The Personal Data Protection Office receives questions on rules for the information of children under 3 years old parents concerning the results on the recruitment procedures into the nursery.
The principles for the childcare into nursery are regulated by the legislation of the 4 February 2011 on childcare under three years old. This legislation does not include provisions that determine uniform rules about the child admission or not into the nursery, living to the entity which creates the nursery the possibility to explain this question into the policy.
At the same time, it is important to notice that the actual Minister for Families, Work and Social Politic does not issued a regulation based on the special requirement on coronavirus, that should introduce different legislations on the recruitment procedure into nursery or other way of assistance of children under three years old, like the Minister for Public Education in the areas of kindergartens and schools (further informations on the recruitment into school and kindergartens at https://uodo.gov.pl/pl/138/1497 )
So, the choice on who to inform parents (child guardians) on the requirements results is of the entity that creates the nursery. The applicable òegislations do not provide the data transfer on nursery recruitment results by phone or by email.
It is important to underline that recruitment information which minors personal data must be protected and must be directly towards the data subject.
If the entity which creates the nursery obtains information from the same parents or guardians about their phone numbers or mail address in order to contact them, with these communication methods they can provide information on the recruitment results. The base for parents contact data processing will be
the article 6 paragraph 1 letter c (legal obligation) according to the article 3a of the Childcare under three years old Legislation.
It is important to remember that the amount of the informations must be adequate and necessary to the aim.
In case of email, the administrator should provide another technical security (IT) for the provided informations.
It is important that the administrator applies protection measures for the personal data process that are adapted to the risk degree and he assesses them for the loss of the data confidentiality, integrity and availability.
These measures must be efficient and adequate, in compliance with the actual state of the technical acknowledgments. This includes methods to encrypt device memory or personal data files, which is worth using.
Even if the content of a send message, for example, is taken back or sent to the wrong recipient, its attachment will still be unreadable without having a decryption key. An important element of the process to ensure the security of electronic communications send is the transmission of a password (decryption key) to another secure communication channel.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA POLONIA – UODO