Privacy Policy

Privacy Policy

Privacy Policy

Privacy Policy

Early Years Klique Ltd Last updated: 28 June 2026

  1. Who we are

Early Years Klique Ltd ("we", "us", "our") is a limited company registered in England and Wales under company number 16501738, with our registered office at 14 Church Meadow, Milton-under-Wychwood, OX7 6JQ.

We operate the Early Years Klique marketplace website at www.earlyyearsklique.co.uk, connecting Early Years Practitioners with childcare providers.

We are the "data controller" responsible for your personal data.

For any questions about this privacy policy or your personal data, please contact us at: hello@earlyyearsklique.co.uk

We are registered with the UK Information Commissioner's Office (ICO). Our registration number is: ZC133035

  1. Our data protection contact

We are not legally required to appoint a statutory Data Protection Officer, as our processing does not meet the threshold set out in Article 37 of the UK GDPR (we are not a public authority, and we do not carry out large-scale systematic monitoring or large-scale processing of special category data).

We do, however, process some sensitive categories of data — including criminal offence information through DBS checks for Practitioners. We have considered the risks of this and have appropriate safeguards in place (see clauses 11 and 12).

If you have any questions, requests, or concerns about how we handle your personal data, contact our data protection point of contact at hello@earlyyearsklique.co.uk. We will respond within the timeframes required by law.

  1. What data we collect

The data we collect depends on how you use the platform.

3.1 For all users

Full name Email address Contact telephone number Postal address and postcode Communications between you and other users on the platform Technical data such as IP address, browser type, and device information

3.2 For nurseries and settings ("Members")

Setting name, type, Ofsted URN where applicable Billing information (processed by Stripe — we do not store full card details) Booking and transaction records Reviews left for Practitioners

3.3 For Practitioners

In addition to the general data above, as part of our vetting process we collect:

Copy of identity document (passport or driving licence) — used to verify identity, then deleted after verification Right-to-work share code or document evidence DBS certificate number and either a copy of the certificate or DBS Update Service status — used to verify suitability, document copy deleted after verification Two professional references from previous employers Copies of relevant qualifications — used to verify qualifications, then deleted after verification Safeguarding self-declaration responses Profile information such as availability, qualifications, hourly rates, short bio, and photograph Time and attendance data for shifts — clock-in/clock-out times, GPS location at the point of clock-in/out, and the setting attended Confirmation of self-employed status (including UTR) and a signed self-employment declaration

We do not collect facial recognition or biometric verification data for clock-in.

  1. How we use your data

We use your personal data to:

Create and manage your user account Process bookings and transactions, and process payment via our payment provider Carry out our baseline vetting of Practitioners — including verifying identity, right to work, criminal records suitability (via DBS), qualifications, professional references, and self-employed status — before profiles become visible to nurseries Verify and record the hours Practitioners work at nurseries, to support accurate payment, dispute resolution, and confirmation of shifts Communicate with you about your account, bookings, and service updates Display location information on a map (using postcode data) Comply with our legal obligations Improve our services and user experience

  1. Legal basis for processing

We process your data on the following legal bases under UK GDPR:

Contract — to provide the marketplace services you have signed up for, including bookings and payments Legitimate interests — to operate, secure and improve our marketplace, connect users, prevent fraud and misuse, and maintain accurate shift records Consent — where you provide it, for example for marketing communications. You can withdraw consent at any time Legal obligation — to comply with UK law, including tax, accounting, and safeguarding-related record-keeping requirements

5.1 Criminal offence data

We process criminal offence data only as part of vetting Practitioners who will work with children. We process this data under:

UK GDPR Article 10, and Data Protection Act 2018, Schedule 1, Part 2, paragraph 18 ("Safeguarding of children and of individuals at risk")

Our Appropriate Policy Document covering this processing is available on request from hello@earlyyearsklique.co.uk.

  1. Payment processing

Payments on Early Years Klique are processed by Stripe. When you make a payment, your card details are collected and processed directly by Stripe, not by us. Stripe has its own privacy policy which you can review at stripe.com/privacy.

  1. Data sharing

We do not sell your personal data. We share data with the following service providers (each of which acts as a "data processor" on our behalf, under a Data Processing Agreement):

Sharetribe — our marketplace platform provider Stripe — payment processing and fraud prevention Mapbox — displays location information based on postcodes on the platform Hostinger — provides our business email hosting Google (Google Workspace / Google Drive) — secure document storage and internal email infrastructure Typeform — collects Practitioner sign-up information and vetting documents Jibble — clock-in/out and attendance verification at nurseries, including GPS location at the point of clock-in/out Make.com — automation between our other tools Matrix Security Watchdog (Sec Watchdog Limited) — our registered DBS umbrella body, used to process Enhanced DBS checks for Practitioners. Matrix Security Watchdog will contact Practitioners directly during the check process

We also share limited information:

With other users — for example, a Practitioner's profile is visible to nurseries; a nursery's booking information is visible to the Practitioner booked With legal and safeguarding authorities — where required by law, or where there is a safeguarding concern that meets the threshold for statutory reporting (see our Safeguarding Policy)

  1. Data retention

We retain your personal data only for as long as necessary for the purposes we collected it for. Our standard retention periods are:

Account and profile data — for the duration of your account, then deleted within 6 months of account closure, unless we are required to keep it longer for legal reasons Booking and transaction records — 6 years from the end of the relevant financial year, to meet HMRC and accounting requirements Payment records — 6 years, to meet tax and accounting requirements Vetting documents (copies of ID, DBS certificate, right-to-work documents, qualifications) — securely deleted after the relevant verification is complete. We retain a record of the verification (document type, identifying number, date, outcome, and the person who carried out the check) for the duration of platform membership and up to 6 years afterwards Reference records — retained for the duration of platform membership and up to 6 years afterwards Time and attendance records (Jibble) — 6 years, to meet payment, tax and dispute-resolution requirements Reviews — retained for as long as both parties have an active profile, then anonymised Marketing consents and communications — until you withdraw consent or unsubscribe, then deleted within 6 months General enquiries and support emails — up to 2 years from the date of the enquiry

Where data is no longer needed, it is securely deleted or anonymised.

  1. Your rights under UK GDPR

You have the right to:

Access your personal data Correct inaccurate data Request deletion of your data ("right to be forgotten") Object to or restrict processing Data portability Withdraw consent at any time (where processing is based on consent) Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, contact us at hello@earlyyearsklique.co.uk. We will respond within one month, as required by UK GDPR.

  1. Cookies

We use a minimal set of essential cookies to operate the website. We do not use Google Analytics, Google Maps, advertising cookies, or marketing trackers on the website itself. For full details, see our Cookies Policy.

  1. Data security

We take appropriate technical and organisational measures to protect your personal data, including:

Secure (HTTPS) connections on the website Access controls and two-factor authentication on internal systems Restricted, role-based access to vetting documents Use of business-grade, GDPR-compliant service providers with signed Data Processing Agreements Prompt deletion of identity and vetting document copies after verification

We take particular care with criminal offence data, identity documents, and time-and-attendance data.

  1. International transfers

Some of our service providers are located outside the UK, and your personal data may be transferred to and processed in countries that do not have the same data protection laws as the UK.

Where personal data is transferred outside the UK, we ensure an appropriate safeguard recognised under UK data protection law is in place. Specifically:

Stripe (US) — transfers are protected by the International Data Transfer Addendum to the European Commission's Standard Contractual Clauses (the UK SCCs / UK Addendum), and where applicable the UK Extension to the EU–US Data Privacy Framework Mapbox (US) — transfers are protected by Standard Contractual Clauses with the UK International Data Transfer Addendum Typeform (US) — transfers are protected by Standard Contractual Clauses with the UK International Data Transfer Addendum Make.com (EU, with US sub-processors) — transfers are protected by Standard Contractual Clauses with the UK International Data Transfer Addendum Google (Google Workspace) — we use UK/EU data residency where available. Where transfers occur, they are protected by Standard Contractual Clauses with the UK International Data Transfer Addendum, and where applicable the UK Extension to the EU–US Data Privacy Framework Sharetribe (Finland, EU) — covered by UK adequacy regulations for transfers to the EU Hostinger — uses EU/UK data centres Jibble — UK-based; no international transfer of personal data outside the UK in normal use Matrix Security Watchdog — UK-based; no international transfer of personal data outside the UK

You can request more information about these safeguards by contacting us at hello@earlyyearsklique.co.uk.

  1. Children's data

Early Years Klique is intended for use by professional adults aged 18 or over (nursery managers and Practitioners). We do not knowingly collect personal data from children through the platform.

Information about children may be discussed in the context of a safeguarding concern. Any such information will be handled in accordance with our Safeguarding Policy.

  1. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect any changes. Significant changes will be communicated to you by email.

  1. Contact us

For any questions, data requests, or concerns, contact us at:

Early Years Klique Ltd 14 Church Meadow, Milton-under-Wychwood, OX7 6JQ Email: hello@earlyyearsklique.co.uk Company number: 16501738 ICO registration: ZC133035 ShareContent