Blue Butterfly Montessori
- Blue Butterfly Montessori, Pinner (“the Nursery”) is a leading private day nursery and member of the National Day Nursery Association (NDNA). The Nursery opened in January 2012 and provides care and education for children aged three months to five years old. Situated in the heart of Pinner in North West London,the Nursery incorporates the values and teaching methods of Dr Maria Montessori. A broad curriculum is offered aimed at the development of the whole child; mind,body, heart and soul, teaching social as well as academic skills to provide a lasting foundation in preparation for primary school. The nursery is registered with Ofsted.
- The Nursery is the Data Controller for the purposes of the relevant legislation (“Data Protection Law”), which includes both the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018, as well as potentially other relevant supporting legislation.
- The Nursery is registered with the Information Commissioner’s Office (ICO).
What This Privacy Notice is For
- This policy is intended to provide information about how the Nursery will use (or “process”) personal data about individuals including: its current, past and prospective staff; its current, past and prospective pupils; and their parents, carers or guardians (referred to in this policy as “parents”).
- This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff and parents are all encouraged to read this Privacy Notice and understand the Nursery’s obligations to the entire community at large.
- This Privacy Notice applies alongside any other information the Nursery may provide about a particular use of personal data, for example when collecting data via an online or paper form.
- This Privacy Notice also applies in addition to the School’s other relevant terms and conditions and policies, including:
- any contract between the School and its staff or the parents of pupils;
- the Nursery’s policy on taking, storing and using images of children;
- the Nursery’s CCTV policy;
- the Nursery’s retention of records policy;
- the Nursery’s safeguarding, pastoral, or health and safety policies, including as to how concerns or incidents are recorded; and
- theNursery’s IT Acceptable Use policy.
- Anyone who works for, or acts on behalf of, the Nursery (including staff, volunteers, managers, directors and service providers) should also be aware of and comply with this Privacy Notice, the Nursery’s Data Protection Policy and the EmployeePrivacy Notice for staff, which also provides further information about how personal data about those individuals will be used.
Responsibility for Data Protection
- The Nursery has appointed Mrs Carina Uppal as the Data Protection Officer who will deal with all requests and enquiries concerning the Nursery’s uses of personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
- The Data Protection Officer can be contacted by e-mail: firstname.lastname@example.org or via the Nursery telephone number on 0208-429-9446.
Types of Personal Data Processed by the Nursery
- This will include by way of example:
- children’s personal information such as name, gender, dates of birth, home address.
- parent’s personal information, home address, telephone numbers, e-mail addresses and other relevant contact details such as employment and next of kin. Parents bank details for direct debit fee collection. National Insurance numbers for local authority grant funding.
- characteristics (such as ethnicity, language, nationality, country of birth, early years pupil premium eligibility)
- registers and attendance information, (such as sessions attended, number of absences and absence reasons)
- observations and assessment information and tracking of progress (samples of work, photographs, video clips, learning journals, Two Year Old Progress Check, EYFS profile reportsetc)
- where appropriate; medical information & conditions when relevant to attendance ie allergies, special dietry requirements, accident reports, medication dispensation etc. referrals to specialist services and agencies.
- information on special educational and developmental needs and disabilities (including if accessing Disability Living allowance and Disability Access Fund)
- safeguarding and child protection concerns –including records of all welfare and protection concerns and our resulting actions, meetings and telephone conversations about the child and any information regarding a Looked After Child.
- Early Support and SEN (special educational needs) –including any focussed intervention provided by our setting, a record of the child’s IEP and where relevant, their Statement of Special Educational Need.
- reports given or received by the Nursery about children, and relevant information provided by previous educational establishments and/or other professionals or organisations working with children;
- correspondence with and concerning staff, children and parents past and present; and
- images of children (and occasionally other individuals, usually staff or parents) engaging in nursery activities, and images captured by the Nursery’s CCTV system (in accordance with the Nursery’s policy on taking, storing and using images of children);
- Special Category Personal Data held include racial origin/ethnicity, religious beliefs and where relevant, physical or mental health, adoption records, social services, safeguarding children and safeguarding adults (usually parent(s) or guardians).
Why the NurseryCollectsand Processes Personal Data
- We use children’s and parent’s data to;
- support their learning and development, to enable staff to plan suitable activities to extend their knowledge and skills.
- to ensure that all children are safe within our childcare provision
- monitor and report on their progress
- provide appropriate behavioural and emotional support as required
- assess the quality of our services as a childcare provider
- comply with the law regarding data sharing (GDPR)
- meet the requirements of the Early Years Foundation Stage (EYFS)
- make claims for funding
- Some activities the Nursery will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, or parents of children in their care.
- We collect and use children’s information under the following lawful bases:
Contract: the processing is necessary for a contract we have with you, the parents/guardian of the child to provide childcare and the contract we have with the local authority to provide funded childcare to eligible families.
Legal Obligation: the processing is necessary for us to comply with the law (EYFS 2012))
- In addition, the Nursery will on occasion need to process special category personal data (concerning health, ethnicity, religion, biometrics or sexual life) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:
- To safeguard children’s’ welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding, and cooperation with police or social services, for insurance purposes or to caterers or organisers of School trips who need to be made aware of dietary or medical needs;
- To provide educational services in the context of any special educational needs of a child;
- In connection with employment of its staff, for example DBS checks, welfare, union membership or pension plans;
- As part of any Nursery or external complaints, disciplinary or investigation process that involves such data, for example if there are SEN, health or safeguarding elements; or
- For legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with its legal obligations and duties of care.
- Generally, the Nursery receives personal data from the individual directly (in the case of young children, from their parents directly). This may be via a form, or simply in the ordinary course of interaction or communication (such as email or written assessments).
- The EYFS (Early Years Foundation Stage) (Welfare Requirements) regulations 2012 place a legal obligation upon us to collect and process much of the information detailed above. Therefore we do not require your consent to collect this information as we have a fair and lawful reason for doing so.
- While the majority of children’s information you provide is mandatory, some may be provided to us on a voluntary basis. In order to comply with GDPR, we will inform you whether you are required to provide certain information to us or if you have a choice to withhold.
- In some cases personal data will be supplied by third parties (for example another Nursery, or other professionals or authorities working with that individual); or collected from publicly available resources.
- We ensure that access to children’s files is restricted to those authorised to see them as the manager, deputy manager, and designated person for child protection, the child’s keyperson or the nursery senco. These confidential records are stored securely within the nursery and will only be accessible by staff who are authorised to do so.
- The Nursery operates in a private, purpose built, self-contained premisis and facilities are not shared with other organisations. The building is locked and alarmed after each working day.
- The Nursery uses specialist Nursery Management Software to manage day to day operations. This data is held on a secure encrypted network.
- The Nursery will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and pupil personnel files is up to 6 years following departure from the Nursery. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements.
- Registration Forms filled in by Waiting List parents: In the instance that a place is not offered or is withdrawn, paper registration forms are destroyed (shredded) by the nursery within 12 months of the form being received. The Data on Registration Forms is not held in electronic format.
- A more detailed Document Retention Policy is available from the Nursery Manager or Data Protection Officer for all the various different types of child data held.
Who the Nursery Shares Data With
- The information that you provide to us, whether mandatory or voluntary will be regarded as confidential. We do not share information about your child with anyone without consent unless the law and our policies allow us to do so.
- We share children’s data with the Dfe on a statutory basis. We are required to submit data to our local authority (Harrow Council) for them to submit as part of the early years census and to access childcare funding.
- To be granted access to children’s information, organisations must comply with strict terms and conditions covering the confidentiality and handling of data, use, security arrangements and retention of data.
- We routinely share children’s information with:
- Schools that the child attends after leaving our provision
- Other local Childcare Providers (leaving to or from)
- Our Local Authority, Harrow Council (for funding claims and the early years census
- The DfE (annual early years census)
- Special Education Needs (SEN) Co-Ordinators
- NHS Services (health visitors, speech and language therapists etc)
- We are obliged to share confidential information with the relevant authority(s) without authorisation from the individual(s) who provided it, or to whom it relates, when:
- There is evidence that a child is suffering, or is at risk of suffering significant harm
- There is reasonable cause to believe that a child may be suffering, or is at risk of suffering significant harm
- It is to prevent significant harm arising to children, young people or adults, including the detection of serious crime
- For the most part, personal data collected by the Nursery will remain within the Nursery, and will be processed by appropriate individuals only in accordance with access protocols. Particularly strict rules of access apply in the context of:
- medical records held and accessed only by appropriate staff under their supervision, or otherwise in accordance with express consent; and
- pastoral or safeguarding files.
- However, a certain amount of any SEN child’s relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the child requires.
- Further information regarding information sharing and confidentiality can be found in our Data Protection Policy and other related nursery policies.
Requesting Access to Your Data
- Under Data Protection legislation, parents have the right to request access to the information about them and their child that we hold.
- Children’s developmental records are shared regularly with parents/guardians and formal requests to access these is not required.
- To make a request for your personal data, or to be given access to your child’s early years record contact our Data Protection Officer,Mrs Carina Uppal by e-mail: email@example.com or via the Nursery telephone number on 0208-429-9446
- The Nursery will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
- You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Withdraw consent where given
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, bblocked, erased or destroyed.
- Claim compensation for damages caused by a breach of Data Protection Regulations.
- The Nursery will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals should notify the manager in writing or by e-mail firstname.lastname@example.org any significant changes to important information, such as contact details, held about them.
- An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected
- The Nursery will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to school systems. All staff and management will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
For Prospective Applicants Seeking Employment at the Nursery
As part of any recruitment process, the Nursery collects and processes personal data relating to job applicants. TheNursery is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the company collect?
The Nursery collects a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number
- details of your qualifications, skills, experience and employment history
- information about your current level of remuneration, including benefit entitlements
- whether or not you have a disability for which the company needs to make reasonable adjustments during the recruitment process, and
- information about your entitlement to work in the UK.
The Nursery may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
The Nursery may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The Nursery will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
Why does the Nursery process personal data?
The Nursery needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.
In some cases, the Nursery needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
The Nursery has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the company to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Nursery may also need to process data from job applicants to respond to and defend against legal claims.
The Nursery may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The Nursery processes such information to carry out its obligations and exercise specific rights in relation to employment.
For some roles, the Nursery is obliged to seek information about criminal convictions and offences. Where the Nursery seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
The Nursery will not use your data for any purpose other than the recruitment exercise for which you have applied.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area for which you may be considered and IT staff if access to the data is necessary for the performance of their roles.
The Nursery will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The Nursery will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
Sharing your personal data
Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests. If an applicant’s application for employment is successful, further details are made available in our Nursery Employee Privacy Notice.
We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
The Nursery will not transfer your data outside the European Economic Area.
How does the Nursery protect data?
The Nursery takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
For how long does the Nursery keep data?
If your application for employment is unsuccessful, the Nursery will hold your data on file for 6 months after the end of the relevant recruitment process. At the end of that period, your data is deleted or destroyed.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request
- require the company to change incorrect or incomplete data
- require the company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing, and
- object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact the Data Protection Officer, Carina Uppal at the Nursery address, by emailing at email@example.com or telephoning on 0208-429-9446.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the company during the recruitment process. However, if you do not provide the information, the company may not be able to process your application properly or at all.
Recruitment processes are not based solely on automated decision-making.
- The Nursery will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.
Queries and Complaints
- Any comments or queries on this policy should be directed to the Data Protection Officer named above.
- If an individual believes that the Nursery has not complied with this policy or acted otherwise than in accordance with Data Protection Law, or there has been a breach of their data, they should utilise the nursery complaints procedure and should also notify the Data Protection Officer. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the Nursery before involving the regulator.
- Further information is available from the ICO at https://ico.org.uk
|Date||18 May 2018|
|Effective date of the policy||5 May 2018|
|Date of Next Review||July 2019|
|Status||Complies with the Data Protection Act 2018 and General Data Protection Regulation (EU 2016/679)|