SteadySteps agency

SteadySteps Privacy Policy

Last Updated: 11 February 2026

This Privacy Policy explains how personal data is collected, processed, and protected when you use this website or engage with SteadySteps services.  SteadySteps is committed to handling personal data responsibly, lawfully, and with appropriate safeguards.

1. Introduction

This Privacy Policy explains how personal data is collected, processed, stored, and protected when individuals:

  • Use this website
  • Submit an application
  • Engage with SteadySteps services

This policy applies to:

  • Families
  • Childcare providers (including nannies and applicants)
  • Website visitors

SteadySteps is committed to handling personal data lawfully, fairly, transparently, and with appropriate technical and organisational safeguards.

2. Data Controller

SteadySteps by Daria is the data controller responsible for processing personal data in accordance with:

  • UK GDPR
  • The Data Protection Act 2018

All processing activities are conducted within England and Wales unless otherwise stated.

3. Categories of Personal Data Collected

A. Families

SteadySteps may collect:

  • Name, address, email, and telephone number
  • Child-related information (including SEN, medical, developmental, or behavioural details)
  • Household and routine information
  • Placement history
  • Information relevant to safeguarding and suitability assessment

Where child-related data is provided, it is supplied by the parent or legal guardian.

B. Childcare Providers / Applicants

SteadySteps may collect:

  • Name and contact details
  • CV and employment history
  • Professional qualifications
  • References
  • Right-to-work documentation
  • DBS certificate status information
  • Availability and role preferences
  • Interview and assessment notes

C. Automatically Collected Data

When visiting the website, certain technical data may be collected, including:

  • IP address
  • Browser type
  • Device information
  • Website usage data

This data is used for security, performance monitoring, and analytics purposes.

D. Payment Data

Payments are processed securely via Stripe, a third-party payment provider. SteadySteps does not store full payment card details.
Stripe processes payment data in accordance with its own privacy and security standards.

4. Special Category Data

Due to the nature of the service, SteadySteps may process special category data, including:

  • Health information
  • SEN diagnoses
  • Behavioural assessments
  • Criminal record status (DBS confirmation only)

Special category data is processed only where:

  • Explicit consent has been provided; or
  • Processing is necessary for safeguarding or legal compliance

Access to such data is strictly restricted and limited to what is necessary for service delivery.

5. Lawful Basis for Processing

Personal data is processed under one or more of the following lawful bases:

  • Contractual necessity (to provide placement or decision-support services)
  • Legitimate interests (to assess suitability, apply the SEN Fit Standard, and maintain safeguarding standards)
  • Legal obligation (where required by law)
  • Explicit consent (for special category data where applicable)

Processing is limited to what is necessary, proportionate, and relevant to the purpose of the service.

6. DBS and Safeguarding Information

Where criminal record checks are required:

  • Enhanced DBS checks may be requested through approved third-party umbrella bodies
  • SteadySteps does not retain full DBS certificates unless legally required
  • Only confirmation of DBS status may be recorded where necessary

Safeguarding-related information is handled confidentially and accessed strictly on a need-to-know basis.
Where safeguarding concerns arise, SteadySteps may disclose information to appropriate authorities where legally required.

7. How Personal Data Is Used

Personal data may be used to:

  • Assess suitability for placement
  • Apply the SEN Fit Standard
  • Facilitate introductions between relevant parties
  • Conduct reference and eligibility checks
  • Maintain safeguarding standards
  • Communicate regarding services
  • Process payments
  • Maintain internal records
  • Comply with legal and regulatory obligations

SteadySteps does not sell, rent, trade, or use personal data for unsolicited marketing.

8. Data Sharing

Personal data is shared only where necessary and proportionate.
This may include:

  • Sharing relevant information between families and shortlisted childcare providers
  • Sharing necessary information with DBS umbrella providers
  • Sharing payment information with Stripe
  • Disclosure to legal or regulatory authorities where required

Only information relevant to the placement or safeguarding process is shared.
Data is never shared for marketing purposes.

9. International Transfers

SteadySteps processes data within the United Kingdom.
Where third-party providers (such as Stripe or analytics providers) process data outside the UK, appropriate safeguards are relied upon in accordance with UK GDPR.

10. Data Retention

Personal data is retained only for as long as necessary for:

  • Active placement processes
  • Safeguarding and compliance requirements
  • Legal record-keeping obligations

Inactive applicant or client data may be retained for up to 24 months unless:

  • Deletion is requested; and
  • Retention is not legally required

Safeguarding-related records may be retained for longer where required by law.
Data is periodically reviewed to ensure it is not retained longer than necessary.

11. Data Security

SteadySteps implements appropriate technical and organisational measures to protect personal data from:

  • Unauthorised access
  • Loss
  • Misuse
  • Alteration
  • Disclosure

Security measures include:

  • Secure website hosting under HTTPS
  • Restricted backend access
  • Password-protected systems
  • Limited access to sensitive documentation
  • Secure third-party payment processing

While reasonable safeguards are in place, no internet transmission can be guaranteed to be completely secure.

12. Your Rights Under UK GDPR

Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion (subject to legal limitations)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent (where processing is based on consent)

Requests may be submitted to: info@steadystepsbydaria.com Identity verification may be required before fulfilling certain requests.

13. Complaints


If you are dissatisfied with how your data has been handled, you may lodge a complaint with:
The Information Commissioner’s Office (ICO)
www.ico.org.uk

You are encouraged to contact SteadySteps first to allow the opportunity to resolve concerns directly.

14. Cookies

This website may use essential and limited analytics cookies to ensure functionality, security, and performance monitoring.
Cookies may collect:

  • Website usage information
  • Technical device data
  • Anonymous analytics data

Non-essential cookies will not be deployed without appropriate notice or consent where required.
You may manage or disable cookies through your browser settings.

15. Changes to This Policy

SteadySteps reserves the right to update this Privacy Policy where necessary to reflect:

  • Legal requirements
  • Operational changes
  • Service updates

The most current version will always be available on the website.

Scroll to Top