Legal Notice
Data Protection and Information Policy.
Integrating Best Practice Standards
To ensure robust and comprehensive protection of personal data, the Nurture Den Data Protection Policy incorporates each of the areas outlined in the Information Policy Requirements document.
Below is how these areas are actively implemented into our setting:
- Information Breach Process: Nurture Den maintains clear procedures for identifying, reporting, managing, and resolving data breaches, including prompt notification and thorough documentation, as detailed in the policy.
- Privacy Management: All personal data is processed lawfully, fairly, and transparently, with regular reviews to ensure privacy standards are upheld.
- Physical Security: Access to physical records and devices is restricted to authorised staff, with secure storage and monitoring.
- Data Subject Rights: Individuals are informed of their rights under UK GDPR, including access, rectification, and erasure of data, and the club ensures these rights are respected.
- Security Classification: Data is classified according to sensitivity and handled appropriately, with confidential information given enhanced protection.
- Retention and Destruction: Data is retained only for as long as necessary, in line with legal and operational requirements, and securely destroyed when no longer needed.
- Equipment Security: Staff are trained in safe handling of club equipment, and digital devices are password-protected and regularly updated.
- Asset Management: All information assets are logged and tracked, ensuring accountability and reducing risk of loss or misuse.
- Removable Media: Use of USB drives and other removable media is restricted and monitored, with guidelines for secure use and disposal.
- Email (including secure email): Staff use secure email platforms and follow protocols to protect sensitive information during electronic communications.
Information Management
- Accessibility: Role-Based Access Control, Data is accessible only to those who need it, supporting efficient operations while protecting privacy.
- Data Quality: Regular audits ensure that personal data is accurate and up to date.
- Acceptable Personal Use: Clear guidelines are provided for staff on acceptable use of club resources and information.
- Use of Collaboration Sites/Federated Online Services: Staff follow best practices for secure collaboration, using approved platforms to share and manage information.
Data sharing is guided by the Caldicott principles, always prioritising confidentiality and necessity.
- Protective Measures: Technical controls such as encryption, firewall, and access management are implemented to further secure data.
Supplier Assurance Standards
- Software as a Service (SaaS): Nurture Den selects SaaS providers such as Bookaby our online booking platform who meets recognised standards for data security and compliance.
- Certifications: Whenever possible, suppliers systems obtain certifications (such as Cyber Essentials) to demonstrate adherence to best practice security frameworks.
By embedding these requirements into the data protection policy and data operations, Nurture Den ensures the highest standards of data security, transparency, and compliance for families, children, and staff.
Procedures for Managing Personal Data Breaches
Nurture Den has established clear written procedures designed to identify, report, manage, and resolve any incidents involving personal data breaches.
These procedures ensure a prompt and effective response should a breach occur, safeguarding the personal information of children, families, and staff.
All staff members are required to adhere to these procedures to maintain the integrity and security of personal data.
In the event of a suspected or confirmed data breach, staff must follow the official reporting process as set out by the club. This includes immediate notification to the designated manager, thorough documentation of the breach, and cooperation in any actions necessary to contain and mitigate potential risks. Steps will be taken to resolve the breach efficiently, with measures implemented to prevent recurrence and protect all affected individuals.
Nurture Den will work diligently to ensure all necessary information is provided promptly and that reporting obligations under UK GDPR are met in a timely manner. This collaborative approach helps to safeguard the rights of individuals and ensures compliance with regulatory requirements.
Safeguarding Personal Data for Families and Staff
This policy outlines the procedures and standards for processing personal data of children, families, and staff involved in Nurture Den Holiday Club.
Our commitment is to uphold the highest standards of confidentiality and data protection, complying fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Scope
This policy applies to all personal data collected and processed by Nurture Den, including information about children, their families, and staff members. Data may include names, contact details, medical information, emergency contacts, and employment records.
Data Collection and Usage
- Personal data is collected only for legitimate club purposes, such as registration, safeguarding, communication, and staff management.
- Data shall be processed lawfully, fairly, and transparently, ensuring that individuals are informed about how their information will be used.
- Only data that is strictly necessary for club operations will be collected and retained.
Safeguarding Children’s Data
Special care is taken when handling children’s data. Consent from parents or guardians is required for processing children’s personal information. This is likely to include child records, photographs, parental contact details, emails, accident and incident forms,name, email address, phone number, and other details provided through online or paper registration or contact forms.
Staff are trained in safeguarding and data protection best practices to ensure children’s privacy is always respected.
Whether the information is stored electronically or entirely on paper, the GDPR still applies.
Staff Data
- Staff data is processed for recruitment, employment, payroll, appraisal and safeguarding checks.
- Access to staff records is restricted to authorised personnel only.
Data Security
All personal data is stored securely, with access limited to those who need it for their role. Digital records are password-protected, and paper records are kept in locked cabinets. We regularly review our security measures to protect against unauthorised access, loss, or theft.
- Store personal data in locked cabinets with restricted access. It is advisable to maintain a log detailing who has accessed the information and at what time.
- Use robust passwords on all devices used to access personal data, including phones, laptops, tablets, terminals, and servers.
- Encourage staff, management, and parents/carers to protect their phones, tablets, and laptops with password locks. They should also set strong passwords for accessing any other systems containing personal information.
- Configure devices such as terminals and laptops to automatically lock the screen and require a fresh login if left unattended for a set period.
- Position screens so that they cannot be easily viewed by unauthorised individuals.
- Assess and implement appropriate access controls for our premises.
- Limit the collection and retention of personal data to only what is necessary to deliver our services and comply with Ofsted regulations.
Ensure that staff and volunteers are granted access only to the information required for them to perform their specific role
Responding to Data Requests
Individuals have the right to request access to their data, rectify inaccuracies, or restrict processing. Procedures are in place to respond promptly to requests from families, staff, or external bodies such as ECC, including requests to restrict the processing of specific personal data.
Retention and Disposal
Personal data is retained only for as long as necessary for club operations and legal requirements. Data no longer needed is disposed of securely, either by shredding paper records or permanently deleting electronic files.
Policy Review
This policy will be reviewed annually, or sooner if there are changes to relevant legislation or Nurture Den procedures.
All staff and volunteers are required to read and adhere to this policy.
Name: Akosia Nkrumah Position: Director Date: 12/02/26
Signed:
Address
Boreham Scout & Guide HQ, Main Rd,
Boreham, Chelmsford, Essex CM3 3JD
Contact
More Links
Head Office (Correspondence Address) : Office 6119, 321-323 High Road, Chadwell Heath, Essex, RM6 6AX
© 2026 Nurture Den