Early Years Solutions: - 'Earlyyearssolutions.com'
Our contact details
Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
Phone Number: 01872 330030
The type of personal information we collect
We currently collect and process the following information:
· Email address
· Mobile number
· Registration number
· ‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data
How do we get personal information, and why do we have it?
All the personal information we process is provided to us directly by you for one of the following reasons:
· To register on the earlyyearssolution.com for completing e-learning and training
· To attend updates on the topic
· To participate in live classes
· To participate in discussions
· To provide your feedback
We use the information that you have given us to
1) Send link to live classes
2) Send updates on the relevant topics
3) Answer any queries you might have
We follow the following seven key principles in processing personal data.
“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
Lawful basis for processing
☐ We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis (or bases) for each activity.
☐ We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable and less-intrusive way to achieve that purpose.
☐ We have documented our decision on which lawful basis applies to help us demonstrate compliance.
☐ We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
☐ Where we process special category data, we have also identified a condition for processing special category data and have documented this.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent.
You can remove your consent at any time. You can do this by contacting us at email@example.com or using the contact us page on the website: earlyyearssolution.com
(a) Legitimate interest:
☐ We have checked that legitimate interests is the most appropriate basis.
☐ We understand our responsibility to protect the individual’s interests.
☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
☐ We have identified the relevant legitimate interests.
☐ We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
☐ We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
☐ We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
☐ We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
☐ We do not process children’s data, special category data or criminal offence data.
☐ We have considered safeguards to reduce the impact where possible.
☐ We have considered whether we can offer an opt out.
☐ If our LIA identifies a significant privacy impact, we have considered whether we also need to conduct a DPIA.
☐ We keep our LIA under review and repeat it if circumstances change.
☐ We include information about our legitimate interests in our privacy information.
1.Limit the information You provide: You always have an option to choose the information You provide to us, including the option to update or delete Your information. However, please note that lack of certain information may not allow You access to the Platform or any of its features, in part or in full. For example: information required for Your registration on the Platform.
2.Limit the communications You receive from us: Further, You will also have the option to choose what kind of communication You would like to receive from us. However, there may be certain communications that are required for legal or security purposes, including changes to various legal agreements, that you may not be able to limit.
3) Reject Cookies and other similar technologies: You may reject or remove cookies from Your web browser; You will always have the option to change the default settings on Your web browser if the same is set to ‘accept cookies’. However, please note that some of the Services offered on the Platform may not function or be available to You, when the cookies are rejected, removed, or disabled
Your data protection rights (if you are a UK customer)
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to processing your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organization or you in certain circumstances.
You are not required to pay any charge for exercising your rights. However, if you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org or Early Years Solutions, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ if you wish to make a request.
☐ We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation.
☐ We keep evidence of the steps we take to comply with the UK GDPR. We put in place appropriate technical and organisational measures, such as:
☐ adopting and implementing data protection policies (where proportionate);
☐ taking a ‘data protection by design and default’ approach - putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations.
☐ putting written contracts in place with organisations that process personal data on our behalf.
☐ maintaining documentation of our processing activities.
☐ implementing appropriate security measures.
☐ recording and, where necessary, reporting personal data breaches
☐ carrying out data protection impact assessments/ Legitimate interest assessment for uses of personal data that are likely to result in high risk to individuals’ interests.
Early Years Solutions, UK is using the platform by Graphy INC, Vistra (Delaware) Ltd, 3500 South Dupont HWY, Dover, Kent, DE 19901, Email: email@example.com is the data processor.
When a Learner purchases any Creator's Content, Graphy will provide the Creator access to a limited set of Personal Information about such Learner to enable the Creator to provide their services to the Learner. We clarify that in respect of the Learners' Personal Information, Graphy shall remain the controller of the Personal Information collected, processed and stored on the Platform as stated hereunder.
However, any Personal Information processed and stored by the Creator outside the purview of the Platform shall be the responsibility of the ‘Early years solution.’
Contracts is in place to include specific terms or clauses regarding:
a) processing only on the controller’s documented instructions.
b) the duty of confidence.
c) appropriate security measures.
d) using sub-processors.
e) data subjects’ rights.
f) assisting the controller.
g) end-of-contract provisions; and
h) audits and inspections.
☐ We consider data protection issues as part of the design and implementation of systems, services, products, and business practices.
☐ We make data protection an essential component of the core functionality of our processing systems and services.
☐ We anticipate risks and privacy-invasive events before they occur and take steps to prevent harm to individuals.
☐ We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
☐ We ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
☐ We provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
☐ We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
☐ We provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
☐ We offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
☐ We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
☐ When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
☐ We use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
☐ We have assessed the nature and scope of our processing activities and have implemented encryption solution(s) to protect the personal data we store and/or transmit.
☐ We understand the residual risks that remain, even after we have implemented our encryption solution(s).
☐ We ensure that we keep our encryption solution(s) under review in the light of technological developments.
☐ We have considered the types of processing we undertake, and whether encryption can be used in this processing.
Personal data breaches
Preparing for a personal data breach
☐ We know how to recognise a personal data breach.
☐ We understand that a personal data breach isn’t only about loss or theft of personal data.
☐ We have prepared a response plan for addressing any personal data breaches that occur.
☐ We have allocated responsibility for managing breaches to a dedicated person.
☐ Our staff know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.
Responding to a personal data breach
☐ We have in place a process to assess the likely risk to individuals as a result of a breach.
☐ We have a process to inform affected individuals about a breach when their rights and freedoms are at high risk.
☐ We know we must inform affected individuals without undue delay.
☐ We know who the relevant supervisory authority for our processing activities is.
☐ We have a process to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
☐ We know what information we must give the ICO about a breach.
☐ We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
☐ We document all breaches, even if they don’t all need to be reported.
Any Personal Information that we transfer will be protected in accordance with this Policy as well as with adequate protections in place in compliance with applicable laws and regulations.
Please note that these countries may have differing (and potentially less stringent) privacy laws and that Personal Information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies, and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org or postal address Early Years Solutions, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO's address:
Information Commissioner's Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk