Early Years Fundamentals Ltd. is committed to ensuring that any personal or sensitive data that we collect is protected.



Compliance with General Data Protection Regulations


In order to meet our legal duties under GDPR and the Data Protection Act 2018, we will undertake the following:


1. We will ensure our Terms & Conditions, and Data Protection & Confidentiality Agreement are easily accessed and written in language that is easy to understand. 


2. We will not share or use your data for any other purposes than those outlined below and, in our Terms & Conditions.


3. We understand that you have a right to access and amend your records at any time. We commit to only collecting personal data that enables us to have a dialogue with our users and to receive payment.


You may request a copy of your personal information under the Data Protection Act 2018 by writing to Early Years Fundamentals Ltd. 489 Lower Somercotes, Alfreton, Derbyshire, DE554NS or email ey.fundamentals@gmail.com 


If you believe any of your personal data to be incorrect or incomplete, please write to or email us as soon as possible and we will promptly correct any information found to be incorrect. 


4. You may also choose to restrict the use of your personal information. 

If you have previously agreed to us using your personal information to advise you of new products, you may change your mind at any time by writing to or emailing us at ey.fundamentals@gmail.com


5. You have the right to be forgotten. “Under Article 17 of the UK GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten”’. The right only applies to data held at the time the request is received.” (ICO, 2023.) You can, therefore, request that your personal information be deleted at any point in time. However, we need to make you aware that the right to be forgotten may not apply in the following cases:



6. We will ensure that staff have due regard to the data protection principles described in Article 5 (1) of the UK GDPR, which ensures that personal and sensitive data is:


  1. processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’)
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’)
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)”


We ask, wherever possible that providers use business email addresses and contact details that are already in the public domain. However, we recognise that this is not always possible and, therefore, users may sometimes provide us with their personal data from time to time. This data will only be used to maintain an on-going dialogue with the user and will be deleted at their request at any time.


We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. 


Online Payments

We use a payment gateway called Stripe. We have reviewed Stripe’s Privacy policy to ensure that online payments are conducted safely and that your data is protected. If you would like to know more about Stripe’s Privacy policy, you can view it on the link below https://stripe.com/en-gb/privacy


Third party systems

We use third party software providers Thinkific and Brillium which are used to deliver some of our services and products. We also use Wix to host our company website and Microsoft Teams to provide our subscriber’s platform. They do not require users to provide any more information than is outlined in this policy. We have reviewed the privacy policies for Brillium https://www.brillium.com/privacy, Thinkific https://www.thinkific.com/privacy-policy/, Wix About Privacy | WIX and Microsoft Teams Microsoft Teams Security, Privacy & Compliance Capabilities to ensure that they have systems in place to protect your data. Should you wish to view their policies, you can access the links provided.


Any sensitive data that we collect is limited to responses provided to assessment materials with regard to the setting’s ability to meet the legal requirements of the EYFS and its underpinning legislation. Responses will not include information about specific children or members of staff.


  1. “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  2. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);”


Should you need to provide us with personal data such as a home address or personal email, you can rest assured that your data will be used and stored in accordance with this data protection & confidentiality agreement.


What we do with your information

The information that you provide is used to communicate with you and on occasions to better understand your needs and the needs of the sector. For example,


Users have the right to be removed from our client record management (CRM) system at any point in time and will be asked annually whether they wish us to remain in contact with them.


Any responses to audit materials generated by our third-party software providers (Brillium and Thinkific) will be deleted from our servers within one year, unless this is part of an on-going engagement. 



We undertake not to disclose the information that you share with us to any other parties other than the third-party providers that we engage to house or develop our products.

However, we need to draw your attention to the fact that in agreeing to undertake audits that have been purchased by your Local Authority, you are also agreeing for the outcomes of these audits to be shared with your Local Authority. This can take the form of a data dashboard, or your report(s) may be shared in full, should your Local Authority request this.


  1. “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”


Personal and sensitive data is only held electronically and is stored on cloud servers which are provided by third-party provider Microsoft. As with all third-party providers, we have read their privacy notice to ensure that your data is protected. You can find out more here https://privacy.microsoft.com/en-gb/privacystatement



7. We understand that our Data Controller is legally responsible for the way that these principles are enacted.


8. Links to other websites 


Our website or materials may contain links to other websites of interest. However, when you use these links, you should be aware that we do not hold any responsibility for the content of the site or the way that they process your data.