Privacy and Data Protection Policy

  • Home
  • Privacy and Data Protection Policy

Caroline Elizabeth Evans

Privacy Policy

I take your privacy seriously, and in accordance with the General Data Protection Regulation I commit to the following: As part of my role in working with you I will be asking you for personal data about you and your child/ren in order to deliver my services to you. The type of data I collect will very much depend on the services you have contracted me for. I must have a legal basis for collecting this data, and there are six lawful bases:

  • Consent:

The individual has given clear consent for me to process their personal data for a specific purpose.

  • Contract:

The processing is necessary for a contract you have with me, or because they have asked me to take specific steps before entering into a contract.

  • Legal obligation:

The processing is necessary for me to comply with the law (not including contractual obligations).

  • Vital interests:

The processing is necessary to protect someone’s life.

  • Public task:

The processing is necessary for me to perform a task in the public interest or for my official functions, and the task or function has a clear basis in law.

  • Legitimate interests:

The processing is necessary for my legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.) I will be processing your data under the following bases: Contractual, Legitimate Interest and Consent. Where I require consent, I will provide a way for you to positively make a decision about the information that you make available and how this is shared.     This information will be collected by me, Caroline Evans, as part of my working relationship with you. I will be asking for this data either verbally or via email and recording it either in hand written paper form or digitally. I may need to review the data with you at regular intervals to make sure that it is up to date. The data will be collected in order to fulfil my contractual obligations to you. Some of the data may be special category “sensitive” data and will be handled accordingly. The information that I may require will be:

  • Child’s name
  • Child’s date of birth
  • Child’s age
  • Child’s address
  • Parents’ names, addresses, contact numbers
  • Who has parental responsibility for the child
  • Emergency contact names, addresses and contact number
  • Child’s doctor’s name and contact number
  • Health clinic/health visitor
  • Child’s NHS number
  • Any allergies/medical history/ requirements
  • Information about immunisations
  • Whether the child has any special educational needs or disabilities
  • Ethnic group
  • Religion
  • Home language
  • Specific information pertaining to any parenting issues that you are facing in relation to the services that you have contracted from me, at times this may include photographs or video clips. For example those clients using my consultancy service would not be required to share with me Emergency contact details however if I was acting in Loco Parentis then these would be required. With your consent data may be shared, when necessary, with the following people: 
  • The data will only be used for the contracted purpose and will only be shared with others with your express permission unless there is a legal obligation for me to share any of the date with a third party – for example a child protection issue.
  • Not all of the above data may be needed.
  • The data I require will vary from client to client and will be dependent on the services that you use.
  • Other professionals supporting your child, for example your childcare provider, health care professionals etc.
  • The local safeguarding children’s board or Social Services Referral and Assessment Team if I ever have any concerns about the safety of your child.
  • Contact details may be shared with agencies and/or other parents to receive a reference for my services with your express consent.
  • Written testimonials / letters of reference may be shared with clients and online (website etc) with any identifying features removed (names etc) unless I have your express consent to keep them in.

If you want to see a copy of the information I hold about you or your child then please contact me - Tel: 0044 7708 108371 Email: caroline@carolineelizabethevans.com I am required by law to keep some information after we have stopped working together. I am required to retain invoices and other contractual information for 10 years in line with my local tax organization. I am required to keep consultation notes for 7 years for insurance purposes and incident or accident logs I am legally obliged to retain for 21 years and 5 months. After this time all data will be securely destroyed. Please see my data protection policy below for further information on data sharing, safe storage and your rights to access your data.  

Data Protection Policy

  In order to provide a quality service to you and comply with legislation, I will need to request information from clients about themselves, their child and family. Some of this will be personal data.   I take clients privacy seriously. Article 23 of the General Data Protection Regulation (GDPR) stipulates that we must only collect and hold data that is absolutely necessary for the completion of our duties and processed in accordance with the seven principles below:

  • I must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. I will be clear about what data I am collecting, and why.
  • I must only use the data for the reason it is initially obtained. This means that I may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.
  • I must not collect any more data than is necessary. I will only collect the data I need to hold in order to do the job for which I have collected the data.
  • I will ensure that the data is accurate, and ask parents to check annually and confirm that the data held is still accurate.
  • I will not keep data any longer than needed. I must only keep the data for as long as is needed to complete the tasks it was collected for.
  • I must protect the personal data. I am responsible for ensuring that I and anyone else charged with using the data, processes and stores it securely. 
  • I will be accountable for the data. This means that I will be able to show how I (and anyone working with me) am complying with the law.

Procedure (how I put the statement into practice) The GDPR recognizes the need for compliance and accountability and as such I have put procedures in to place to minimize data breeches and uphold the integrity of your data. I have determined which of the lawful basis allow me to retain your date as outlined in my privacy policy and I am recording all the necessary elements in a data register. All data processing activities are now undertaken with these aspects in mind. I have registered with the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. I expect clients to keep private and confidential any sensitive information they may accidentally learn about me or my family, unless it is a child protection issue. I will be asking clients for personal data about themselves and their child/ren in order to deliver the consultancy and childcare services I provide. This Data is necessary for me to comply with my contractual obligations and to provide the best possible service. Storage I will keep all paper-based records securely locked in my office or when travelling they will be kept on my person or in a secure location. Data kept electronically on my computer, externally or in cloud storage and on my smart phone, including digital photos or videos will be stored securely. My devices will be password protected and emails will be encrypted. You may wish to check that the data that you send to me is also sent securely, when returning my questionnaire for example which may contain sensitive data. Backup files will be stored on protected external hard drives or memory sticks, which I will lock away when not being used. Firewall and virus protection software are in place. Sensitive data will be stored securely and disposed of securely as soon as the retention period ends. Clients have the right to inspect the data records I keep at any time. They will be provided without delay and no later than one month after the request, which should be made in writing. I will ask clients to regularly check that the data is correct and update it where necessary. Information sharing The data will only be used for the contracted purpose and will only be shared with others with your express permission unless there is a legal obligation for me to share any of the date with a third party – for example a child protection issue, or the tax office may request copies of my invoices in which case will have access to your name and address. With your consent date may be shared, when necessary, with the following people:

  • Other professionals supporting your child, for example your childcare provider, health care professionals etc.
  • The local safeguarding children’s board or Social Services Referral and Assessment Team if I ever have any concerns about the safety of your child.
  • Contact details may be shared with agencies and/or other parents to receive a reference for my services with your express consent.
  • Written testimonials / letters of reference may be shared with clients and online (website etc) with any identifying features removed (names etc) unless I have your express consent to keep them in.

Record keeping I keep a data register which outlines the data I collect, why it is collected, how it is stored and how long this data is retained for. Certain personal data is retained during my accounting process. For my childcare services: I record all accidents on an appropriate form. The appropriate organisations will be informed of any serious incident. I will only share information if it is in a child’s best interests to do so. For example in a medical emergency I will share medical information with a healthcare professional. If I am worried about a child’s welfare I have a duty of care to follow the Local Safeguarding Children Board procedures and make a referral. Where possible I will discuss concerns with you before making a referral. Data retention policy and Safe disposal of data Some of the data I collect needs to be retained for a set period of time for legal or contractual reasons. The local Tax authority requires me to keep contracts and invoices for 10 years and consultation notes are retained for 7 years in line with the advice from my insurer. Accident or incident reports are retained for 21years and 5 months in line with current guidelines. Data will be disposed of in a secure manner as soon as it is no longer required (usually straight into the wood burning stove!) Regular checks will be made to dispose of data. Suspected breach If I suspect that data has been accessed unlawfully, this will be investigated with due diligence and in a timely fashion. GDPR stipulates that if a breech has occurred breach notification is mandatory where the data breach is likely to “result in a risk for the rights and the freedoms of individuals”. Where this is the case I will inform the relevant parties immediately and report to the Information Commissioner’s Office within 72 hours. I will keep a record of any data breach. Your Rights   The right to be informed – this is what my privacy policy is for and why it is written in simple language. Should you need further clarifications on any part of these polices please do not hesitate to get in touch. The right of access to personal data through subject requests – this means that you have the right to see the data that I collect about you and I will provide this as soon as possible, this time frame should not exceed 1 month. Any request to see the data must be made in writing. The right to rectification – you have a right to correct inaccurate personal data. The right to erasure – this means that in certain cases you have the right to request that your data be erased should you feel it is no longer necessary for me to keep it, if you withdrawn consent or you feel the data has been unlawfully processed. You can exercise your right to erasure if there is no overriding reason for me to keep such data (including but not limited to the data retention periods for contractual / legal reasons). The right to restrict processing – in certain circumstances a client may request that the data is no longer processed, but the data is still retained. The right to object – in certain circumstances you have the right to object to data processing, in particular in relation to direct marketing. Your objection can be made verbally or in writing. The right to data portability – you have the right to request to move data from one service provider to another. Rights related to automated decision making including profiling More detailed information on your rights can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ Should you wish to make a complaint regarding the way your data is collected or processed and are unable to come to a satisfactory conclusion with myself you can contacting my supervising body. In the UK this is www.ICO.org.uk and in France www.CNIL.fr For any further clarifications on this Data Protection policy do not hesitate to contact me.   Date policy written: 24.05.2019 Policy due for renewal: 24.05.2020 This policy supports the following safeguarding and welfare requirements: In England - Meeting the Early Years Foundation Stage Safeguarding and Welfare Requirements. Data protection template provided by Pacey.org.uk in line with current GDPR guidelines 25 May 2018COOKIE POLICY  Last updated 08/01/2022  INTRODUCTIONHello! This website uses the bare minimum of cookies for functionality and to analyze site traffic data. Carolineelizabethevans.com(“we” or “us” or “our”) may use cookies, web beacons, tracking pixels, and other tracking technologies when you visit our website www.carolineelizabethevans.com, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “Site”) to help customize the Site and improve your experience.  We reserve the right to make changes to this Cookie Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Cookie Policy. Any changes or modifications will be effective immediately upon posting the updated Cookie Policy on the Site, and you waive the right to receive specific notice of each such change or modification.  You are encouraged to periodically review this Cookie Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Cookie Policy by your continued use of the Site after the date such revised Cookie Policy is posted.  This cookie policy was created using Termly. USE OF COOKIES A “cookie” is a string of information which assigns you a unique identifier that we store on your computer. Your browser then provides that unique identifier to use each time you submit a query to the Site. We use cookies on the Site to, among other things, keep track of services you have used, record registration information, record your user preferences, keep you logged into the Site, facilitate purchase procedures, and track the pages you visit. Cookies help us understand how the Site is being used and improve your user experience.  TYPES OF COOKIESThe following types of cookies are usually used when you visit the site: Analytics CookiesAnalytics cookies monitor how users reached the Site, and how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.  Other cookies that may be used when you visit the site: Advertising Cookies.Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.  Our CookiesOur cookies are “first-party cookies”, and can be either permanent or temporary. These are necessary cookies, without which the Site won't work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Site. Personalization CookiesPersonalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Site.  Security CookiesSecurity cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties. Site Management CookiesSite management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser. Third-Party CookiesThird-party cookies may be place on your computer when you visit the Site by companies that run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.  CONTROL OF COOKIESMost browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.  For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies.In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Site to help customize the Site and improve your experience. A “web beacon” or “pixel tag” is tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages and viewed emails, and acquire other statistical data. They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined. However, you can limit their use by controlling the cookies that interact with them. PRIVACY POLICYThis Cookie Policy is part of and is incorporated into our Privacy Policy. By using the Site, you agree to be bound by this Cookie Policy and our Privacy Policy. CONTACT USIf you have questions or comments about this Cookie Policy, please contact us at:caroline@carolineelizabethevans.com

Cookie Settings