Privacy notice

2. Contact Details

Data Controller:

New Beginnings Nurseries Ltd

We have appointed a Data Privacy Coordinator  Mrs J Wilkinson who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Coordinator.

Email: info@newbeginningsdaynursery.co.uk

Telephone: 01708 748447

Postal Address:

New Beginnings Nursery (Romford Branch)

50 Main Road

Romford

Essex

RM1 3DB

3. The Personal Data We Collect

Prospective parents/carers

• Name, email address, telephone number
• Child’s name and age
• Information provided in enquiries

Children (once registered)

• Personal details (name, DOB, address)
• Characteristics (ethnicity, language, nationality)
• Attendance data
• Assessment and developmental records
• Medical and dietary information
• Safeguarding or welfare-related information
• SEN information
• Accident/incident records
• Funding details and identification documents (e.g., birth certificate)

Parents/carers

• Personal details (name, address, relationship to child)
• Emergency contacts
• Identity verification where required
• Communication records
• CCTV images (where applicable)

Employees

• Contact details
• Employment history, references and right-to-work documents
• National Insurance, payroll and tax details
• Contracts, training records, attendance records
• Performance, disciplinary and grievance information
• Health information (where relevant)
• Accident/incident reports
• Use of IT systems and security logs
• Special category data (higher protection)

Health (children and employees)

• Ethnic origin
• Religion/beliefs (e.g., dietary needs)
• Safeguarding information (We only collect this where strictly necessary)

4. How We Collect Personal Data

Website enquiry forms

Registration forms

Email and telephone communications

Third-party nursery systems (e.g., Parenta, Famly, ParentMail,Funding Loop)

CCTV cameras at some sites

Employee recruitment and HR systems

5. What We Use Personal Data For

Children’s data

Providing high-quality care and education

Monitoring and supporting development

Meeting health, dietary, and safeguarding needs

Maintaining attendance, funding and statutory records

Assessing the quality of our services

Complying with legal and regulatory obligations (e.g., Ofsted, local authority)

Parents/carers’ data

Communication about their child

Emergency contact and collection arrangements

Funding administration

Invoicing and account management

Safeguarding and legal compliance

Employees’ data

Recruitment and onboarding

Contract administration

Payroll, pensions, and HR management

Training and development

Meeting legal obligations (e.g., HMRC)

Safeguarding and health and safety

Managing performance

6. Lawful Bases for Processing

We process personal data under one or more of the following:

• Consent – e.g., optional photographs; website enquiries
• Contract – to deliver nursery services or employment obligations
• Legal obligation – safeguarding, HMRC, Ofsted, health and safety, funding
• Vital interests – emergency medical situations
• Public task – delivering early years education
• Legitimate interests – managing nursery operations (balanced against your rights)
• Special category data is processed under:

Explicit consent

• Employment law obligations
• Health and social care purposes
• Safeguarding obligations

7. Sharing Personal Data

We only share personal information when necessary and with appropriate safeguards.

Internal

New Beginnings Nurseries Ltd management and internal teams

External third parties

• Local authorities (e.g., funding, safeguarding)
• Ofsted and regulatory bodies
• Schools and transition partners
• IT and system providers (e.g., Parenta, Famly, ParentMail)
• Funding platforms (e.g., FundingLoop)
• Professional advisers (legal, HR, insurance, auditors)
• Payment and voucher providers
• HMRC and other authorities

We ensure all third-party processors comply with UK GDPR.

8. International Transfers

Some third-party systems may store data outside the UK.Where this happens, we ensure appropriate safeguards, such as:

• UK International Data Transfer Addendum (IDTA)
• Standard Contractual Clauses (SCCs)
• Adequacy decisions (where applicable)
• Example: FundingLoop stores data in the USA with approved safeguards.

9. CCTV

Where CCTV is used:

• Signs are displayed
• Images are kept securely and for the minimum necessary time
• Images may be shared only for crime prevention, safeguarding or lawful requests

You may request access to images of yourselfWe comply with ICO CCTV Code of Practice.

10. Data Security

We use administrative, technical, and physical measures including:

• Restricted building access
• Secure IT systems with access controls
• Encryption and anonymisation
• Staff training
• Incident and breach procedures

11. Data Retention

We only keep data as long as necessary.

Examples:

• Prospective parent enquiries: up to 36 months
• Child records: 6 years after leaving, or longer where legally required
• Accident records: as required by law
• Employee records: 6 years after employment ends
• Where multiple laws apply, the longest retention period is used.

12. Your Rights

You have the right to request:

• Access to your data
• Correction
• Erasure (where applicable)
• Restriction
• Objection to processing
• Data portability
• Withdrawal of consent

A complaint to the Data Controller

We respond within one month. Additional identity checks may be required.

ICO website: www.ico.org.uk/make-a-complaint