We need to gather and use information or ‘data’ about your child as part of our business and to manage our relationship with you. Lily & Co. intends to comply with its legal obligations under the Data Protection Act 2018 and the EU General Data Protection Regulation (‘GDPR') in respect of data privacy and security. We have a duty to notify you of the information contained in this privacy notice and where we refer to your data this also includes your child's data. It also sets out how we use that information and the decisions that you car make about your child's information.

The Company is a data controller, meaning that it determines the processes to be used when using your personal data. Contact details: Dianne Preston Managing Director Lily & Co. My Start Day Nursery, Miver Crescent, Aspley, Nottingham, NG8 5PN.

Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. We will inform you whether you are required to provide certain information to us or if you have a choice in this.

DATA PROTECTION PRINCIPLES In relation to your data, we will:

      •   Process it fairly, lawfully and in a clear, transparent way
      •   Collect your data only for reasons that have been explained to you
      •   Only use it in the way that we have told you about
      •   Ensure it is correct and up to date
      •   Keep your data for only as long as we need it
      •   Process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed


  There are many types of data we may hold including:

       •  Name address, date of birth, email address, phone numbers
       •  Your child’s photograph
       •  Gender
       •  Ethnicity
       •  Nationality
       •  First language
       •  Extended family/ emergency contacts
       •  Medical information
       •  Special educational needs information
       •  Your place of work, hours and work contact details
       •  CCTV footage
       •  Signing in records
       •  Attendance records

We may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.


    •   Information you provide
    •   Waiting lists
    •   Registration forms
    •   Identification
    •   Proof of address


The law on data protection allows us to process your data for certain reasons only:

    •   In order to perform our duties as set out in our agreement
    •   In order to carry out legally required duties
    •   In order for us to carry out our legitimate interests
    •   To protect your interests
    •   Where something is done in public interest.

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data.

for example we need to co: ect data in order to:

    •   Provide a safe and quality nursery provision
    •   To support your child's learning and development
    •   Tc monitor and report on your child’s progress
    •   Access funding

We need to collect your data to ensure we are complying with legal requirements such as safeguarding.

We also collect data so that we can carry out activities which are in the legitimate interests of the Company.

    •   Maintaining comprehensive up to date records about your child to ensure effective correspondence is maintained and appropriate contact is made in the event of an emergency
    •   Dealing with legal claims made against us
    •   Preventing fraud
    •   Ensuring our administrative and IT systems are secure and robust against unauthorised access


    •   Local Authority - to access funding and submit headcount and census data
    •   Area SENCO - for additional support
    •   Health visitor - for standard checkups and regarding your child’s general health and wellbeing.
    •   Ofsted - they do not process information about individual children but in order for them to assess the quality of services provided in Early Years settings they will use information regarding the achievement of groups of children and this may include your child.

We are required to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. Where we share your data with third parties, we provide written instructions to them to ensure that your

Data is held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.                        

In line with data protection principles, we only keep your data for as long as we need it for, which will be at least for the duration of your child’s time with us though in some cases we will keep your data for a period after they have left. Retention periods vary depending on the nature of the data and for what purpose we need it, if you would like more information on this please contact: Dianne Preston Managing Director.


  The law on data protection gives you certain rights in relation to the data we hold on you. These are:

    •    The right to be informed. This means that we must tell you how we use your data and this is the purpose of this privacy notice.
    •    The right of access. You have the right to access the data that we hold on you. To make a request please contact Dianne Preston Managing Director.
    •    The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can ask us to correct it.
    •    The right to have information deleted. If you would like us to stop processing your data you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing such data.
    •    The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
    •    The right to portability. You may transfer the data that we hold on you for your own purposes.
    •    The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
    •   The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.


No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.


If you have a concern about the way we are collecting or using your data, we request that you raise your concern with us in the first instance. The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO (