Skip to main content

Privacy Notice


Like most websites we use 'cookies' to collect anonymous statistics about how people use the site, and to help us keep it relevant for the user. Cookies 'remember' bits of information from your visit to the site.

A cookie is a simple text file that's stored on your computer or mobile device by a website's server. Only that server can retrieve or read the contents of that cookie. Each cookie is unique to your web browser. So if we put a cookie on your computer, it can't be read by any other website.

We use two types of cookie:

  • 'session cookies' last as long as your current visit to the site, or for up to a limited amount of time if you keep the site open without using it. They mean you don't have to keep re-submitting information as you move through the site or carry out transactions.
  • 'persistent cookies' remember information from previous visits, for example names and details for online forms. They are used to collect anonymous statistics about how many people use the site, and to maintain any settings (such as accessibility) you have changed.

You can change your computer settings at any time to accept all cookies, to notify you when a cookie is issued, or not to receive cookies. How you do this depends on your web browser . . .

Find out more at

What personal data is held by us?

Childcare providers may choose to advertise their contact information and any other details they wish to provide Family Information Service with for purposes of advertising their service.  We only hold the postcode of the childminder and not the house name or number to protect the children in their care.

Registered users are only asked for their name, organisation or other identifier, email address and a password chosen by them.  The password is not stored or accessible by anyone else.

Other providers may register to log in to update information about their service.  By doing this, it is mandatory that they provide information on the service title, a description of what is available and information on the Local Offer for 0-25 year olds with additional needs or disabilities.

Parent carers and young people who choose to join The Key, Gloucestershire's Disabled Children and Young People's register, will complete an online application form provding details of the Parent's name, email address, telephone number and home address.  This information will be sent securely to a Gloucestershire County Council email address, processed and stored on a Local Authority system, called Liquid Logic EHM.  A privacy notice for The Key can be found here.

How is the data held securely?

Data is stored in a secured area called the Datastore.  The Datastore is only accessible to Family Information Service staff on a restricted access basis using their own username and password. 

Information provided to us is made ‘live’ and can be seen on the front end of the website by members of the public.  Selected information can be restricted from public view and can only be accessed by authorised staff on the datastore and by permission to practitioners when they log in with a password and request access.

What is the law on using and storing personal data?

The Care Act 2014, Children’s Act 2006/2016 and the SEND Code Of Practice (Children’s Act) place a legal duty on the Local Authority to ensure parents and carers have access to clear, accurate and up to date information, advice and guidance to inform the choices they make for their children and families. 

The information we display on the website helps parents and carers and the practitioners working with them to know what is available to them including:

  • childcare and children’s services
  • youth services
  • support services for children, young people, parents and carers
  • health services
  • services and information for children and young people with additional needs and disabilities
  • events, sports and community activities. 

The information is given by providers voluntarily.  By registering on the site and accepting the Terms of Conditions, they consent that the data and information is used for the purpose of informing and promoting their services.  

How long will data be kept for?

Information is kept up to date by providers and registered users, so it can be amended or removed at any time.

It is also kept up to date by the Family Information Service team to ensure accurate, high quality information is being used.  Information on services or providers is removed or updated whenever inaccuracies are discovered or we are notified that information is incorrect.

Childcare data from Ofsted is updated and reviewed on a daily basis and relevnat childcare setting records are updated accordingly. Any resigned, cancelled or suspended settings are removed from public visibility as soon as possible.  New childcare settings are requested to complete their business information for families to access via the website on a voluntary basis.

Who will the data be shared with?

The information provided is shared on a public website, except for data that needs to be restricted either legally or on request e.g. registered user's personal details or sensitive information made available to practitioners only.

Registered users of the website may request to have their details removed at any time.  Personal details provided in order to register are also stored securely in the Datastore where they will only be used by Family Information Service and are never given out.  Family Information Service may use the contact details of registered users to send out relevant useful communications, such as remindersto update their information or to advise on changes to the service.

The information may also be accessed by the software provider: IDOX/Open Objects.  They access the information on a needs basis when issues arise and need to be resolved. The software provider has to comply with GDPR and have their own policy to ensure this is met.


The GDPR sets out a higher standard for consent than the Data Protection Act. The GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’

Consent has to be a positive indication of agreement to personal data being processed. It cannot be inferred from silence, pre-ticked boxes or inactivity. Opt out consent is no longer acceptable under the GDPR. The GDPR is clear that controllers have to demonstrate that consent was given, so a review is best practice in order to ensure there is an effective audit trail. 

Back to top