Privacy Policy

Parent Nurture takes your privacy seriously, and in accordance with the General Data Protection Regulation (GDPR) we commit to the following:

As part of our role in working with you, we may be asking you for personal data about you and your child/ren, your company in order to deliver our services to you. The type of data we collect will depend on the services you have contracted us for.

We must have a legal basis for collecting this data, and there are six lawful bases:

1.       Consent:
The individual has given clear consent for us to process their personal data for a specific purpose.

2.       Contract:
The processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.

3.       Legal obligation:
The processing is necessary for us to comply with the law (not including contractual obligations).

4.       Vital interests:
The processing is necessary to protect someone’s life.

5.       Public task:
The processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

6.       Legitimate interests:
The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if we are a public authority processing data to perform our official tasks.)

We will be processing your data under the following bases: Contractual, Legitimate Interest and Consent.

Where we require consent, we will provide a way for you to actively decide what information you make available and how this is shared.

This information will be collected by Parent Nurture as part of our working relationship with you. We may ask for this data verbally or via email and record it either in handwritten paper form or digitally. We may need to review the data with you at regular intervals to ensure it remains up to date. Some data may be special-category “sensitive” data and will be handled accordingly.

The information we may require includes:

• Company details where necessary

• Child’s name
• Child’s date of birth
• Child’s age
• Child’s address
• Parents’ names, addresses, contact numbers
• Who has parental responsibility
• Emergency contact names, addresses and numbers
• Child’s doctor’s name and contact number
• Health clinic/health visitor
• Child’s NHS number
• Allergies/medical history/requirements
• Immunisation information
• Whether the child has any special educational needs or disabilities
• Ethnic group
• Religion
• Home language
• Specific information relating to any parenting issues linked to the services you have contracted from us, which may occasionally include photographs or video clips.

The exact data required will vary from client to client depending on the services you use.

Not all of the above data may be needed.

 

Data will only be used for the contracted purpose and will only be shared with others with your express permission unless we are legally required to share it—for example, in a child protection situation.

 

With your consent, data may be shared, when necessary, with:

• Other professionals supporting your child, such as childcare providers or healthcare professionals.
• The local safeguarding children’s board or Social Services Referral and Assessment Team if we have concerns about your child’s safety.
• Other parents  and businesses if a reference for our services is requested and provided.
• Testimonials or reference letters, which may be shared with clients or online, with identifying features removed unless you provide explicit consent to keep them in.

 

If you want to see a copy of the information we hold about you or your child, please contact us:

Parent Nurture
128 City Road,
London, Greater London. EC1V 2NX

hello@parent-nurture.com

 

We are required by law to keep certain information after we have stopped working together. Invoices and contractual information must be kept for 10 years in line with our local tax authority. Consultation notes must be retained for 7 years for insurance purposes, and incident or accident logs must be retained for 21 years and 5 months. After this period, all data will be securely destroyed.

 

Please see our Data Protection Policy below for more details on data sharing, safe storage and your rights.

 

Client Signature:


Date:

 

 

 

 

 

 

 

 

Data Protection Policy

To provide a quality service and comply with legislation, we must request information from clients about themselves, their company, their child and their family. Some of this will be personal data.

 

We take clients’ privacy seriously. Article 23 of the GDPR stipulates that we must only collect and hold data that is absolutely necessary for the completion of our duties and process it in accordance with the following seven principles:

 

1.       Lawfulness, fairness and transparency:
We must have a lawful reason for collecting personal data and must be clear about what data we are collecting and why.

2.       Purpose limitation:
We must only use the data for the purpose for which it was originally obtained and must not use it for unrelated purposes such as marketing.

3.       Data minimisation:
We must not collect more data than necessary and will only collect what is required to provide our services.

4.       Accuracy:
We will ensure data is accurate and ask clients annually to confirm that the information we hold is correct.

5.       Storage limitation:
We will only retain data for as long as is necessary to complete the tasks for which it was collected.

6.       Integrity and confidentiality:
We must protect personal data and ensure that all individuals who handle it do so securely.

7.       Accountability:
We will be able to demonstrate that we—and anyone working on our behalf—are complying with the law.

Procedure

We have implemented procedures to minimise data breaches and uphold the integrity of your data. We have determined the lawful bases that allow us to retain your data, as outlined in our privacy policy, and we record all necessary elements in a data register. All data processing activities are undertaken with GDPR principles in mind.

Once trading we will be registered with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection and privacy rights.

We expect clients to keep private and confidential any sensitive information they may learn about us or our team, unless it relates to a child protection concern.

We will request personal data about clients and their children in order to deliver the consultancy and childcare services we provide. This data is necessary for us to comply with our contractual obligations and to provide the highest level of service.

 

Storage

• Paper-based records are kept securely locked in our individual offices, or when travelling, kept on our person or in a secure location.
• Electronic data—including documents, cloud storage, and digital photos or videos—is stored securely on password-protected devices. Emails are encrypted.
• Backup files are stored on protected external hard drives or memory sticks, locked away when not in use.
• Firewall and virus protection software are in place.
• Sensitive data is securely stored and securely disposed of once the retention period has ended.

Clients have the right to inspect data records at any time. Records will be provided without delay and within one month of receiving a written request. We ask clients to regularly check their data and update it where necessary.

 

Information Sharing

Data will only be used for the contracted purpose and will only be shared with others with your express permission unless we have a legal obligation to share it—for example, safeguarding concerns or if the tax office requires copies of invoices showing client names and addresses.

With your consent, data may be shared, when necessary, with:

• Professionals supporting your child (childcare providers, health professionals.)
• The local safeguarding children’s board or Social Services if we have concerns for your child’s safety
• Companies or parents requesting references for our services.
• Testimonials or reference letters, with identifying details removed unless you consent to include them.

 

Record Keeping

We keep a data register outlining the data we collect, why it is collected, how it is stored, and how long it is retained.

 

Data Retention and Disposal

Some data must be retained for legal or contractual reasons.
• Tax authorities require us to keep contracts and invoices for 10 years.
• Consultation notes are retained for 7 years in line with insurer guidance.
• incident reports are retained for 21 years and 5 months.

Data is disposed of securely as soon as it is no longer required. Regular checks are made to ensure timely disposal.

 

Suspected breach

If we suspect that data has been accessed unlawfully, we will investigate promptly. GDPR requires breach notification where the breach is likely to result in a risk to an individual’s rights or freedoms. In such cases, we will notify affected parties immediately and report the breach to the Information Commissioner’s Office within 72 hours. We will keep a record of all breaches.

 

Your Rights

Clients have the following rights:

The right to be informed – provided through this privacy policy.
The right of access – you may request your data at any time; requests must be made in writing and will be completed within one month.
The right to rectification – you may correct inaccurate data.
The right to erasure – in certain circumstances, you may request for your data to be deleted.
The right to restrict processing – you may request that data is stored but not processed.
The right to object – including objections to data used for direct marketing.
The right to data portability – you may request that your data is transferred to another service provider.
Rights regarding automated decision-making and profiling.

 

More information about your rights can be found here:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

If you wish to make a complaint about how your data has been processed and cannot resolve the issue with us directly, you may contact the relevant supervisory authority:
UK: www.ICO.org.uk
France: www.CNIL.fr

 

For further clarification about this Data Protection Policy, please contact us.

 

 

Client Signature and Date:

Date policy written: 24.11.2025
Policy due for renewal: 23.11.2026

 

This policy supports the following safeguarding and welfare requirements:
England – Meeting the Early Years Foundation Stage Safeguarding and Welfare Requirements.

 

Data protection template provided by Pacey.org.uk in line with GDPR guidelines (25 May 2018)