Swallow’s Nest Privacy Notice

Swallow Nest Preschool Privacy Notice

General Data Protection Regulation (GDPR) and Data Protection Act 2018

We, the Parochial Church Council of St George’s Church, Swallowbeck are the data controller for Swallows Nest Preschool for the purposes of GDPR and the Data Protection Act. The categories of pupil information that we process include:
  • personal identifiers and contacts (such as name, contact details and address)
  • characteristics (such as ethnicity, language,)
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs
  • medical and administration (such as doctors’ information, child health, dental health, allergies,
  • medication and dietary requirements)
  • attendance (such as sessions attended, number of absences, absence reasons and any previous
  • Nurseries/preschools attended)
We rely on legitimate interests, contract, legal obligation or consent as appropriate as the lawful basis on which we collect and use your personal data. Occasionally we may rely on vital interests if a child’s health and safety is involved. Our legitimate interests are set out below.We collect information from you on registration forms and hold this personal data to use it to:
  • Support your child’s teaching and learning;
  • Monitor and report on their progress;
  • Provide appropriate pastoral care
  • Assess how well our Preschool is doing
  • To keep children safe (food allergies, emergency contact details etc) to meet any statutory duties placed upon us for DfE data collections
Information will be shared with the Lincolnshire County Council in order to arrange funding for the placements of children.

Any information is shared via the secure site established by Lincolnshire County Council.

We will not give information about you to anyone outside the Preschool without your consent unless the law and our rules allow us to.

We are required by law to pass some information about you to the Local Authority and the Department for Education (DfE).

We will hold personal information no longer than necessary and then will securely destroy it when no longer required.

If you want to see a copy of the information about you that we hold and/or share, please contact the Joint Managers of the Preschool.

The DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the GDPR and the Data Protection Act 2018.

Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to pupil level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.

For more information on how this sharing process works, please visit: https://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract

For information on which third party organisations (and for which project) pupil level data has been provided to, please visit: https://www.gov.uk/government/publications/national-pupil-database-requests-received

For further information about how our data is stored and transmitted, please ask the Joint Managers.

Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:
  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
  • require us to correct any mistakes in your information which we hold; require the erasure of personal information concerning you in certain situations;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and
  • have the right to transmit those data to a third party in certain situations; object at any time to processing of personal information concerning you for direct marketing;
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
  • object in certain other situations to our continued processing of your personal information;
  • otherwise restrict our processing of your personal information in certain circumstances;
  • claim compensation for damages caused by our breach of any data protection laws.
If you would like to exercise any of those rights, please:
  • contact the Joint Managers;
  • let us have enough information to identify you;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR also gives you right to lodge a complaint with a supervisory authority, The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.