Privacy Policy

Who We Are

NeuroNest Early Intervention is a specialist early-intervention and child development centre based in Waterford, Ireland. Led by Kristina Rautek Potocnik, a Child Development Specialist with over 20 years of experience, NeuroNest supports children aged 0–12 through evidence-based developmental, sensory-motor, communication, cognitive, and social-emotional support.

We work from a holistic, child-centred approach and place strong emphasis on partnership with families. NeuroNest collaborates with other professionals and services, where appropriate, to support children’s development in a respectful, inclusive, and non-clinical early-intervention setting.

How to Contact Us

Address: Oak Villa, Military Road, Waterford Phone: 087 1424 078 Email: info@neuronest.ie Instagram: @neuronest.ie Facebook: NeuroNest Early Intervention

What Is a Privacy Policy

This Privacy Policy explains how NeuroNest collects, uses, stores, protects, and shares personal data relating to children and their families. It is intended to ensure transparency and to demonstrate compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our Data Protection Promise

We are committed to processing your personal information:

• Lawfully, fairly, and transparently
• Only for clear, legitimate purposes
• Using the minimum amount of data needed
• Securely and confidentially
• Only for as long as necessary
• With full respect for your rights

Your trust is central to our work, and we safeguard personal data with the highest professional standards.

Purposes for Which We Use Personal Data

We collect personal information primarily through parent questionnaires completed during enrolment. This may include:

• Child and family names, dates of birth, contact details
• Medical observations, developmental history, diagnoses, relevant reports
• Emergency contact details
• Any additional information needed to provide safe, high-quality intervention

We may request additional information if clinically necessary, legally required, or needed to protect health and safety.

Some information is essential; without it, we may be unable to provide services due to safety, emergency, or legal obligations.

We also use contact details to share session updates, resources, and administrative information relevant to your child’s programme.

How We Use Your Data

Personal data may be used for:

• Managing enquiries, consultations, and communication with families or HSE representatives
• Performing our contract with you and processing payments
• Maintaining accurate service records
• Communicating with schools, healthcare professionals, or other services (with your consent unless law requires otherwise)
• Routine business administration, including IT systems, scheduling, and accounting
• Working with trusted third parties (e.g., IT support, secure software providers, accountants, legal advisors)

All third-party access is strictly limited and governed by confidentiality and data-processing agreements.

Storage and Security

We take appropriate technical and organisational measures to safeguard all personal data. This includes:

• Secure locking systems for physical files
• Encrypted, password-protected digital systems
• Restricted staff access on a strict need-to-know basis
• Regular security reviews and staff training

We protect data from loss, misuse, unauthorised access, disclosure, or alteration.

Quantity and Quality of Data

We collect only the information necessary for service delivery. We keep data accurate and up to date and ask that families notify us of any changes as soon as possible.

Limited Data

Personal data is retained only for:

• The duration of service, and
• The legally required retention period afterward

Different categories of data may have different retention periods depending on legal, clinical, and insurance requirements.

Retention

When the retention period expires and the child is no longer an active client, personal data will be:

• Securely destroyed (paper records by confidential shredding; digital files by permanent deletion)
• Anonymised if needed for audit or statistical purposes
• Stored in restricted archive only when legally required

Records relating to ongoing legal claims, complaints, or safeguarding matters will be retained until fully resolved and cleared by legal/insurance advice.

Accurate, Complete, and Up-to-Date Data

Parents/guardians are responsible for informing us promptly of any changes in personal or contact information to ensure safe and accurate service delivery.

Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectification (correction of inaccurate data)
• Erasure (“right to be forgotten”) in certain circumstances
• Restrict or object to processing
• Data portability (receive a machine-readable copy of your data)

To exercise any of these rights, contact us directly. We will respond within the legally required timeframe.

Changes to the Policy

NeuroNest may update this Privacy Policy at any time to reflect legal changes, professional guidance, or service updates. The most current version will always be available on our website. All requests and complaints will be handled in accordance with the policy version in effect at the time.

Final Disposition Schedule

Client Records- Retained for a minimum of 7 years after services end, then securely destroyed or anonymised.

Records linked to complaints or legal action- Retained until all matters are fully resolved and legal advice confirms they may be destroyed.

Anonymous statistical or audit information- May be retained indefinitely, as no personal identifiers are included.

Discussion of the Child’s Progress and Well-Being

For dignity and emotional safety, staff do not discuss a child’s needs or behaviour while the child is present.

Updates, recommendations, or short video clips (with parental consent) are shared privately:

• In a confidential space away from the child
• Through a designated parent–specialist WhatsApp group

These communications form part of the child’s confidential record and are handled in accordance with this Privacy Policy.

____________________________________________________________________________________________________________

Child Protection & Safeguarding Policy

Service: NeuroNest Early Intervention, Waterford, Ireland Owner / Director: Kristina Rautek Potocnik Designated Liaison Person (DLP): Kristina Rautek Potocnik Deputy DLP: Mihaela Potocnik Relevant Person (Children First Act 2015): Kristina Rautek Potocnik Review Cycle: Every 2 years, or sooner if required by legislation or service changes.

1. Purpose and Scope

This policy outlines how NeuroNest Early Intervention (“NeuroNest”) safeguards all children who attend our service.

NeuroNest is a small, independent early-intervention practice offering therapeutic and developmental support services within a non-clinical early-intervention setting. Although we are not part of Tusla, the HSE, CAMHS, or any school, we are legally required to follow Irish Child Protection law and report child protection or welfare concerns where appropriate.

This document also fulfils the requirement for a Child Safeguarding Statement under Section 11 of the Children First Act 2015.

This policy applies to all staff, contractors, students, and volunteers working with or on behalf of NeuroNest.

2. Legal and Regulatory Framework

This policy is aligned with:

• Children First Act 2015
• Children First: National Guidance for the Protection and Welfare of Children (2017)
• Child Care Act 1991
• Criminal Justice (Withholding of Information on Offences Against Children and Vulnerable Persons) Act 2012
• Data Protection Acts 1988–2018 & GDPR
• Relevant professional codes of conduct

Where any conflict exists between policy and Irish law, Irish law takes precedence.

3. NeuroNest’s Commitment to Safeguarding

As a small, specialist service, NeuroNest is committed to:

• Prioritising the best interests of the child in all decisions.
• Providing a safe, respectful, trauma-informed environment for every child.
• Ensuring all interactions support dignity, emotional safety and developmental needs.
• Listening to children in an age-appropriate way and valuing their voice.
• Working collaboratively with parents/guardians where safe and appropriate.
• Responding quickly and correctly to any concern.
• Fully cooperating with Tusla and An Garda Síochána where required by law.

4. Description of Services & Risk Assessment

(Child Safeguarding Statement – Core)

NeuroNest provides:

• One-to-one and small-group early-intervention sessions for children aged 0–12
• Parent coaching and consultations
• Developmental screenings and non-diagnostic observations
• Occasional online parent consultations (child participation only under supervision)

Under Schedule 1 of the Children First Act, NeuroNest is a “relevant service.”

A formal risk assessment has been carried out, including risks associated with:

• One-to-one work in therapy rooms
• Physical contact during motor, sensory, or regulation-based sessions
• Managing distressed or unsafe behaviours
• Intimate care only where unavoidable (e.g., toileting accidents for younger children)
• Students or trainees being present
• Use of children’s images or recordings for developmental, therapeutic, and educational purposes

Risk-control measures include:

• Visibility panels and open-door procedures where appropriate
• Consent for physical contact and all media use
• Behaviour-support guidelines based on safety and rights
• Garda-vetted students with direct supervision
• Safety protocols for sensory/motor interventions

The complete risk assessment is stored internally and reviewed every 2 years.

5. Roles & Responsibilities in a Small Practice

Owner / Director – Kristina Rautek Potocnik

• Holds overall legal and organisational responsibility for safeguarding.
• Ensures full implementation of this policy and the Child Safeguarding Statement.
• Oversees training, compliance, and documentation.

Designated Liaison Person (DLP) – Kristina Rautek Potocnik

• Main point of contact for any child protection or welfare concern.
• Reviews concerns and decides whether to report to Tusla and/or Gardaí.
• Maintains secure and confidential safeguarding records.

Deputy DLP – Mihaela Potocnik

• Acts when the DLP is unavailable.
• Supports safeguarding procedures and communication.
• Assists with documentation and follow-up actions.

Relevant Person (Children First Act) – Kristina Rautek Potocnik

• Contact point for Tusla or members of the public regarding the Safeguarding Statement.

Mandated Persons

Any team member meeting the Children First definition fulfils mandated duties including mandatory reporting.

All Other Staff, Contractors, Students

• Must understand and follow safeguarding procedures.
• Must report concerns immediately to the DLP or Deputy.
• Must maintain professional boundaries and uphold NeuroNest’s Code of Behaviour.

6. Code of Behaviour for Adults

All adults working on behalf of NeuroNest will:

• Treat each child and family with dignity, respect, and fairness.
• Use child-centred, supportive and regulation-based approaches.
• Use physical contact only when necessary for:

• • safety

  • therapeutic intervention

  • emotional regulation and only with developmentally appropriate awareness.

• Avoid being alone in a fully private space where avoidable.
• Never use threats, ridicule, shouting or shaming.
• Never engage in any form of inappropriate or sexualised behaviour.
• Keep communication professional—no private messaging or social media contact with children.
• Maintain healthy professional boundaries at all times.
• Report any concern immediately to the DLP.

Children are supported to express if they feel uncomfortable or unsafe, and we act on such disclosures respectfully and appropriately.

7. Procedures for Responding to Concerns

7.1 Recognising a Concern

Concerns may arise from:

• Direct observations
• Disclosures from a child or parent
• Changes in behaviour or presentation
• Information from another service

7.2 If a Child Is in Immediate Danger

• Call An Garda Síochána (999/112) immediately.
• Notify the DLP as soon as possible thereafter.

7.3 Internal Reporting

• Document concerns factually and promptly.
• Report to the DLP the same working day.
• Complete the internal Child Protection/Welfare Concern Form for secure storage.

7.4 DLP Review

The DLP (and mandated person where applicable):

• Reviews all information
• Determines if reasonable grounds exist
• Considers mandated reporting thresholds
• Consults Tusla Duty Service if necessary
• Documents the decision and rationale

7.5 Reporting to Tusla / Gardaí

When required:

• The DLP/mandated person submits a report using Tusla’s standard process.
• Parents are informed unless doing so increases risk or compromises an investigation.
• Gardaí are contacted where immediate risk is present.

7.6 Ongoing Support

NeuroNest continues to support the child appropriately while cooperating with statutory agencies.

7.7 Retrospective Disclosures

Risk to any current child is assessed, and reports made where applicable.

8. Allegations Concerning Staff, Contractors or Students

If a concern relates to anyone working for or representing NeuroNest:

• Report immediately to the DLP or Deputy DLP.
• Two parallel processes occur:

• • Child protection process (Tusla/Garda reporting)

  • HR/disciplinary process following fair procedures and employment law

• Interim protective steps (supervision, reassignment, temporary suspension) may be taken based on risk.
• Records are securely maintained.

9. Safe Recruitment, Vetting & Training

As a small practice, NeuroNest applies proportionate but robust controls:

• Safe recruitment processes (references, interviews, qualification verification).
• Garda Vetting for all roles involving children or sensitive information.
• Mandatory safeguarding induction for all staff and students.
• Additional Children First training for DLP and Deputy DLP.

10. Record-Keeping & Confidentiality

• Safeguarding records are stored securely and separately from developmental session notes.
• Information is shared internally strictly on a need-to-know basis.
• External information-sharing follows Irish law, Children First guidance, and GDPR.
• Record management complies with the NeuroNest Record Management Policy and Client Privacy Policy.

11. Implementation, Public Access & Review

• This policy and the Child Safeguarding Statement are available to parents and the public upon request.
• A summary statement is displayed on-site and/or published on the website.
• Reviewed every 2 years or sooner if legislation or service structure changes.

12. Incident & Accident Reporting Procedures

(For inclusion in the Safeguarding Policy)

NeuroNest maintains a formal Incident & Accident Report Form which must be completed for all incidents involving children (clients), staff, parents/guardians, visitors, students, or contractors—regardless of severity.

This applies to:

• Accidents
• Injuries
• Behavioural incidents
• Near misses
• Medical episodes
• Safeguarding-related concerns
• Property or equipment damage
• Any unexpected event that could pose a risk to health, safety, or welfare

The purpose of this reporting system is to ensure:

• Child protection and safeguarding compliance
• Health and safety compliance under Irish law
• Insurance requirements are fully met
• Accurate documentation for risk management
• Transparent review and continuous improvement
• Clear evidence of due diligence in the event of inspection, audit, claim, or legal process

12.1 Completion Requirements

• The staff member who witnessed the incident or responded to it must complete the form.
• Forms must be completed factually, objectively, and in full.
• The completed form must be submitted to the Owner/Director (Kristina Rautek Potocnik) or the Deputy DLP (Mihaela Potocnik) within 24 hours.
• Forms are stored securely in accordance with GDPR, Children First, and NeuroNest’s Record Management Policy.

12.2 Manager Review & Safeguarding Screening

Every completed form is formally reviewed by:

Kristina Rautek Potocnik (Owner/Director & DLP) or Mihaela Potocnik (Deputy DLP) when acting in her place.

The reviewer determines whether the incident:

• raises a child protection concern,
• requires reporting to Tusla,
• requires contacting An Garda Síochána,
• requires changes to care plans or risk management procedures, or
• requires additional staff training or environmental adjustments.

All decisions and rationales are documented.

12.3 Parent/Guardian Notification

For any incident involving a child:

• Parents/guardians are informed as soon as practicable on the same day.
• Notification may occur by phone, in person, or through another agreed communication method.
• Where a safeguarding concern exists, the timing and method of notification follow Children First Guidance.

12.4 Record Storage & Legal Compliance

Completed forms:

• Are stored securely, separate from general session notes
• Are retained for the legally required time period under GDPR and insurance guidance
• Are accessible only to authorised personnel (Owner/Director, DLP, Deputy DLP)
• May be shared with statutory agencies only where legally required

12.5 Integration with Safeguarding

Any incident involving (arising while the child is in our care, or any behaviour observed by staff that may constitute a welfare or safeguarding concern):

• injury,
• distress,
• concerning behaviour,
• disclosure,
• or any element of risk of harm

is screened for safeguarding implications.

If safeguarding thresholds are met, the standard reporting procedures (Section 7) are followed. ____________________________________________________________________________________________________________

Record Management Policy

Organisation: NeuroNest Early Intervention, Waterford, Ireland Owner / Director: Kristina Rautek Potocnik Review Cycle: Every 2 years or sooner if required.

1. Purpose

This policy sets out how NeuroNest creates, stores, secures, accesses, archives, and destroys records.

All legal obligations regarding data protection, lawful basis, retention periods, and client rights are detailed in the NeuroNest Privacy Policy for Clients’ Families. Where inconsistency arises, the Privacy Policy and Irish data protection law take precedence.

2. Scope

This policy applies to all:

• Client and family records
• Safeguarding, incident, and accident records
• Staff and HR files
• Financial and operational documents
• Any format (paper, digital, photo, audio, video)

It applies to all staff, contractors, students, and volunteers handling information on behalf of NeuroNest.

3. Roles & Responsibilities

Owner / Director – Kristina Rautek Potocnik

• Holds overall responsibility for record management.
• Ensures systems, training, and procedures remain compliant.

Practice Administrator / Data Lead (assigned internally)

• Manages day-to-day filing, archiving, and secure destruction.
• Maintains logs (access, destruction, incident).

All Staff / Contractors / Students

• Must produce accurate, timely, factual records.
• Must follow secure storage and handling procedures.
• Must report any data breach or concern immediately to the Owner/Administrator.

4. Creating & Updating Records

• Each child has a dedicated electronic and/or paper file with a unique identifier.
• Session notes are completed on the same day whenever possible.
• Records must be:

• • dated and signed/attributed

  • factual, objective, and free of speculation

  • amended only through addenda (no erasing or overwriting)

Relevant emails/messages are summarised or stored where relevant to the child’s support or to service administration.

5. Storage & Access

5.1 Paper Records

• Stored in locked cabinets/rooms inaccessible to the public.
• Removed only when needed and never left unattended.
• When transported off-site, kept in a locked bag/case.

5.2 Electronic Records

• Stored only on approved encrypted devices or secure systems.
• Devices must be password-protected with auto-lock enabled.
• Access is granted strictly on a need-to-know basis.

5.3 Communication

• Email/messaging used only in line with the Privacy Policy.
• Sensitive data shared only when necessary and securely.
• Personal social-media accounts must not be used for professional contact.

6. Retention & Archiving

Retention periods are defined in the Privacy Policy and internal retention schedule (approved by the Owner and insurer).

When a client becomes inactive, their file is archived but kept securely until the retention period expires.

Archiving must ensure:

• secure storage
• clear labelling
• easy retrieval for legal, safeguarding, or service-delivery needs (e.g., subject access requests)

7. Secure Destruction

When records reach the end of their retention period and there is no legal/insurance reason to retain them:

• Paper files are destroyed via cross-cut shredding or certified confidential-waste provider.
• Digital files are securely deleted from active systems; backup removal is attempted where technically feasible.

A destruction log records:

• file identifier
• category
• date
• method
• name of authorising and executing staff

Records linked to active complaints, legal matters, or investigations are not destroyed until fully resolved and cleared by legal/insurance advice.

8. Data Incidents & Breaches

Any loss, unauthorised access, or disclosure must be reported immediately to the Owner/Administrator.

The Owner follows the data-breach procedures in the Privacy Policy, including:

• assessing severity
• notifying the Data Protection Commission if required
• notifying affected individuals where necessary

All incidents and near-misses are logged and reviewed for service improvement.

9. Training & Audit

• Record-management practices form part of staff induction and ongoing supervision.
• Periodic spot-checks may be conducted (e.g., file quality, cabinet security, device security).
• Findings from audits or incidents inform updates to procedures.

10. Review

This policy is reviewed every 2 years, or sooner if required by:

• changes in law or guidance
• insurance requirements
• changes to NeuroNest’s services

Updated versions are communicated to all relevant staff. ____________________________________________________________________________________________________________

Health and Safety Statement

At NeuroNest, we are fully committed to providing a safe, healthy, and supportive environment for every child, family, staff member, and visitor. This Health and Safety Statement is prepared in accordance with the Safety, Health and Welfare at Work Act 2005, and outlines our legal and ethical responsibilities to identify, assess, and mitigate risks in our centre. As a therapeutic, educational, and developmental setting supporting children aged 0–12, including those with additional needs, our commitment to safety is integral to our work.

Our Commitment

We are dedicated to:

• Preventing accidents, injuries, and ill health within our centre.
• Promoting a physically, emotionally, and psychologically safe environment for all children and adults.
• Ensuring all staff are fully trained and competent in health and safety procedures, including child protection.
• Maintaining clean, hazard-free spaces that support therapeutic play and developmental interventions.
• Complying with all relevant Irish legislation in relation to health, safety, and childcare standards.

Key Safety Practices

a. Risk Assessment and Management

• All therapy rooms, sensory areas, play zones, and waiting areas are subject to regular risk assessments.
• Equipment such as swings, trampolines, balance boards, and adaptive seating is maintained in accordance with manufacturer guidelines.
• Hazardous or unsafe items (e.g., choking hazards, sharp tools) are securely stored or removed.

b. Infection Control

• Hand hygiene is rigorously followed by both staff and children.
• Shared tools and equipment are disinfected between sessions.
• Children with symptoms of illness must remain at home until symptom-free for at least 48 hours.
• COVID-19 precautions, where applicable, adhere strictly to current HSE guidance.

d. Child Protection

• All staff are Garda-vetted and trained in Children First: National Guidance for the Protection and Welfare of Children.
• A Designated Liaison Person (DLP) is appointed to handle any child protection concerns.
• Behaviour is managed using positive, proactive strategies; physical punishment is never used.

e. Staff Safety

• Staff receive manual handling training where necessary.
• All team members are encouraged to promptly report hazards, concerns, or incidents.
• Lone working procedures are implemented where applicable.

Insurance and Incident Reporting

NeuroNest holds full Public Liability and Employer’s Liability Insurance through Britton Insurance.

All incidents, regardless of severity, are recorded in our Incident Log Book and reviewed monthly as part of our commitment to continuous improvement.

Monitoring and Review

This Health and Safety Statement is reviewed annually, or earlier if there are significant changes in services, staffing, or premises. We welcome feedback from staff and parents to ensure we maintain the highest standards of care and safety.

Kristina Rautek Potocnik Owner / Director NeuroNest Early Intervention