Privacy Notice

Privacy Notice -- Child-Minder

Draft version for demonstration purposes Date: 17 March 2026 Status: Draft -- subject to review by the Data Controller's Data Protection Officer

2. What This Service Does

The Child-Minder enables parents to register the placement of their child with a specific childminder. This allows the Care Inspectorate to monitor whether childminders are operating within their permitted capacity limits as set out in their conditions of registration.

Under the Requirements for Care Services (Scotland) Regulations 2011 (SSI 2011/210), childminders in Scotland may care for a maximum of:
  • 8 children under 16
  • 6 children under 12
  • 3 children of pre-school age (under approximately 5 years)
These limits include the childminder's own children of the relevant age.

The register provides an automated cross-referencing system that flags when a childminder's registered placements approach or exceed these limits.

---

3. What Personal Data We Collect

We have designed this register to collect the absolute minimum data necessary for its purpose. We call this approach "data minimisation" and it is a requirement of data protection law.

3.1 Data We Collect From Parents

Data ItemWhy We Need ItHow It Is Used
Email addressTo create your account and send essential communications about your child's placementAuthentication, password resets, and notifications if a capacity concern is identified
Child's birth year and monthTo calculate which age bracket your child falls into (under 5, under 12, under 16) for capacity limit checkingUsed only for age bracket calculation. We do not store the full date of birth.
Childminder registration numberTo link your child's placement to the correct childminderCross-referenced against the Care Inspectorate's public register of childminding services
Placement start dateTo record when the childminding arrangement beganUsed to calculate current active placements for each childminder
Placement end date (when applicable)To record when the childminding arrangement endedUsed to maintain accurate current capacity counts

3.2 Data We Generate

Data ItemWhat It IsWhy We Generate It
Child reference number (e.g., Child-Minder-A7K9M2)A system-generated pseudonymous identifier for your childTo identify your child's record within the system without using their name. This reference is generated automatically and cannot be used to identify your child outside the register.

3.3 Data We Do NOT Collect

We do not collect:
  • Your child's name
  • Your child's full date of birth (only year and month)
  • Your child's address
  • Your name or address
  • Your phone number
  • Health information about your child (allergies, conditions, medications)
  • Developmental information
  • Ethnicity, religion, or any other special category data
  • Photographs of your child
  • Financial information
  • Information about your family circumstances
---

4. Our Lawful Basis for Processing Your Data

Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. We rely on the following bases:

4.1 Primary Lawful Basis

Article 6(1)(e) -- Public Task: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Care Inspectorate.

The Care Inspectorate's statutory functions under the Public Services Reform (Scotland) Act 2010 include regulating care services (including childminding), inspecting registered services, and furthering improvement in the quality of care services. Monitoring compliance with capacity limits is a direct exercise of these functions.

4.2 Alternative Lawful Basis

Article 6(1)(c) -- Legal Obligation: The processing is necessary for compliance with a legal obligation. The Requirements for Care Services (Scotland) Regulations 2011 require childminders to maintain records of all children in their care, and the Care Inspectorate is empowered to verify compliance with conditions of registration.

4.3 Special Category Data

We do not process any special category data as defined by Article 9 of the UK GDPR. No health data, no biometric data, no data about ethnicity, religion, or any other special category is collected or processed by this register.

---

5. Who We Share Your Data With

5.1 Care Inspectorate Inspectors

Care Inspectorate inspectors with responsibility for childminding services can view:
  • Aggregate capacity data for each childminder (how many children are placed, relative to the capacity limit)
  • The age brackets of placed children (under 5, under 12, under 16)
  • Pseudonymous child references (e.g., Child-Minder-A7K9M2)
  • Whether capacity limits have been breached or are at maximum
Inspectors cannot see:
  • Which parent registered which child
  • Parent email addresses
  • Any information that links a child's pseudonymous reference to a specific parent

5.2 Childminders

Childminders do not have access to the register. They cannot see which parents have registered children or what data has been submitted. Childminder information displayed in the register (registration number, service name, local authority, capacity limits) is already publicly available on the Care Inspectorate website.

5.3 Third Parties

We do not share your data with any third party. Specifically, we do not share data with:
  • Other government departments
  • Local authorities
  • Police Scotland
  • HMRC
  • Schools or nurseries
  • Marketing companies
  • Any commercial organisation

5.4 Data Processors

The register's technical infrastructure is provided by data processors acting on the Care Inspectorate's instructions under data processing agreements compliant with Article 28 of the UK GDPR. These processors provide hosting, database, and application services. They do not access or use your data for any purpose other than providing the technical infrastructure.

5.5 Law Enforcement

We may be required to disclose personal data in response to a lawful request from law enforcement authorities (for example, a court order or warrant). We would only do so where we are legally obliged to comply.

---

6. How Long We Keep Your Data

Data TypeRetention PeriodWhat Happens After
Active placement recordsRetained for as long as the placement is activeMoved to "ended" status when you notify us the placement has ended
Ended placement records3 years after the placement end dateDeleted. The pseudonymous child reference and placement record are permanently removed.
Child records (with no active placements)3 years after the last placement associated with the child endsDeleted.
Parent account (email)Retained while you have active placements or child records in the systemDeleted when all associated child and placement records have been deleted, or upon your request if you have no active placements
Audit log entries5 years (consistent with the prescriptive period for obligations in Scotland under the Prescription and Limitation (Scotland) Act 1973, section 6)Deleted
You may request deletion of your account and all associated data at any time, provided there are no active placements. If you have active placements, you will be asked to end them before account deletion can proceed.

---

7. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data.

7.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one calendar month. There is no fee for this.

7.2 Right to Rectification (Article 16)

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. You can update your child's birth year and month and your email address directly through your account. For other corrections, please contact us.

7.3 Right to Erasure (Article 17)

You have the right to request that we delete your personal data. We will comply unless we have a legal obligation to retain it. If you have no active placements, we will delete your account and all associated child and placement records upon request.

7.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have challenged.

7.5 Right to Object (Article 21)

Where we process your data under Article 6(1)(e) (public task), you have the right to object to the processing. We will stop processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

7.6 Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. As our processing is based on public task (not consent or contract), this right may not apply. However, we will provide your data in a portable format upon request as a matter of good practice.

7.7 Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: ico.org.uk/make-a-complaint

We would encourage you to contact our Data Protection Officer first so we can try to resolve your concern.

---

8. How We Protect Your Data

8.1 Technical Measures

  • Encryption at rest: All data stored in the database is encrypted at rest using AES-256 encryption
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Row-Level Security (RLS): Database-level access controls ensure that parents can only access their own children's records. These controls are enforced by the database engine itself, not just the application code. Even if the application layer were compromised, the database would still prevent cross-account access.
  • Pseudonymous identification: Children are identified by system-generated reference numbers (e.g., Child-Minder-A7K9M2), not by name. Even if the database were breached, the attacker would obtain reference numbers and birth months -- not children's names or addresses.
  • Audit trail: Every operation on placement, child, and capacity alert records (creation, update, deletion) is logged with a timestamp, the user who performed the operation, and the before/after values. This audit trail is accessible only to system administrators and is retained for 5 years.
  • Role-based access control: The system distinguishes between parent users and inspector users. Each role has precisely defined data access permissions enforced at the database level.

8.2 Organisational Measures

  • Staff training: All Care Inspectorate staff with access to the register receive data protection training
  • Access reviews: User access to the register is reviewed quarterly. Inspector accounts are linked to active Care Inspectorate employment and revoked upon departure.
  • Incident response: A data breach response procedure is in place in accordance with Articles 33 and 34 of the UK GDPR. Breaches will be reported to the ICO within 72 hours where required.
  • Data processing agreements: Contracts with all technical service providers include data processing agreements compliant with Article 28 of the UK GDPR.
---

9. Automated Decision-Making

The register includes automated capacity monitoring. When the number of children placed with a childminder reaches or exceeds a capacity limit, the system automatically generates an alert for Care Inspectorate inspectors.

This automated processing does not result in any decision about you or your child. It generates an alert for a human inspector to review. No action is taken automatically against any parent or childminder as a result of these alerts. All decisions about regulatory action are made by qualified inspectors.

This automated monitoring does not constitute solely automated decision-making with legal or similarly significant effects under Article 22 of the UK GDPR.

---

10. Cookies and Analytics

The register uses only essential cookies required for authentication and session management. We do not use:
  • Tracking cookies
  • Advertising cookies
  • Third-party analytics services
  • Social media tracking pixels
No data about your use of the register is shared with any third party for analytics or advertising purposes.

---

11. Changes to This Privacy Notice

We may update this privacy notice from time to time. If we make material changes, we will notify you by email (to the address associated with your account) before the changes take effect. The date of the most recent update is shown at the top of this notice.

---

12. Contact Us

If you have any questions about this privacy notice, about how we handle your personal data, or if you wish to exercise any of your rights, please contact:

Data Protection Officer Care Inspectorate Compass House, 11 Riverside Drive Dundee, DD1 4NY Email: [DPO email to be confirmed] Phone: [DPO phone to be confirmed] For general enquiries about the register: Email: [Child-Minder support email to be confirmed]

---

_This is a draft privacy notice prepared for the Child-Minder prototype. It would require review by the Care Inspectorate's Data Protection Officer and legal advisers before publication. All contact details shown as "to be confirmed" would be populated with actual details prior to the service going live._