The General Data Protection Regulation (“GDPR”) took effect across the European Union on 25th May 2018. It replaces the Data Protection Act 1998.
The GDPR is designed to harmonise data protection and privacy laws across the European Union. It brings about some changes in how businesses like Kinderly can use personal data relating to individuals and it provides individuals with more rights in relation to the use of their personal data.
We have implemented the following changes and actions in our commitment to being fully GDPR compliant:
Controller – “means the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
Processor – “means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller”
The organisations that determine the means of processing personal data are controllers, regardless of whether they directly collect the data from data subjects.
An early years practitioner choosing to use Kinderly to process the data provided to Kinderly by them makes them the Controller and Kinderly the Processor.
There are a lot of resources and information available which should help you navigate the new GDPR in the context of your early years setting. Here are some useful links to our partner PACEY as well as the NDNA – National Day Nursery Association and the ICO – Information Commissioner’s Office. You can also contact our Kinderly Support via live chat, email support@kinderly.co.uk if you have any specific questions around GDPR and Kinderly.
How is the relationship between Kinderly and an early years setting defined for the purpose of GDPR and the processing of data?
There are two key relationships that are defined in the GDPR: controllers and processors. As an early years childcare provider, it is important to understand this relationship to ensure compliance for your setting and when using software such as Kinderly.
According to the GDPR, Kinderly is considered as a processor and performs the role of processing data supplied by their customers – the early years setting or the parent, each of who is defined as the controller.
As the controller, the early years setting or the parent determines what personal data is provided and how and why that personal data is processed. As the processor, Kinderly processes that personal data in accordance with the instructions of the controller.
As a processor, we rely on our customer to ensure that there is a lawful basis for processing the personal data they provide. This is set out in our Terms of Use
In order to deliver our service, Kinderly may leverage other third-parties in the processing of personal data. These are commonly referred to as sub-processors. For example, Kinderly uses Stripe to process subscription payments, Rackspace to host data and Intercom for supporting our users. Kinderly is putting in place a contract with its sub-processors which will contain provisions required by GDPR.
We will not share your data with any companies for the purposes of marketing or any activities you have not given explicit consent to in our Terms of Use. Here is a list of current sub-processors:
The GDPR provides special protection for children’s personal data. If your organisation offers online services (‘information society services’) to children and relies on consent to collect information about them, then you may need a parent or guardian’s consent in order to process their personal data lawfully.
The GDPR sets the age when a child can give their own consent to this processing at 16 (although this may be lowered to a minimum of 13 in the UK). If a child is younger then you will need to get consent from a person holding ‘parental responsibility’. For more information on this go to the ICO section on Children
Kinderly uses a UK based data centre provided by the server hosting company Rackspace to store all the data. Rackspace is one of Kinderly’s sub-processors, as referred to above.
The data on Kinderly is stored by Rackspace. Rackspace have an equivalent of Tier 4 level uptime with the London data centre having a Critical Infrastructure Rating N+2.
For more information please go to:
There should be no interruption to your access to Kinderly or to the reports and information generated from data that you have input into Kinderly. We have always taken data protection very seriously but our GDPR updates just mean that your data is now even more secure. See above for the changes we are making to be compliant with the GDPR.
We will keep these registers and records for the period determined by best practice in the education sector or as determined by law.
We are awaiting guidelines and further clarification from the ICO specific to the childcare sector and will update this section accordingly.
We will keep these registers and records for the period determined by best practice in the education sector or as determined by law. We are awaiting guidelines and further clarification from the ICO specific to the childcare sector and will update this section accordingly.
In accordance with the GDPR, Kinderly will, within a reasonable period. securely delete, destroy or, if directed in writing, return the users personal data which is in our possession or control unless a copy of the data is required for any applicable legal, regulatory or government reasons. Please refer to our Terms for more information.
In line with GDPR, Kinderly has updated its procedures to ensure that it is easier for you to access your data and to review and amend it. Please contact support@kinderly.co.uk with any requests around data portability.
Who should I contact if I need more help with the data stored with Kinderly?
Please email support@kinderly.co.uk or contact us via the live chat facility on the admin dashboard.