Skip to main content

{{ root_page.title }}

Privacy notice for Early Years Service (Kingston and Richmond)


This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use it and who we may share information with. We are required to give you this information under data protection law.

Achieving for Children is registered as a data controller with the Information Commissioner’s Office (ICO). Registration number ZA045069.

The Early Years Service delivers the council’s statutory duties to  support early years and childcare providers to deliver early education, and childcare free entitlements and ensures sufficient free places across the boroughs of Kingston and Richmond. The service works in an integrated way with other children’s services teams in and with partner organisations to ensure the best possible outcomes for children, young people and families in our boroughs. 

Personal data we collect 

For children and families

  • personal identifiers and contacts (such as name, address, email address, telephone numbers, date of birth, gender, ethnicity)
  • details of which childcare provider your child is accessing their early years entitlement
  • national insurance numbers and 30 hour codes issued by HMRC 
  • employment status for foster carers
  • details of your child’s education, health care plan (EHCP)
  • financial information such as  whether you are in receipt of income support, household income and child tax credit
  • whether your child is in receipt of disability living allowance (DLA)
  • whether you are eligible for support through section 4 or part 6 of the Immigration and Asylum Act 1999.
  • whether a child is looked after by a local authority or has left care under an adoption order, special guardianship order or a child arrangements order
  • contracts and invoices from the childcare provider that relate to a child’s early years entitlements
  • communications between parent and childcare provider
  • attendance records for children accessing early years entitlements

For childcare providers and their staff

  • personal identifiers (such as name and contact details)
  • registration information and status with Ofsted 
  • bank details
  • details of employment status and operational hours 
  • information supplied to parents about accessing the funded entitlement e.g. contracts, funding policy
  • communications between parents and childcare providers
  • details of relevant insurance cover
  • receipts and other evidence related to SEND supplementary funding

How we use your personal data

  • To establish eligibility for free early education places for 2, 3 and 4 year olds (2 year olds and extended entitlement for 3 and 4 year olds for working families) 
  • To establish eligibility for early years pupil premium and social deprivation supplements
  • To approve applications to early years send inclusion fund (EYSIF) to support 2, 3 and 4 years olds with emerging or lower level special educational needs or disabilities 
  • To approve applications for Disability Access Fund 
  • To make payments to deliver the early years entitlements
  • To support us in meeting our statutory duties around ensuring sufficient early education and childcare places across Kingston and Richmond 
  • To assess the quality of our service and for the purpose of service improvement 
  • To meet our statutory duty to provide parents/carers and prospective parents with information about childcare and early education, including free places in the borough of Kingston and Richmond 
  • To support our statutory duty, make available information, advice, support and training that supports inclusive, high quality early years provision
  • To ensure compliance with the statutory guidance and AfC terms and conditions for offering funded entitlements

Lawful basis for processing your personal data 

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis for processing are: 

  • Article 6(1)(c) - processing is necessary for compliance with a legal obligation
  • Article 6(1)(e) - processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • Article 9(2)(g) - necessary for reasons of substantial public interest, on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures;

These articles under the GDPR are supported by the following specific legislation: 

  • Childcare Act 2006
  • Childcare Act 2016
  • Children’s Act 1989
  • Early Education and Childcare Statutory Guidance for Local Authorities
  • The Education (Provision of Information About Young Children) (England) Regulations 2009 
  • Special Educational Needs and Disability (SEND) Code of Practice: 0 to 25 years
  • Working Together to Safeguard Children

Who we share your personal information with

For the purpose of meeting our statutory duties and safeguarding, we may share personal information with:

  • internal departments in Achieving for Children 
  • government departments including the Department for Education
  • Ofsted
  • health services or other professionals involved with your child such as speech and language, occupation therapy or paediatric services to ensure appropriate support is offered in the child's educational setting 

Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018. 

How long will we keep your information?

  • Financial information -current year + 6 years.
  • Children with SEND - DOB + 25 years
  • Childminder records - termination date + 10 years

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and access to information 

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact. 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing object to decisions being taken by automated means
  • In certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and 
  • A right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: [email protected]

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at


Version 2.0/04/23/EYS
Issue Date: 04/2023