NoodleNow! GDPR Policy as from 23rd Nov 2023

Introduction

NoodleNow! is committed to the General Data Protection Regulation (GDPR) and the protection of personal data, in line with the GDPR collection, usage, storage and security requirements.

This policy implements the requirements by all our staff to be GDPR compliant.

This policy applies to all our staff including the managing director.

NoodleNow is the Controller.

NoodleNow! collects and uses personal information relating to nurseries, including their managers and staff – names, telephone numbers, addresses, e mail addresses and setting’s addresses.

All personal data is handled with GDPR compliance to legal requirements.

Key Definitions

It is important all NoodleNow! staff understand the key definitions.

Personal Data

This is Information that relates to a real person.

Employee

This refers to Part/Full Time with/without contracts and temporary employees

Data Controller

This refers to the person/ joint persons/ organisation who determines the purposes and the processing of personal data.

Third Party

This refers to another organisation involved in the use/transfer of the personal data – this is not applicable to NoodleNow! – We do not transfer information to a third party.

Contact

Contact is made to hospitality and educational organisations and private customers.

Identifiable Natural Person

We identify a natural person using name and location factors.

Data Subject

This is the individual to whom the personal data refers.

Consent

This is the indication of the Data Subject’s choice and wishes, which is shown by a clear action, that shows their agreement for their Personal Data to be processed.

Data Processors

This is the person/persons, or organisation, that processes personal data on behalf of the Data Controller.

Processing

This is the collecting, recording, storing, erasure of personal data,  automatically or otherwise.

Personal data is stored on hard copies in secure files and in electronic files.

Personal data no longer used for a specified purpose will be shredded.

Personal Data Breach

This is the unlawful loss, destruction, unauthorised disclosure of personal information.

How Will Our Policy Be Monitored?

All our staff who collect and process personal information will understand the requirements of the GDPR and the need for compliance.

Meetings will be held, minuted and electronically/manually filed, so the whole team has a clear understanding.

Staff must be aware of The Six Principles:

1. Lawfulness, Fairness and Transparency

Personal data will be processed lawfully (purposeful), fairly (the process should be the same as communicated to the Data Subject and transparently (the Data Subject knows what processing will occur).

2. Purpose Limitation

The purpose of dealing with data will be clearly specified and restricted to that use.

3. Data Minimisation

Only data required will be stored.

4. Accuracy

Personal data will be accurate and up to date. Procedures will be in place to identify unneeded data.

5. Storage Limitation

Data will only be stored for the time required for the purposes specified.

6. Integrity and Confidentiality

Security of the data will be maintained at all times.

Accountability

NoodleNow! is responsible for the data and will be able to show compliance.

NoodleNow! will show that all 6 Principles are adhered to when collecting, holding and storing data.

Data Collection: Data Sources 

NoodleNow! collects personal information from private customers and various organisations; managers and their staff.

Data Subject Consent 

Consent will be received by customers sending us their personal information.

Data Subject Notification

NoodleNow! notifies all data subjects that their personal information is being used and for what purpose.

Data Use: Data Processing

NoodleNow! processes personal data for the following reasons:

NoodleNow! processes data to create:

• personal user accounts

• administration accounts

• methods of communication between NoodleNow! and their clients

This information is collected via telephone, e mail, social media and website.

If the personal data is sensitive then this will be identified and the data subject will consent to this data.

Data Quality

NoodleNow! will ensure the quality of the personal data by keeping it accurate and up to date.

Data Retention 

NoodleNow! will not hold data for longer than is necessary to fulfil the purpose specified.

If hard copies are held and no longer used then they will be shredded.

Data Protection 

Only those staff members authorised will access personal data.

Passwords lock the computers.

The Data Processors will work under instruction from the Data Controller.

Any data used for different reasons will be processed separately.

Data Transfers 

Any data transfer must be given consent by the data subject.

Breaches 

Any breaches will be reported to the Managing Director and treated seriously.

A breach may be the result of theft, equipment failure or accidental loss.

This policy is available for all staff.

There are 4 stages when considering managing a breach:

1. Containment and Recovery – A recovery plan would be set in motion and an aim for damage limitation.

2. Assessing the Risks – In response to the breach, a risk assessment would be

carried out to note the risk to the person/persons or business.

3. Notification of Breaches – Relevant people would be notified of any breach in

security.

4. Evaluation and Response – Any breach would be fully investigated and systems

reviewed, along with the policies and procedures.

The requirements of this policy are mandatory for all NoodleNow! managers and staff.

Last Reviewed: January 2022

Compliance Statement:
NoodleNow! is committed to ensuring the security and protection of the personal information that it processes and to provide a compliant and consistent approach to Data Protection.