Website privacy policy

This privacy policy sets out how Castle Kindergarten uses and protects any information that you give Castle Kindergarten when you use this website. Castle Kindergarten is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Castle Kindergarten may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from: May 2018

What we collect...

We may collect the following information: name contact information including email address What we do with the information we gather We require this information to understand your needs and provide you with a better service, and in particular for the following reasons: We may use the information to improve our products and services Security We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: For a video about cookies, visit how Google uses cookies Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.

Category 1: Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for, like shopping baskets or eBilling, cannot be provided.

Category 2: Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. By using our website, you agree that we can place these type of cookies on your device.

Category 3: Functionality cookies

These cookies allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. By using our website, you agree that we can place these type of cookies on your device.

Category 4: Targeting cookies or advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Controlling your personal information You may choose to restrict the collection or use of your personal information in the following ways: whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at:

We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you, please write to: email: or post: Castle Kindergarten, Head Office, Cheltenham House, Cheltenham Road Sunderland SR5 3QH

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

General Data Protection Regulation (GDPR) Privacy Notice

At Castle Kindergarten we take privacy very seriously and we have updated all our policies to ensure that we are fully meeting the new data protection standards (General Data Protection Regulation (GDPR)).

We are registered with the Information Commissioner’s Office (ICO).

The categories of children’s information that we collect, hold and share include:

• personal information (such as name, address, date of birth)

• characteristics (such as ethnicity, language, nationality, country of birth,

  early years pupil premium eligibility)

• attendance information (such as sessions attended, number of absences

  and absence reasons)

• observations and assessment information and tracking of progress •

  medical information

• information on special educational needs and disabilities (including if

  accessing Disability Living Allowance and entitlement to the Disability

  Access Fund)

• referrals to other relevant services

• safeguarding information.

We also collect, hold and share some information on the children’s parents/guardians:

• Personal information (names, address, contact numbers and emails).

• National Insurance numbers.

Why we collect and use this information

We use the children’s and parents’ data to:

• support their learning and development, to enable staff to plan suitable

  activities to extend their knowledge and skills

• ensure that all children are safe within our childcare provision • monitor

  and report on their progress

• provide appropriate behavioural and emotional support as required

• assess the quality of our services as a childcare provider

• comply with the law regarding data sharing (GDPR)

• meet the requirements of the early years foundation stage (EYFS)

• make claims for funding.

The lawful basis on which we use this information

We collect and use children’s information under the following lawful bases: •

Contract: The processing is necessary for a contract we have with you the parents/carers of the child to provide childcare and the contract that we have with the local authority to provide funded childcare to eligible families.

Legal obligation: The processing is necessary for us to comply with the law. Under clause 3.72 of the statutory EYFS framework, providers must record each child’s name, date of birth, address and emergency contact details of parents. Additionally we must submit your child’s data for the early years census each year.

Consent: This is where you give your clear consent to process your child’s personal data for a specific purpose. Collecting children’s information While the majority of children’s information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain children’s information to us or if you have a choice in this.

Storing children’s information

We are required to hold children’s data for a reasonable period of time after children have left the provision (eg until after the next Ofsted inspection) as a requirement under the EYFS. The Limitation Act 1980 recommends that we retain data until the child reaches the age of 21 — or until the child reaches the age of 24 for child protection records. Your data will be held securely and will only be accessed by staff who are authorised to do so.

Who we share children’s information with

We routinely share children’s information with:

• schools that the child attends after leaving our provision

• other local childcare providers where the child is engaging currently (wrap

  around or blended childcare)

• our local authority (for funding claims and the early years census)

• the DfE (annual early years census)

• special educational needs co-ordinators

• NHS services (health visitors and speech and language therapists).

Why we share children’s information

We do not share information about our children with anyone without your consent unless the law and our policies allow us to do so. We share children’s data with the DfE on a statutory basis. We are required to submit data to our local authority for them to submit as part of the annual early years census in January and to access childcare funding. Data collection requirements To be granted access to children’s information, we must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements, retention and use of the data.

Requesting access to your personal information

Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s early years record, please contact the Kindergarten Manager.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing,  

  damage or distress

• prevent processing for the purpose of direct marketing

• in certain circumstances, have inaccurate personal data rectified, erased or


• claim compensation for damages caused by a breach of the Data

  Protection Regulations.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the ICO.

Deleting information

Any data collected is not held for any longer than is legally required.

Photographs are deleted when your child leaves the kindergarten unless permission has been given on the contract or termination form for us to keep them on our webpage or brochure. This permission can be withdrawn by you at any time.

Paperwork and printed photographs will be shredded and digital media will be deleted and the PC trash can emptied of the documents.

Safeguarding and welfare information about your child, including registers, will be held until your child is 21 years and 3 months old for insurance purposes and to comply with the EYFS and Childcare Register.

Any learning and development information that is held to comply with the EYFS will be sent to you or on to your child’s next early years setting or school and then deleted from our assessment system. Making a complaint

A complaint can be made to OFSTED about our service at any time.

Ofsted can be contacted using email at by phone 03001231231 or by post to Piccadilly Gate, Store Street, Manchester M1 2WD

Alternatively, you can complain directly to Castle Kindergarten using the contact details below.

If we receive a complaint we are required by the EYFS to record details of the complaint and to retain the information and share it with OFSTED. The details of the complaint must be made available to OFSTED as required by the EYFS.

Complaining to the Information Commissioner’s Office (ICO)

If you are concerned that a data breach has been made you can contact the ICO at If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance.

Alternatively, you can contact the Information Commissioner’s Office at Changes to this privacy notice This privacy notice will be reviewed annually and as required.


Please contact the manager of the kindergarten.