Privacy Policy & General Data Protection Regulation

The Butterfly Preschool aims to ensure that all personal data collected about staff, pupils, parents, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR), which will come into effect in the UK on 25th May 2018 and the expected provisions of the Data Protection Act 2018 as set out in the Data Protection Bill. 


This policy applies to all personal data, regardless of whether it is in paper or electronic format. 


This privacy policy sets out how The Butterfly Preschool uses and protects any information  that you give The Butterfly Preschool when you use the nursery or our website. 


The Butterfly Preschool is committed to ensuring that your privacy is protected. Should we  ask you to provide certain information by which you can be identified when using our  nursery or our website, then you can be assured that it will only be used in accordance with  this privacy statement. 


What is personal information? 

Personal information is any information relating to an identified or identifiable individual.  This may include name, contact details, educational and health information, ethnic group,  financial information, photographs and video recordings.  


Why does The Butterfly Preschool collect and use personal information? 

Our main reason for using your personal information is to provide educational and caring  services for your children. Whilst the majority of information you provide us with is  mandatory, some of it is provided to us on a voluntary basis. We will inform you when you  have a choice, in order for us to comply with the data protection law. The reasons for using  information is set out below and the time period for retention of this information is set out  in table 1.1.  


  • Information is given to us on your registration forms and from a child’s previous  setting. We may also seek information from professionals such as specialists or the  local authority that might be working with your child
  • Information about any family circumstance which might affect your child’s welfare
  • Information about a court order or criminal offence that relates to you. This is so we  can safeguard the welfare and wellbeing of your child and the other children
  • CCTV is used throughout the building to make sure children and staff are kept safe
  • Photographs and videos are kept for your child’s development and progress checks
  • Financial information about you in relation to payment of fees


Sharing personal information 

We will not normally share personal data with anyone else, but may do so where: 


  • There is an issue with a child or parent that puts the safety of our children, staff or  parents at risk 
  • We need to liaise with other agencies – we will seek consent where appropriate  before doing this 
  • A serious incident has taken place at the nursery and insurance companies,  emergency services and Ofsted need to be informed 
  • Your child leaves us to attend another setting, we may provide the other setting with  information about you or your child for example safeguarding issues 
  • A supplier or contractor needs data to help us run the nursery properly 


Legal grounds for using your information 

We will only process personal data where we have one of 6 ‘lawful bases’ to do so under  data protection law:


  • The data needs to be processed so that the nursery can fulfil a contract with the  individual, or the individual has asked the nursery to take specific steps before  entering into a contract
  • The data needs to be processed so that the nursery can comply with a legal  obligation
  • The data needs to be processed to ensure the vital interests of the individual e.g. to  protect someone’s life
  • The data needs to be processed so that the nursery, can perform a task in the public  interest, and carry out its official functions
  • The data needs to be processed for the legitimate interests of the nursery or a third  party (provided the individual’s rights and freedoms are not overridden)
  • The individual (or their parent/carer when appropriate in the case of a pupil) has  freely given clear consent 


Subject access requests

Individuals have a right to make a ‘subject access request’ to gain access to personal  information that the nursery holds about them. This includes: 


  • Confirmation that their personal data is being processed
  • Access to a copy of the data
  • The purposes of the data processing
  • The categories of personal data concerned
  • Who the data has been, is being, or will be, shared with
  • How long the data will be stored for, or if this isn’t possible, the criteria used to  determine this period
  • The source of the data, if not the individual
  • Whether any automated decision-making is being applied to their data, and what  the significance and consequences of this might be for the individual 


Subject access requests must be submitted in writing, either by letter or email to the DPO.  They should include:


  • Name of individual
  • Correspondence address
  • Contact number and email address
  • Details of the information requested 


If staff receive a subject access request they must immediately forward it to the DPO. 


Photographs and videos

As part of our nursery activities, we may take photographs and record images of individuals  within our nursery. Examples of how images may be used within nursery include:


As part of a learning activity; e.g. a teacher photographing the children at work and  then sharing the pictures in the classroom, allowing them to see their work and  make improvements.

For presentation purposes around the nursery; e.g. in wall displays or slideshows  that celebrate children’s work and achievements (we will not use a child’s name  beside a photograph of them) 

As part of a recorded lesson observation; e.g. teachers using video to help them  review and evaluate their practice, and discuss their lesson with other staff in order  to develop their teaching. 


We will obtain written consent from parents/carers for photographs and videos to be taken  of their child for communication, marketing and promotional materials. We will clearly  explain how the photographs and/or videos will be used to both the parent/carer and pupil. Uses may include: 

  • Nursery brochures, newsletters, prospectuses etc. 
  • Online on our nursery website or social media pages 
  • In a presentation about the nursery and its work, in order to share its good practice  with other nurseries or educators 
  • In the media (very rarely); e.g. if a newspaper photographer or television film crew  attend an event. 


Consent can be refused or withdrawn at any time. If consent is withdrawn, we will delete  the photograph or video and not distribute it further. When using photographs and videos  in this way we will not accompany them with any other personal information about the  child, to ensure they cannot be identified.  


See our child protection and safeguarding policy for more information on our use of  photographs and videos. 


Data Controller: The Babydrop LTD (The Butterfly Preschool) 32b Webbs Road, London, SW11 6SF 0207 738 0019 www.thebutterflypreschool.co.uk 


Data Protection Officer (DPO): Charlotte Butterfill 0207 738 0019 charlotte@thebutterflypreschool.co.uk 


Policy came into effect from 25th May 2018. Date of next review May 2020