Services for Young Children (SfYC) - Early Years Education (EYE) and Funding (Provider)

Privacy Notice

Why do we collect and use this information?

Hampshire County Council is the Data Controller for the purpose of collecting and using information from you as a provider and about your Early Years Education Setting(s) to fulfil our statutory functions around the provision of early education and childcare, including early years education funding, setting the standards for learning, development and care for children from birth to five and the eligibility, application and validity checking processes for childcare funding. We will also collect information in support of our functions to make payments and other administrative arrangements in relation to the early years education funding.

We collect information about you/your setting to register you as a provider of the early years education funding or as an Ofsted registered early years provider for publication. We may also receive information about you as you claim for funding on behalf of children attending your setting and information about your details to calculation your provision’s early years education funding hourly rate. We also hold this personal data securely and use it to:

  • register providers to deliver the early years education funded universal and extended entitlements
  • publish information about childcare including the free entitlements
  • provide information, advice, guidance and training for new providers and providers judged less than good in their latest Ofsted report
  • provide information, advice, guidance and training for all early years and childcare providers including employees and prospective providers
  • undertake scheduled and ad-hoc data collections and surveys
  • make early years education funding payments
  • support administration and setting of funding arrangements
  • contribute to wider Local Authority statutory duties in support of individual’s education and welfare; and
  • ensure compliance with our obligations under the accuracy principle of the General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your family are up to date.

MRI Software is a data processor for this information for the purpose of delivering a contract to the Local Authority around the hosting and supporting of the MRI Software system. The Local Authority uses the MRI Software system to store the information provided to us, as identified under this privacy notice. This includes accessing the MRI Software system to fix any technical issues to ensure the system is fit for use.

People Places Lives Ltd (PPL) is a data processor for information about childcare for the purpose of delivering a contract to the Local Authority around the hosting and supporting of the PPL system. The Local Authority uses the PPL system to store information provided to us about a childcare setting to deliver our statutory duty around publishing information on childcare options within Hampshire. This includes accessing the PPL system to fix any technical issues to ensure the system is fit for use.

For surveys only - Snap Surveys Limited and Snap Surveys NH, Inc is a data processor for this information for the purpose of delivering a contract to the Local Authority around the hosting and supporting of the Snap Survey system. The Local Authority uses Snap Survey to collect information provided to us, as identified under this privacy notice. Snap Surveys Limited and Snap Surveys NH, Inc will not disclose our Survey Data to anyone else, unless they are required to do so by law. Snap Surveys Limited and Snap Surveys NH, Inc privacy policy

The following sections provide further detail around the information we process setting out what allows us to do this (lawful basis), who we may share it with, how long we keep it for, alongside identifying any rights you may have and who to contact if you think we’re not handling your information in the right way.

The categories of information that we collect, hold and share

We collect different types of Personal Data and Special Category Data depending on the activity being undertaken.

For approving providers to make early years education funding payments to providers (group settings and childminders) we process:

  • name of provider
  • bank details of provider; and
  • email address of provider for sending remittance advice

For providing information, advice, guidance and training including access to the SfYC Moodle, webinars, regular contact through the SfYC Provider bulletin, sharing and completion of surveys, social media (Facebook) to ensure providers are meeting the requirements of the Early Years Foundation Stage, meeting the needs of children with special educational needs and disabilities, vulnerable/disadvantaged children; and operating effective safeguarding and child protection policies and practice, we process:

  • training needs of individual staff members
  • operational and business sensitive information about the provider; and
  • name of contact and email addresses for communicating

The lawful basis on which we use this information

We collect and use the information ensuring that we comply with the UK General Data Protection Regulation (UKGDPR) and Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(e) - the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • Article 9(2) (g) – Necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures; and
  • Sch.1, Pt.2, 1 - Substantial public interest conditions, for processing under the DPA2018.

These articles under the UKGDPR and Data Protection Act (2018) are supported by the following specific legislation:

  • Section 2 of the Childcare Act 2016
  • Sections 6, 7, 7A, 8, 9A, 12, 13, 18.20, 34(1), 34(2), 46(1), 46(2) and 40 of the Childcare Act 2006
  • Early Years Foundation Stage (Exemptions from Learning and Development Requirements) Regulations 2008 (SI 2008/1743, as amended by SI 2012/2463)
  • Part 3 of the Children and Families Act 2014
  • The Equality Act 2010
  • The School and Early Years Finance (England) Regulations
  • Section 8 of the Education Act 1996 and the Education (Start of Compulsory School Age) Order 1998 (SI 1998/1607); and
  • Section 22 of the Children Act 1989

Under this lawful basis we do not require your consent to process this information but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.

Please note that no automated decision making occurs for any parts of these activities controlled by the County Council. The County Council does use profiling in the delivery of this service but only in support and delivery of identified groups under statutory guidance.

Storing and securing data

The information you provide for all of the activities identified in this privacy notice will be held on the Local Authority MRI Software system. The information held within MRI Software will be kept for 6 years following closure of the provider and then disposed of as appropriate. The Local Authority MRI Software system is hosted by MRI Software in secure UK based data centres. No information leaves the European Economic Area (EEA) and the information is encrypted when in transit between Local Authority users and the data centre the information is hosted within.

Correspondence and communications received (such as emails from the settings owner or manager) will be scanned (if paper based) to create an electronic record and will be stored within the Local Authority Document Management System (DMS), with the paper version being destroyed. The file will be linked to the record created in MRI Software by the use of a reference identifier. Information obtained from SNAP surveys will also be stored within the DMS systems. The information held within the Local Authority DMS will be kept in line with our retention schedule and then deleted as appropriate. The Local Authority DMS is hosted by the Local Authority in secure UK based data centres, which are on site. No information leaves the European Economic Area (EEA).

The Local Authority takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:

  • prevented from being accidentally or deliberately compromised
  • accessed, altered, disclosed or deleted only by those authorised to do so
  • accurate and complete in relation to why we are processing it
  • continually accessible and usable with daily backups; and
  • protected by levels of security ‘appropriate’ to the risks presented by our processing

The Local Authority also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Who do we share information with?

We do not share information with anyone unless there is a lawful basis that allows us to do so.

Depending on the individual circumstances of each situation, we may have to share this information with other teams within the Local Authority and Borough/District Councils to fulfil other duties and powers to support our work. These might include our Children Missing Education (for ensuring the provision of full time education); Borough/District Councils (for childminder food registration); Data Protection Team (for personal data incidents); Admissions (for ensuring every child can apply for a school place); Virtual School (for support of children looked after); and/or Social Care teams (supporting welfare, safeguarding and corporate parent functions). We may also share information through the Local Authority role in the Hampshire Safeguarding Children Partnership (HSCP) to comply with their statutory duties.

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or your child(ren)’s, please contact the Children’s Services Department’s Subject Access Request (SAR) Team.

You also have the right to:

  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by solely automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

Please note that under the GDPR, there is also a right to erasure but the right to erasure does not provide an absolute ‘right to be forgotten’. Where the data being processed is for the purpose of ‘complying with a legal obligation for the performance of a public interest task or exercise of official authority’ (Article 6(1)(e))’, this right does not apply.

Contact details

If you would like more information about these services visit our Childcare and early years pages.