Confidentiality Policy

Policy Created: 26th august 2025
Review date: Annually, or sooner if legislation or guidance changes

This policy sets out how Cheeky Minds protects the confidentiality of children, families, and staff, and how we comply with the UK GDPR (2018), Data Protection Act (2018), and the EYFS Statutory Framework (2025).

We recognise that children and families have the right to privacy, and that safeguarding information appropriately is vital to building trust and meeting legal requirements.

Principles

  • Confidentiality is respected at all times.

  • Personal data will only be collected, stored, and shared where necessary and lawful.

  • Information will be shared on a need-to-know basis to protect children’s welfare.

  • We comply with the 7 principles of GDPR: lawfulness, fairness & transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality; and accountability.

Collection of Information

We collect only relevant information to support the care, education, and safeguarding of children, including:

  • Personal details (name, date of birth, address, parental contacts).

  • Medical information (allergies, medication, GP details).

  • Attendance and development records.

  • Safeguarding information (if required for child protection purposes).

Storage and Security

  • All records (paper and digital) will be stored securely.

  • Paper files are kept in locked storage, accessible only to authorised staff.

  • Digital records are password-protected.

  • Information is retained in line with legal retention periods, then securely destroyed.

Sharing Information

  • Information is shared with parents regarding their own child only.

  • Data may be shared with Ofsted, local authorities, or safeguarding professionals where legally required.

  • Parental consent will be sought for information sharing, unless a safeguarding concern requires otherwise.

  • We will never share personal data for marketing or third-party purposes.

Staff Responsibilities

  • Staff must respect confidentiality at all times, both inside and outside the setting.

  • Staff will not discuss children, families, or colleagues outside of professional contexts.

  • Mobile phones and personal devices must not be used to store or share setting information (see Mobile Phone & Camera Policy).

  • Breaches of confidentiality will be treated as a disciplinary matter.

Parental Rights

Parents have the right to:

  • Access records about their child.

  • Request corrections to inaccurate data.

  • Withdraw consent for data processing (where consent is the lawful basis).

  • Make a complaint to the Information Commissioner’s Office (ICO) if concerns are not resolved.

Safeguarding Exception

Where a child may be at risk of harm, information will be shared with the relevant agencies in line with our Safeguarding Policy and statutory duty to protect children.

Monitoring and Review

  • This policy is reviewed annually or sooner if guidance changes.

  • All staff receive training in confidentiality, safeguarding, and data protection.

  • Our Data Protection Lead ensures compliance with UK GDPR and EYFS standards.

Location

74 Andover Road

Orpington

BR6 8BN

Contact us

© 2024. All rights reserved.

Open Hours

Mon-Fri, 8:00-18:00

Phone

07768 852 246