top of page

Privacy Policy

Introduction

At Wonderbloom Nursery, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and store personal data, as well as your rights regarding the information we hold about you. This policy applies to all children, parents/carers, staff, and visitors associated with Wonderbloom Nursery.

 

Data Controller

Wonderbloom Limited has appointed Jay Gauldie as the Data Controller. Jay acts on behalf of Wonderbloom Limited and is responsible for overseeing data protection activities, ensuring compliance with relevant data protection laws, including GDPR. If you have any questions or concerns regarding the handling of your personal data, you can contact Jay Gauldie at: Wonderbloom Nursery Blackmore Crescent, Woking, GU21 5NZ Email: hello@wonderbloom.co.uk Phone: 01483 904902

 

Data Collection

We collect personal data to provide a safe and supportive environment for your child’s care and education. The types of personal data we may collect include:

● Child Information: Name, date of birth, medical history, dietary requirements, special educational needs, attendance records, and emergency contact details.

● Parent/Carer Information: Name, contact details, relationship to the child, and any legal documents such as custody agreements.

● Staff Information: Name, contact details, qualifications, employment history, payroll information, and DBS checks.

● Visitors: Name, contact information, and purpose of visit.

 

Legal Basis for Processing

We process personal data under the following legal bases:

● Contractual Necessity: To fulfil our contractual obligations to parents/carers and staff.

● Legal Obligation: To comply with legal and regulatory requirements, including the Early Years Foundation Stage (EYFS) framework, safeguarding regulations, and employment law.

● Legitimate Interests: For the effective management and operation of the Nursery, including communication with parents/carers and staff, ensuring health and safety, and improving our services.

● Consent: For specific purposes, such as using photos of children on our website or social media platforms.

 

Use of Personal Data

We use the personal data we collect to:

● Provide care and education to children.

● Communicate with parents/carers about their child's progress and nursery activities.

● Maintain accurate records for safeguarding, health and safety, and regulatory compliance.

● Administer staff employment, payroll, and professional development.

● Facilitate day-to-day operations, including billing and fee collection.

● Share information with relevant authorities in cases of safeguarding concerns or legal requirements.

 

Data Sharing

We will not share your personal data with third parties unless it is necessary for the provision of our services or required by law. We may share data with:

● Educational professionals (e.g., speech and language therapists, special educational needs coordinators).

● Healthcare providers (e.g., in case of medical emergencies).

● Local authorities and regulatory bodies (e.g., Ofsted, safeguarding teams).

● IT service providers for data storage and management (all providers are GDPR compliant). Data Retention We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. For a full list of our data retention timeframes please view our Access, Storage, and Retention of Records Policy.

● Child Records: Retained for the duration of their time at the Nursery plus an additional period as required by law.

● Staff Records: Retained for the duration of employment and for a specified period after employment ends.

● Visitor Logs: Retained for a minimum of 24 years for security and safeguarding purposes.

 

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

● Secure storage of physical records in locked cupboards.

● Encryption of digital records and use of password protection.

● Regular staff training on data protection and confidentiality.

● Controlled access to personal data on a need-to-know basis.

 

Your Rights

You have the following rights regarding your personal data:

● Access: Request access to the personal data we hold about you or your child.

● Rectification: Request correction of inaccurate or incomplete personal data.

● Erasure: Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal retention requirements.

● Objection: Object to the processing of your personal data based on legitimate interests.

● Data Portability: Request transfer of your data to another service provider.

● Withdrawal of Consent: Withdraw consent where we rely on it for processing.

To exercise any of these rights, please contact us at the details provided above.

 

Cookies

Our website uses cookies to enhance user experience and analyse site traffic. You can manage your cookie preferences through your browser settings. Changes to This Policy We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and we will notify you of significant changes where appropriate.

 

Complaints

If you have concerns about how we handle your personal data, please first make your complaint known to us for our attention to resolve. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK too. 

bottom of page