Privacy Policy

This is the Privacy Policy for Hanney Pre-School and for the services it provides be those services provided via this website or otherwise. It outlines your rights as a data subject as well as this organisation’s obligations under the General Data Protection Regulation (GDPR).

About Us

Hanney Pre-School is a small charity-run group situated in the grounds of St. James Primary School, within a rural setting between the Oxfordshire villages of East and West Hanney. Our registered charity number is 1022246.

Our Principles

1. We at Hanney Pre-School (collectively “Hanney Pre-School”, “we”, “us” and “our”) take your privacy and our security obligations seriously. We will strive to protect your personal information by using security technology appropriately. This means we ensure that:
   • Appropriate security measures will be in place to protect your personal information.
   • When we ask another organisation to provide a service for us, that they will also have appropriate security measures in place.
2. We will respect your privacy and will not send any marketing material to you unless you have opted in to receive such marketing information. However, we may contact you to confirm the data you have provided or entered to ensure its accuracy.
3. We will only collect and use the personal information you have freely provided, be that verbally, in written form or electronically via forms on this website.
4. We will be clear in our dealings with you as to what information we will collect about you and how we will use it and store it.
5. We will only use your personal information for the purposes for which it was originally collected and we will ensure that information is deleted securely as and when required.
6. Our website is accessible via the Internet. This therefore means that anyone around the world who visits our website can see anything posted there, namely any comments that you may post.
7. We do not transfer any personal information outside of the European Economic Area (EEA).

The Information We Collect

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain pupil information or whether or not you have a choice regarding the provision of that information.

Personal and non-personal information may be collected either directly from you or automatically from your device as follows.

Data Directly Provided

When you use our services we collect the personal information that you provide us in relation to the delivery of those services, be that verbally, in writing or via email.

When you visit our website we collect the personal information that you provide us via our online forms for enquiries, event registration and newsletter sign-up.

Examples of the information we collect are pupil personal information (such as pupil name, unique pupil number, pupil address, parent/guardian name, parent/guarding contact details), pupil characteristics (such as ethnicity, language and nationality), pupil attendance (such as sessions attended), as well as any other personal information you choose to provide us.

Browser-Based Data Automatically Provided

As is the case for many websites we use cookies to improve website performance and the user experience. When you visit our website certain non-personal information is also automatically collected via cookies and other similar technologies that may include saving cookies to your device (computer, tablet, mobile phone, for example).

We may also collect non-personally identifiable browser-based information regarding how you use our website.

Examples of the information collected automatically relate to the device used to access our website and may include the following information: the name and version of the operating system used, the name and version of the web browser used, the device’s current IP address, the referring website, the date, time and duration of the pages visited. For further information, please refer to our Cookies Policy.

Why We Use The Information

We collect and process the information for a variety of reasons, including:

Via Our Services

• To support child learning
• To monitor and report on child progress
• To provide appropriate pastoral care
• To contact a parent/guardian in the event of child illness or an emergency
• To assess the quality of our services
• To comply with the law regarding data sharing

Via Our Website

• For administration and reporting purposes including (but not limited to) troubleshooting, performance analysis, statistical analysis and testing
• To monitor and improve the performance of our website
• For the purposes made clear to you at the time you submit your information, to fulfil your request for information on our services, for example
• To ensure the safety and security of our website

Additionally, we may use the information you provide us via our services and/or our website to communicate with you via email and possibly other means regarding services, offers, promotions and events we think may be of interest to you or to send you our newsletter. The option to opt-out of such communication will always be available to you at any time.

Web Analytics
We use a third party provider, Google Analytics, to analyse our website traffic. For more information, please refer to Google’s privacy policy:

• https://policies.google.com/privacy?hl=en-GB&gl=uk

Web Calendar
We use a third party provider, Google Calendar, to deliver information about community events. For more information, please refer to Google’s privacy policy:

• https://policies.google.com/privacy?hl=en-GB&gl=uk

Location Maps
We use a third party provider, OpenStreetMap, to deliver location maps for our website. For more information, please refer to OpenStreetMap’s privacy policy:

• https://wiki.osmfoundation.org/wiki/Privacy_Policy

Third Party Disclosure of Information

We do not share information about our pupils without consent under the law and our policies allow us to do so.

We are obliged to share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We routinely share pupil information with:

• Schools that pupils attend after leaving us
• Our local authority
• The Department for Education (DfE)

Under certain circumstances we may also be required to disclose your personal information in response to valid requests by public authorities such as the police or security services.

Data Collection Requirements

To learn more about the statutory data collection requirements placed on us by the DfE (for example; via the early years census) please visit:

• https://www.gov.uk/childcare-parenting/data-collection-for-early-years-and-childcare

For information about services for young people, please visit our local authority website:

• http://www.whitehorsedc.gov.uk/

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. The data is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required under the law to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some information is then stored in the NPD. The law that allows this is the Education (Information About Individual pupils) (England) Regulations 2013.

To learn more about the NPD visit:

• https://www.gov.uk/government/publications/national-pupil-database-user-guide-an-supporting-information

The department may share information held in the NPD about our pupils with third parties who promote the education or well being of children in England by:

• Conducting research or analysis
• Producing statistics
• Providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained. There are also stringent controls in place regarding the access and use of the data. Decisions on whether the DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

• Who is requesting the data
• The purpose for which the data is required
• The level and sensitivity of the data requested; and
• The arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.
For more information about the DfE’s data sharing process please visit:

• https://giv.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, as well as in relation to which project, please visit the following website:

• https://www.gov.uk/government/publications/national-pupil-database-requests-received

To learn more about or contact the DfE please visit:

• https://www.gov.uk/contact-dfe

Your Rights

You have the following rights at any time under the GDPR:

1. To be informed about your personal information
2. To request a copy of your personal information
3. To request the correction of your personal information
4. To request the erasure of personal data (also known as ‘the right to be forgotten’) in certain circumstances
5. To request that the processing of your personal information is suppressed in certain circumstances
6. To receive a copy of your personal information, free of charge, in a commonly used and machine-readable format
7. To object to the processing of your information under certain circumstances
8. To not to be subject to a decision based upon automated processing
9. To be informed of any personal data breach

For full details regarding your rights under the GDPR visit:

• https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Our Lawful Basis for Processing Personal Information

The following lawful bases are those under which Hanney Pre-School collects and processes your personal information:

1. Legitimate Interests
   • To deliver and support our services
2. Consent
   • To contact an individual in relation to our services
3. Contract
   • To supply contracted service

Links To Other Websites

Within the Hanney Pre-School website we do provide links to resources or documents that we believe to be useful, such sites are operated by third parties under different privacy policies therefore we cannot accept any responsibility for their content or control of their policies.

Data Retention

We will retain your personal data in line with our Privacy Policy and Children’s Records policy.

Legal & Contact Information

Under the General Data Protection Regulation (GDPR) that replaces the 1995 EU Data Protection Directive 95/46/EC and 1998 UK Data Protection Act (DPA) we are obliged to say who the ‘data controller’ is with respect to the services we provide, be they through traditional channels or via our website. The data controller is the organisation responsible for collecting and protecting information and, in our case, is:

• Carey Hope (Committee Chair Person)

For further legal information about privacy issues, you may find the following links useful:

• Our Cookies Policy – https://hps.thehanneys.uk/legal/cookies/
• The Information Commissioner’s Office (ICO) – https://ico.org.uk/
• Data Protection Act 1998 – https://www.legislation.gov.uk/ukpga/1998/29/contents
• 1995 EU Data Protection Directive 95/46/EC – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046

If you would like access to or a copy of the personal information we hold about you, to request a correction, or have any questions about how we may use it or to make a complaint, please contact the Data Protection Manager via the Contact Us page remembering to select the Privacy Enquiry option from the Subject dropdown menu so your enquiry is directed to relevant person.

Complaints

Complaints will be dealt with by the Data Protection Manager, and will be responded to within 30 days at the latest.

Complaints will be dealt with by the Data Protection Manager, and will be responded to within 30 days at the latest.
If you are not satisfied with the way your complaint has been handled, you may be able to refer your complaint to your local data protection regulator. In the case of the United Kingdom this is the Information Commissioner’s Office (ICO):

• https://ico.org.uk/concerns

Changes to Our Privacy Policy

Should the decision be taken to change our privacy policy we will post the changes here. Where the changes are significant, we may also choose to email all our registered contacts with the new details. Where required by law, your consent will be obtained to make these changes.

Privacy Policy Changes by Date

Date	Description
3 Feb 2019	Updated GDPR compliant Privacy Policy published on this website.