Skip to main content

Privacy Policy

Introduction

This document has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Personal Data Protection Act. The goal of Private Kindergarten “Little Steps” as a personal data administrator is to inform interested parties about what personal data is collected, for what purposes, how it is processed and stored, and to whom it is disclosed or shared.

What is personal data?

According to the General Data Protection Regulation (GDPR), personal data is defined as:

“Any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

The data controller is obliged to:

  • Protect personal data through appropriate security measures;
  • Notify authorities of any personal data security breaches;
  • Document the processing of personal data;
  • Maintain detailed records of data processing activities and obtaining consent.

Why do we collect and store personal data?

Private Kindergarten “Little Steps,” as a data controller, processes only legally collected data necessary for specific, clearly defined purposes—education, upbringing, and socialization of the child, as stipulated in Article 3 of the Pre-school and School Education Act and Article 9 of Ordinance № 8/11.08.2016 of the Ministry of Education for information and documents in the pre-school and school education system. The kindergarten processes personal data only for the purposes for which it was collected and does not use it for other intentions. These are entirely related to organizing the educational process, supporting education, issuing documents that meet state requirements, and concluding training contracts.

As an educational institution, we have a legal obligation to maintain a Register for those subject to training, journals, personal files, certificates of completed education stages. These documents contain mandatory details such as: personal identification number, date and place of birth, permanent address, photo, etc. We have a legal obligation to process your personal data when applying for and receiving scholarships. To facilitate communication with the child’s family, we need data such as: address, phone number, and email.

The kindergarten has an obligation to ensure security and safety on its premises, which includes capturing images through the video surveillance system. If necessary, we will be required to share this information with law enforcement authorities.

All data collected by the kindergarten is defined as personal, sensitive, or both. The definitions for “personal data” and “sensitive data” are those published in the GDPR:

  • “Personal data” – any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Sensitive data” – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Your rights regarding personal data

  • Right of access;
  • Right to rectification;
  • Right to erasure (under certain circumstances);
  • Right to restrict processing;
  • Right to data portability (under certain circumstances);
  • Right to object, including against direct marketing;
  • Right to require human intervention concerning automated processes, including profiling.

Are personal data protected?

We do our best to protect personal data, applying strict procedures and security measures to prevent unauthorized access. The data we collect is stored on paper and electronically.

Paper records have restricted access, explicitly and personally authorized by the administrator for certain official persons, and are stored in locked rooms equipped with security systems.

Personal data on electronic media is stored and transferred only in encrypted form.

Right to access data

All individuals whose data we store have the legal right to request access to such data or information about what is stored about them.

We will respond to such access requests within 30 (thirty) days, and they must be sent in writing.

Personal data about children will not be disclosed to third parties without the consent of the child’s parents unless required by law or in the best interest of the child. Data may be disclosed to the following third parties in cases where:

  • Other kindergartens – when a child from Private Kindergarten “Little Steps” moves to another kindergarten or school, academic records and other health-related data may be transferred to the new institution;
  • Examination bodies – this may be for registration purposes to enable children to carry out activities determined by external bodies;
  • Under health legislation, the kindergarten may transmit information about the health of the children in the kindergarten to monitor and prevent the spread of infectious diseases in the interest of public health;
  • Police and courts – in case of a criminal investigation, to transmit information to the police to assist in their investigation;
  • Social workers and agencies – to protect or maintain the well-being of our children and in cases of child abuse, it may be necessary to transmit personal data to social workers or agencies;

Retention period for personal data

Private Kindergarten “Little Steps” will store personal data for a period no longer than necessary to fulfill the purposes for which it was collected or in accordance with legal requirements. Data will be stored for periods specified in the relevant laws.

When personal data is no longer required for its initial purpose, processing is stopped, and all personal data is deleted from the kindergarten, including any data stored by data processors.

Photographs and video

Images of staff and children may be captured at appropriate times and as part of educational activities for use only within the kindergarten. Parents, children, and kindergarten staff should not use such images for publishing or communications with external sources. The kindergarten’s policy is that external parties (including parents) may not capture images of staff or children without prior consent.

Application of the policy

Private Kindergarten “Little Steps” processes personal information about employees, children, parents, and others defined as data subjects under data protection legislation. This data must be processed only in accordance with data protection legislation, which is the purpose of this policy; Any breach of this policy may result in the institution, as a data controller, violating data protection legislation and being liable for the consequences of such a breach; The director and deputy directors of Private Kindergarten “Little Steps” are responsible for ensuring that the kindergarten complies with data protection legislation. All employees must have read, understood, and comprehended this policy before accessing personal data processed by the kindergarten. It is the responsibility of all users of personal data to ensure its security. Personal data should not be disclosed to unauthorized persons in any form, accidentally or otherwise; Any breach or non-compliance with this policy, especially any deliberate disclosure of personal data to an unauthorized party, may result in disciplinary or other appropriate actions; Any unauthorized access to or disclosure of personal data or other security breaches must be reported according to the Personal Data Security Breach Response Procedure immediately upon discovery or reasonable suspicion of a breach; The director and deputy director are responsible for ensuring that all employees at Private Kindergarten “Little Steps” are informed of their obligations under data protection legislation, including their training and briefing; Advice and support regarding data protection legislation are provided by the appointed data protection officer – Stoyanka Sotirova, HR Officer. The data protection officer reports to the director of Private Kindergarten “Little Steps.”

Little Steps Early Learning Centre is a privately-owned kindergarten in Sofia providing an English-speaking environment and programmes for preschool care and education.

Little Steps MUSAGENITSA

About us
Our Programme
Our Team
A Day at Little Steps
Gallery
Contact Us
“Azbuki” School Complex
Musagenitsa, Sofia
1 Arch. Viktoria Angelova-Vinarova St
tel.: 0895 700 605; 0884 195 883
e-mail: littlesteps@azbuki-school.bg

Little Steps SIMEONOVO

About us
Our Programme
Our Team
A Day at Little Steps
Gallery
Contact Us
Simeonovo, Sofia
16 Academician Spiridon Kazandzhiev St
tel.: 0885 138 850
tel.: 089 664 5504
e-mail: office@littlesteps.bg
Privacy Policy
2024 Little Steps  |  All rights reserved  |  Created by Pixel House