St Andrew’s Montessori Privacy Policy

Your privacy is important to St Andrew’s Montessori, so we have developed several privacy notices which cover how we collect, use, process, transfer and store your personal information. All your personal information shall be held and used in accordance with The General Data Protection Regulation (2018).

St Andrew’s Montessori is the data controller of your Information is required to collect and process data for several purposes concerning its staff, contractors, parents, children, and any other individual who meets the company. In gathering and using this data St Andrew’s Montessori is committed to protecting all individual’s rights of freedom and privacy.

The policies below are intended to inform you how we gather, define, and utilise your personal information such as name, address, credit/debit card number/bank details, email address and mobile phone number.

Privacy Policy for website users

What personal data we collect about you as a visitor to our website:

When you visit our website we do not collect or register any information about you or your child/ren.  We only collect your name and email address if you request a prospectus or application form.  This gets sent to Management and forms sent to you. Your email address will not be used for further marketing purposes.

The website is encrypted and all information is accessed through a secure connection (SSL). The SSL Certificate is issued by Let’s Encrypt Authority X3 and uses a 2048 bit key.

The website does not use Third-party Cookies. This means that the site does not track / share the users information and / or share it with any marketing companies, or anyone else for that fact.

Each staff member has their own gmail email accounts which is only used for school correspondence. Once someone sends an email to info@saintandrewsmontessori.com then this email is immediately sent through to Management and there is nothing stored on the site server otherwise.

Privacy Notice for Parents

St Andrew’s Montessori is the data controller for any personal information you provide to us regarding you or your child. This means we decide how your personal data is processed and for what purpose.

St Andrew’s Montessori is required to collect and process data for several purposes concerning its staff, contractors, parents, children and any other individual who meets the company.

In gathering and using this data St Andrew’s Montessori is committed to protecting all individual’s rights of freedom and privacy and meeting the requirements of the General Data Protection Regulation 2018 (GDPR).

What personal data we collect about you and your child:

St Andrew’s Montessori contractual responsibilities include but are not limited to the collection of the following personal data:

  • Personal details (name, date of birth, gender)
  • Attendance information (start date, hours in nursery)
  • Medical and health information
  • Personal characteristics
  • Dietary requirements and preferences (allergies on intolerances, food likes/dislikes)
  • Special Educational Needs information
  • Development records

The information we hold about you as a parent or guardian include:

  • Personal details (name, date of birth, national insurance number)
  • Contact details (address, phone number, email address)
  • Bank details (name of bank, account number and sort code)

We do hold some special category data about you and your child regarding race, ethnic origin, religion and health information. The special category data is only collected as required by the Local Authority or other public bodies for legal and contractual purposes. We comply fully with the requirements of GDPR in relation to special category data and are aware of the sensitive nature of the information.

It is the duty of you, the Data Subject to let us know of any personal data that has changed or is incorrect.

How we process your personal data:

St Andrew’s Montessori complies with its obligations under the GDPR by keeping personal data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. All the data we process, we do so to fulfil the contract we have with you.

St Andrew’s Montessori hold and processes your data to be able to:

  • Provide the appropriate care for your child
  • Support your child’s learning
  • Monitor and report on your child’s progress
  • Ensure the right first aid and medications are provided to your child in cases where they become ill or have an accident in our care

There is certain data we hold about you as a parent or guardian to be able to successfully carry out the contract. The information we hold about you includes your name and address, contact details, bank details and signatures. We hold this personal data and use it to:

  • Be able to contact you in case there is an emergency regarding your child
  • Be able to take payment for the childcare we are providing your child
  • To provide proof of consent of your agreement to our contract terms and conditions

Whilst much of the data you provide to us is mandatory to carry out the contract you hold with us, some of it is provided on a voluntary basis. To comply with the GDPR we will inform you at the time of collection whether the information you are asked to provide is mandatory. Where personal data is not required for legal or contractual reasons, we will give you the opportunity provide your consent for us to use your data for that purpose.

It is necessary to process this data to be able carry out the requirements of the contract. Without this data we will not be able to fulfil your contract and thus not be able to keep your child in our care.

The health and medical data you provide to us regarding your child is legally required and is vital to keep your child safe whilst in our care.

Data regarding your child’s ethnicity, race and religion is only processed under the requirements of Local Authorities and public bodies and upholding St Andrew’s Montessori equal opportunities policy and ensuring we are meeting the Equality Act 2010.

Some data will only be processed if explicit consent is given. This can include the ability to take photographs of your child and using your details for direct marketing. Where this is the case we will ask for your consent at the time we collect your data.

Who collects this data:

St Andrew’s Montessori collects most of its data directly from the individual themselves. Additional data is collected on an ad-hoc basis as required.

 

Storage of data

All your data is either kept in our software systems or in paper format. Data relating to you and your child will be kept at St Andrew’s Montessori your child attends as well as at our supporting office locations.

Personal data held within a software system will be securely protected with individual logins, which will only be given to those who need to access the data.

All data stored in paper format will be kept in a safe location where only those who are authorised to access it, can. This may include being locked away in a filing cabinet.

Who and why we share this data

We are legally obliged to pass some of your details on to third parties for legal reasons such as public bodies. This includes Local Authorities, Ofsted, NHS, Police and enforcing agencies. We will not give information about you or your child to anyone outside of the company without your explicit consent unless the law or our terms and conditions allow us to.

We may share your child’s progress data with schools as they transfer from nursery, however this will only be done with the explicit consent from you as a parent or guardian.

Data retention periods

St Andrew’s Montessori is committed to ensuring we do not hold personal data for any longer than necessary.

Data which we hold under contract is subject to specified retention periods. These are as follows:

  • Parent and child personal data – Until the child is 21 years old
  • Safeguarding information – Until the child is 21 years old
  • Medical and health data – Until the child is 21 years old
  • Accident data – Until the child is 21 years old
  • Child learning progress – Given to the parent when the child leaves the nursery, if not collected by the parent or guardian this will kept until the child is 21.

Once the data has been used for its original purpose and the retention period has expired, we will appropriately dispose of the data.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Privacy Notice, we will provide you with a new notice explaining this new purpose. Where and whenever necessary, we will seek your consent to the new processing.

Your data subject rights

Under GDPR you have the right to request access to any of the data held by St Andrew’s Montessori about you and your child. If you wish to make a subject access request, please contact the Data Protection Officer (DPO).

If you feel St Andrew’s Montessori has not handled your or your Child’s personal details adequately or you are unhappy with how your data request has been dealt with contact the Data Protection Officer (DPO).

Recruitment

If you are successful and are offered a position to work for St Andrew’s Montessori we will hold your data under contract. Further information on what information we hold on employees, how we store it and how we process this data can be found on the Privacy Notice for Employees below.

If you are unsuccessful we will dispose of any personal data, you have supplied us immediately unless you have given explicit consent for us to keep this information.

Privacy Notice for Employees

St Andrew’s Montessori is the data controller for any personal information you provide to us regarding sensitive nature of the information. We only use this information for equal opportunity research and feedback.

It is the duty of the data subject to let us know of any personal data that has changed so we can update our records and ensure the data we hold on you is accurate.

How we process your personal data

St Andrew’s Montessori complies with its obligations under the GDPR by keeping personal data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. All the data we process from employees, we do so to fulfil the contract.

St Andrew’s Montessori hold and processes your data to be able to:

  • Enable individuals to get paid
  • Contact employees when necessary

The lawful basis in which we process this data

St Andrew’s Montessori collects and process all the information you provide to us about yourself as an employee under the contractual lawful process. It is necessary to process this data to be able carry out the requirements of the contract. Without this data we will not be able to fulfil the contract and thus not be able to employ you as a member of staff here at St Andrew’s Montessori.

The health and medical data you provide to us is legally required and is vital to keep you safe whilst you are employed with us. It is also under your contract that you supply sick notes to us as evidence of proof of illness and ensure you are paid for these days.

Data regarding your ethnicity, race and religion is only processed for monitoring and upholding St Andrew’s Montessori equal opportunities policy and ensuring we are meeting the Equality Act 2010.

Who collects this data

St Andrew’s Montessori collects most of its data directly from the individual themselves. The information we collect about you will be obtained from the CV you give us during the recruitment process or new starter pack you fill out when you first become employed with St Andrew’s Montessori. Additional data is collected on an ad-hoc basis as required.

Storage of data

All your data is either kept in our software systems or in paper format. Employees’ data may be held within the department your work for. All head office staff and nursery manager data is held within the main office and all bank details are held in payroll. Personal data held within software systems will be securely protected with individual logins, which will only be given to those who need to access the data.

All data stored in paper format will be kept in a safe environment where only those who need it can access it. This may include being locked away in a filing cabinet.

Who and why we share this data

We are legally obliged to pass some of your details on to third parties such as public bodies or civil services. These may include, the police, the courts, HMRC, accountants and pension providers. We limit the sharing of data to third parties as far as practicable and only share data where it is necessary for legal reasons or for the processing of the contract.

Data retention periods

St Andrew’s Montessori is committed to ensuring we do not hold personal data for no longer than necessary.

We are required by law to hold some of the personal data you provide us for certain periods of time. Medical, health and accident data will not be destroyed and both financial and personal data we will hold for 6 years after you have left the company, after this period your data will be appropriately disposed of.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, we will provide you with a new notice explaining this new purpose. Where and whenever necessary, we will seek your consent to the new processing.

Your data subject rights

Under GDPR you as an employee have the right to request access to any of the data held by St Andrew’s Montessori. If you wish to make a subject access request, please contact the Data Protection Officer (DPO).

If you feel St Andrew’s Montessori has not handled your personal details adequately or you are unhappy with how your data request has been dealt with contact the Data Protection Officer (DPO).

Consent

St Andrew’s Montessori is committed to ensuring where consent is required, it is freely given, specific and unambiguous. Where consent is required for additional processing, data subjects are given the opportunity to freely give their consent to us processing that data for the specified purpose.

Additional consent forms will be distributed to gather additional permission.