and welfare records (including copy of written summary of information transferred to schools)

Until the child reaches the age of 24


Limitations Act 1980

SEN records

25 years from the birth of the child


Education Act 1996

Records of any reportable death, injury, disease or dangerous occurrence

3 years after the date the record was made

If it involves a child then up to age 21


The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 RIDDOR

Personnel records

Retention period



Personnel files and training records (including disciplinary records and working time records)

6 years after employment ceases


Chartered Institute of Personnel and Development

DBS check

6 months


We will maintain on employee files the reference number, the date a check was obtained and who obtained it





DBS Code of Practice



Wage/salary records (including overtime, bonuses and expenses)

6 years


Taxes Management Act 1970

Statutory Maternity Pay (SMP) records

3 years after the end of the tax year to which they relate


The Statutory Maternity Pay (General) Regulations

Statutory Sick Pay (SSP) records

3 years after the end of the tax year to which the relate


The Statutory Sick Pay (General) Regulations 1982

Income tax and National Insurance returns/records

At least 3 years after the end of the tax year to which they relate


The Income Tax (Employments) Regulations 1993

Staff accident records

3 years after the date the record was made


Social Security (Clams and Payments) Regulations 1979

Records of any reportable death, injury, disease or dangerous occurrence

3 years after the date the record was made


Social Security (Claims and Payments) Regulations 1979

Assessments under Health and Safety Regulations and records of consultations with safety representatives and committees



Chartered Institute of Personnel and Development

Financial Records




Accounting records

6 years from the end of the financial year


Companies Act 2006

Charities Act 2011

Administration Records




Employers liability insurance records



Health and Safety Executive

Minutes of company meetings

10 years


Companies Act 2006





To ensure that all those using – and working in – the pre-school can do so with confidence, we adhere to the following procedures:


  • Parents/carers have ready access to the files and records of their own children but do not have access to information on any other child.
  • Any concerns/evidence relating to a child’s personal safety and personal information regarding a child are kept in a secure, confidential file and are only shared on a need to know basis. 
  • Issues to do with the employment of staff remain confidential to the people directly involved with making personnel decisions.
  • All information regarding the children, their families or other members of staff, that maybe learned as part of the job is kept completely confidential by all staff members, students and volunteers. Information is not be discussed with anyone other than those directly involved and is always discussed in an appropriate place and in an appropriate way e.g. information is never discussed using sources such as the Internet, Facebook etc.
  • The staff team keep all mobile phones in the pre-school office during session times.  Personal mobile phones are never be used to take photographs of the children.
  • Visitors to the pre-school will be reminded that they are not to use mobile phones at any time whilst in our setting and phones will be stored in our office for the duration of their visit.


This policy links to a number of other policies to which the Preschool adheres to, particular reference would be;


Images of children policy/ Safeguarding policy/Pupil Premium





Document ID-

Policy adopted at meeting – Jun 2007

Reviewed by : Ladybirds Directors


Date reviewed



16/06/2023 ZMH

Sep 17



March 18



24/03/2024 ZMH

Print | Sitemap
© Ladybirds Preschool Southampton