I, Catherine Patel, take your data protection and privacy seriously. This policy outlines how I collect,
use, store, and share your personal data in compliance with the General Data Protection Regulation
(GDPR) which came into effect on 25th May 2018, and subsequent data protection laws applicable
in England and Wales.

1. Legal Basis for Data Collection
Under GDPR, I must have a lawful basis for processing your personal data. For the purposes of my
services, I process your data based on:

• Consent: You provide clear consent for processing your personal data for a specific purpose.

• Contract: Processing is necessary to fulfil a service agreement or take steps prior to entering

• into a contract.

• Legitimate Interests: Processing is necessary for legitimate purposes, provided these do not

• override your rights or interests.

• Legal Obligation: Certain data is processed to comply with statutory requirements.

​

2. GDPR Principles
I adhere to the following GDPR principles when processing personal data:

• Lawfulness, Fairness, and Transparency: Personal data is collected for lawful reasons, fairly,

• and with transparency about its use.

• Purpose Limitation: Data will only be used for its original purpose and not for unrelated

• activities, such as marketing.

• Data Minimisation: Only necessary data is collected.

• Accuracy: Data is regularly reviewed to ensure it is accurate and up to date.

• Storage Limitation: Data is retained only for as long as necessary.

• Integrity and Confidentiality: Personal data is stored securely to prevent unauthorized

• access or breaches.

• Accountability: I will demonstrate compliance with GDPR principles and maintain records of how data is managed.

​

3. Data Collection
To deliver effective infant sleep consulting and childcare services, I collect the following information:

A. Basic Information and Its Purpose

• Parent(s)’ names, addresses, and contact numbers: Used solely to contact you regarding
  services and to send updates or information relevant to the Sleep Plan. Your details will not
  be shared with third parties without your consent, unless required by law or court order.

• Details of parental responsibility: Necessary for ensuring consent is obtained from the
  appropriate legal guardian(s).

• Child’s doctor’s name and contact details: Used only in medical emergencies to share
  relevant information for your child’s safety and well-being.
  Health visitor or clinic information: Used to coordinate care, when necessary, with your
  explicit consent.

• Allergies, medical history, and special requirements: Essential for ensuring the Sleep Plan
  and any advice provided are safe and appropriate for your child.
  Special educational needs or disabilities: Used to adapt services and recommendations to
  meet the individual needs of your child.

• Ethnic group, religion, and home language: Used only to ensure culturally sensitive and
  inclusive support.

​

• B. Additional Information for Sleep Support and Its Purpose
  Details about your child’s diet and food/milk intake: Used to assess nutritional factors that
  may impact sleep.
  Sleep logs and family routines: Collected to analyse sleep patterns and identify areas for
  improvement.
  Parenting style and other childcare arrangements: Used to create a Sleep Plan that aligns
  with your family’s values, preferences, and practical realities.
  Feedback on implementing the Sleep Plan: Collected to monitor progress, address
  challenges, and adjust the plan, as necessary.

​

This data is collected and processed to create personalised recommendations, deliver high-quality
services, and ensure the well-being of your child.

​

4. Data Storage and Security
Paper records: Stored securely in a locked filing cabinet and destroyed when no longer
required.
Digital records: Stored on password-protected devices or secure cloud platforms (e.g.,
Google Drive, Dropbox). Backups are encrypted and stored securely.
Data deletion: Upon service completion, digital records and emails are securely deleted.
Firewall and antivirus software protect digital records to ensure confidentiality.

​

5. Data Sharing​

With consent: Data is shared only with your explicit consent unless required by law.
Child protection concerns: If safeguarding concerns arise, I am legally obligated to follow
local Safeguarding Children Board procedures and may share information with relevant
authorities. I will discuss concerns with parents before making a referral whenever
appropriate.
Medical emergencies: Information may be shared with healthcare professionals when
necessary for your child’s well-being.

I will never use your data for marketing or share it with other third parties without your consent.

​

6. Retention and Disposal
Certain data must be retained for a legal period following the end of our engagement. I will securely
dispose of data once retention is no longer required. Requests for data deletion must be made in
writing.

7. Subject Access Rights
You have the right to access the information I hold about you and your child. Requests must be
made in writing and will be processed within one month.

8. Confidentiality Expectations
Parents are expected to maintain confidentiality about any sensitive information they may
inadvertently learn about me, my family, other families, or settings during consultations, except
where a child protection issue is concerned.

9. Data Breaches
In the event of a suspected data breach:

• Relevant parties will be notified immediately.

• The ICO will be informed within 72 hours if required.

• A record of the breach will be maintained.

10. Your Rights
You have the right to:

• Access your data.

• Request corrections to inaccurate data.

• Request deletion of your data, where legally permissible.

• Object to the processing of your data for certain purposes.

​

11. Review and Accountability

I conduct quarterly audits to ensure compliance with GDPR and review retained data to ensure it has
a lawful basis.
For further information or to exercise your rights, please contact me directly.