This Policy applies as between you, the User of this Web Site and Hove Village Ltd. the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
- Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|“Account”||means collectively the personal information, Payment Information and credentials used by Users to access Material and / or any communications System on the Web Site;|
|“Content”||means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Web Site;|
|“Cookie”||means a small text file placed on your computer by Hove Village Day Nursery Ltd when you visit certain parts of this Web Site. This allows us to identify recurring visitors and to analyse their browsing habits within the Web Site. Where e-commerce facilities are provided, Cookies may be used to store your website preferences. Further details are contained in Clause 10;|
|“Data”||means collectively all information that you submit to the Web Site. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;|
|“Hove Village”||means Hove Village Day Nursery Ltd, 85 Church Road, Hove, East Sussex, BN3 2BB UK;|
|“Service”||means collectively any online facilities, tools, services or information that Hove Village Day Nursery Ltd makes available through the Web Site either now or in the future;|
|“System”||means any online communications infrastructure that Hove Village Day Nursery Ltd makes available through the Web Site either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;|
|“User” / “Users”||means any third party that accesses the Web Site and is not employed by Hove Village Day Nursery Ltd and acting in the course of their employment; and|
|“Web Site”||means the website that you are currently using (www.hovevillage.com) and any sub-domains of this site (e.g. subdomain.hovevillage.com) unless expressly excluded by their own terms and conditions.|
- Data Collected
Without limitation, any of the following Data may be collected:
- date of birth;
- job title;
- contact information such as email addresses and telephone numbers;
- demographic information such as post code, preferences and interests;
- financial information such as credit / debit card numbers;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- a list of URLS starting with a referring site, your activity on this Web Site, and the site you exit to (automatically collected); and
- Cookie information (see clause 10 below).
- Our Use of Data
- Any personal Data you submit will be retained by Hove Village Ltd for as long as you use the Services and Systems provided on the Web Site. Data that you may submit through any communications System that we may provide may be retained for a longer period, as governed by English law.
- Unless we are obliged or permitted by law to do so, and subject to Clause 4, your Data will not be disclosed to third parties. This includes our affiliates and / or other companies within our group.
- All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security, see clause 9 below.
- Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site. Specifically, Data may be used by us for the following reasons:
- internal record keeping;
- improvement of our products / services;
- transmission by email of promotional materials that may be of interest to you;
- contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Web Site.
- Third Party Web Sites and Services
Hove Village may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased items, search engine facilities, advertising and marketing. The providers of such services do have access to certain personal Data provided by Users of this Web Site. Any Data used by such parties is used only to the extent required by them to perform the services that Hove Village requests. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Act 1998.
- Changes of Business Ownership and Control
- Hove Village may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
- In the event that any Data submitted by Users will be transferred in such a manner, you will be contacted and informed of the changes.
- Controlling Access to your Data
- Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
- use of Data for direct marketing purposes; and
- sharing Data with third parties.
- Your Right to Withhold Information
- You may access certain areas of the Web Site without providing any Data at all. However, to use all Services and Systems available on the Web Site you may be required to submit Account information or other Data.
- Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
- Accessing your own Data
- You may access your Account at any time to view or amend the Data. You may need to modify or update your Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and you may change this at any time.
- You have the right to ask for a copy of your personal Data on payment of a small fee.
- Data security is of great importance to Hove Village Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online.
- Hove Village may set and access Cookies on your computer. Cookies that may be placed on your computer are detailed in Schedule 1 to this Policy.
- A Cookie is a small file that resides on your computer’s hard drive and often contains an anonymous unique identifier and is accessible only by the web site that placed it there, not any other sites.
- You may delete Cookies, however you may lose any information that enables you to access the Web Site more quickly.
- Changes to this Policy
GDPR – Policy and Procedure
The Data Processing Act 2003 was introduced primarily to protect everyone’s right to privacy in respect of the processing of computerised and manual personal sensitive data.
The Act applied to personal and sensitive data in computerised, manual or any other format so long as the data is in a system that allows the information to be readily accessible. The act covers all aspects of processing data from its collection, holding, access, use and disclosure to its destruction.
Hove Village is required to keep and process certain information about its staff and families that attend the setting in accordance with its legal obligations under the new 2018 General Data Protection Regulation (GDPR).
Hove Village Day Nursery may, from time to time, be required to share personal information about its staff or families that attend the setting with other organisations, mainly the Local Authority, Health Services, Children’s Services and other third parties such as HMRC.
In accordance with the requirements outlined in the GDPR, personal data will be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes.
- Accurate and, where necessary, kept up-to-date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer period, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
CCTV and Photography
Hove Village understands that recording images of identifiable individuals constitutes processing personal information, so it is done in line with data protection principles. Cameras are only placed where they do not intrude on anyone’s privacy and are necessary to fulfil their purpose. All CCTV footage will be kept for no less than 10 days for security purposes and are kept secure but still allowing access. If the Nursery wishes to use images/video footage of children in a publication, written consent will be sought from the parent(s).
Disclosure and Barring Service (DBS) Data
All data provided by the DBS will be handled in line with data protection legislation; this includes electronic communication. Data provided by the DBS will never be duplicated. Any third parties who access DBS information will be made aware of the data protection legislation, as well as their responsibilities as a data handler.
Hove Village will ensure that data is kept securely at all times by doing the following:
- Confidential paper records will be kept in a locked filing cabinet, drawer or safe, with restricted access.
- Confidential paper records will not be left unattended or in clear view anywhere with general access.
- Digital data both on a local hard drive and on the Nursery’s server is password protected. The network drive is backed up daily off-site.
- Access to the Nursery’s Management System, is password protected and access to sensitive and confidential data on the Nursery Management System is restricted to only those members of staff who require the information to perform their duties effectively.
- All electronic devices are password protected to protect the information on the device in case of theft. Electronic devices are kept securely when not in use, e.g. in a locked cabinet.
- Devices holding photographs will be regularly wiped to delete all images. Memory cards will be kept in a locked cabinet when not in use and will be wiped regularly.
- Staff will not use their personal laptops or computers.
- All necessary members of staff are provided with their own secure login and password, and every computer regularly prompts users to change their password.
- Staff must not use personal email addresses for sharing or viewing any Nursery data.
- Emails containing sensitive or confidential information are password protected if there are unsecure servers between the sender and the recipient.
- Circular emails to parents are sent blind carbon copy (BCC), so email addresses are not disclosed to other recipients.
- Where personal information that could be considered private or confidential is taken off the premises, either in electronic or paper format, staff will take extra care to follow the same procedures for security, e.g. keeping devices or paperwork under lock and key.
Before sharing data, all staff members will ensure they are allowed to share it and that adequate security is in place to protect it.
They must ensure that persons or organisations who will receive the data have been outlined in a Privacy Notice and that they have confirmed in writing that they comply with the GDPR and any other relevant data protection legislation. Under no circumstances are volunteers, visitors or unauthorised third parties allowed access to confidential or personal information. Those visiting areas of the Nursery containing sensitive information are supervised at all times.
The legal basis for processing data will be identified and documented prior to data being processed. Under the GDPR, data will be lawfully processed under the following conditions:
- Consent must be a positive indication. It cannot be inferred from silence, inactivity or pre-ticked boxes.
- Consent will only be accepted where it is freely given, specific, informed and an unambiguous indication of the individual’s wishes.
- Consent can be withdrawn by the individual at any time.
- Where a child is under the age of 16, or younger if the law provides it (up to the age of 13), the consent of parents will be sought prior to the processing of their data, except where the processing is related to preventative or counselling services offered directly to a child.
- Where consent is given, a record will be kept documenting how and when consent was given.
The Right of Access
Hove Village will verify the identity of the person making the request before any information is supplied. A copy of the information will be supplied to the individual free of charge; however, Hove Village may impose a ‘reasonable fee’ to comply with requests for further copies of the same information. Where a request is manifestly unfounded, excessive or repetitive, a reasonable fee will be charged.
All requests will be responded to without delay and, at the latest, within one month of receipt.
Where a request is excessive, Hove Village holds the right to refuse to respond to the request. The individual will be informed of this decision and the reasoning behind it.
The Right to Erasure
Individuals hold the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Individuals have the right to erasure in the following circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws their consent.
- The personal data was unlawfully processed.
- The personal data is required to be erased in order to comply with a legal obligation.
Hove Village has the right to refuse a request for erasure where the personal data is being processed for the following reasons:
- To exercise the right of freedom of expression and information.
- The exercise or defence of legal claims. As a child may not fully understand the risks involved in the processing of data when consent is obtained, special attention will be given to existing situations where a child has given consent to processing and they later request erasure of data, regardless of age at the time of the request.
Where personal data has been disclosed to third parties, they will be informed about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.
The term ‘personal data breach’ refers to a breach of security which has led to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Staff must report any data breach or potential breach as soon as possible to a member of the Senior Management Team. All notifiable breaches will be reported to the relevant supervisory authority within 72 hours of the nursery becoming aware of it. If the risk of the breach could have a detrimental effect on the individual, the need to notify the relevant supervisory authority, will be assessed on a case-by-case basis. In the event that a breach is sufficiently serious, the public will be notified without undue delay.
Links to Legal Frameworks
This policy has due regard to legislation, including, but not limited to the following:
- The General Data Protection Regulation (GDPR)
- The Freedom of Information Act 2000
- The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004
- Information Commissioner’s Office (2017) ‘Overview of the General Data Protection Regulation (GDPR)’
Hove Village takes its duties under the GDPR extremely seriously and any unauthorised disclosure may result in disciplinary action.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Managing Director in writing.