NoodleNow! GDPR Policy as from 23rd Nov 2023
NoodleNow! is committed to the General Data Protection Regulation (GDPR) and the protection of personal data, in line with the GDPR collection, usage, storage and security requirements.
This policy implements the requirements by all our staff to be GDPR compliant.
This policy applies to all our staff including the managing director.
NoodleNow is the Controller.
NoodleNow! collects and uses personal information relating to nurseries, including their managers and staff – names, telephone numbers, addresses, e mail addresses and setting’s addresses.
All personal data is handled with GDPR compliance to legal requirements.
It is important all NoodleNow! staff understand the key definitions.
This is Information that relates to a real person.
This refers to Part/Full Time with/without contracts and temporary employees
This refers to the person/ joint persons/ organisation who determines the purposes and the processing of personal data.
This refers to another organisation involved in the use/transfer of the personal data – this is not applicable to NoodleNow! – We do not transfer information to a third party.
Contact is made to hospitality and educational organisations and private customers.
Identifiable Natural Person
We identify a natural person using name and location factors.
This is the individual to whom the personal data refers.
This is the indication of the Data Subject’s choice and wishes, which is shown by a clear action, that shows their agreement for their Personal Data to be processed.
This is the person/persons, or organisation, that processes personal data on behalf of the Data Controller.
This is the collecting, recording, storing, erasure of personal data, automatically or otherwise.
Personal data is stored on hard copies in secure files and in electronic files.
Personal data no longer used for a specified purpose will be shredded.
Personal Data Breach
This is the unlawful loss, destruction, unauthorised disclosure of personal information.
How Will Our Policy Be Monitored?
All our staff who collect and process personal information will understand the requirements of the GDPR and the need for compliance.
Meetings will be held, minuted and electronically/manually filed, so the whole team has a clear understanding.
Staff must be aware of The Six Principles:
Lawfulness, Fairness and Transparency
Personal data will be processed lawfully (purposeful), fairly (the process should be the same as communicated to the Data Subject and transparently (the Data Subject knows what processing will occur).
The purpose of dealing with data will be clearly specified and restricted to that use.
Only data required will be stored.
Personal data will be accurate and up to date. Procedures will be in place to identify unneeded data.
Data will only be stored for the time required for the purposes specified.
Integrity and Confidentiality
Security of the data will be maintained at all times.
NoodleNow! is responsible for the data and will be able to show compliance.
NoodleNow! will show that all 6 Principles are adhered to when collecting, holding and storing data.
Data Collection: Data Sources
NoodleNow! collects personal information from private customers and various organisations; managers and their staff.
Data Subject Consent
Consent will be received by customers sending us their personal information.
Data Subject Notification
NoodleNow! notifies all data subjects that their personal information is being used and for what purpose.
Data Use: Data Processing
NoodleNow! processes personal data for the following reasons:
NoodleNow! processes data to create:
personal user accounts
methods of communication between NoodleNow! and their clients
This information is collected via telephone, e mail, social media and website.
If the personal data is sensitive then this will be identified and the data subject will consent to this data.
NoodleNow! will ensure the quality of the personal data by keeping it accurate and up to date.
NoodleNow! will not hold data for longer than is necessary to fulfil the purpose specified.
If hard copies are held and no longer used then they will be shredded.
Only those staff members authorised will access personal data.
Passwords lock the computers.
The Data Processors will work under instruction from the Data Controller.
Any data used for different reasons will be processed separately.
Any data transfer must be given consent by the data subject.
Any breaches will be reported to the Managing Director and treated seriously.
A breach may be the result of theft, equipment failure or accidental loss.
This policy is available for all staff.
There are 4 stages when considering managing a breach:
Containment and Recovery – A recovery plan would be set in motion and an aim for damage limitation.
Assessing the Risks – In response to the breach, a risk assessment would be
carried out to note the risk to the person/persons or business.
Notification of Breaches – Relevant people would be notified of any breach in
Evaluation and Response – Any breach would be fully investigated and systems
reviewed, along with the policies and procedures.
The requirements of this policy are mandatory for all NoodleNow! managers and staff.
Last Reviewed: January 2022
NoodleNow! is committed to ensuring the security and protection of the personal information that it processes and to provide a compliant and consistent approach to Data Protection.