GDPR Privacy Notice


Cherry Blossom Preschool is committed to protecting the privacy and security of your personal information.

We ensure that any personal data we hold about you and your child is protected in accordance with data protection laws and is used in line with your expectations.

Cherry Blossom Preschool is a “data controller”.

This means that we are responsible for deciding how we hold and use personal information about you. This privacy notice explains what personal data we collect, why we collect it, how we use it and how we protect it.


We will comply with data protection law. This says that the personal information we hold about you must be:   1. Used lawfully, fairly and in a transparent way.   2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes . 3. Relevant to the purposes we have told you about and limited only to those purposes.   4. Accurate and kept up to date.   5. Kept only as long as necessary for the purposes we have told you about.   6. Kept securely.

What personal data do we collect?

We collect personal data about you and your child to provide care and learning that is tailored to meet your child’s individual needs. We also collect information in order to verify your eligibility for free childcare as applicable.


We will collect, store, and use the following categories of personal information about Children

  • personal information (such as name, address, date of birth)
  • photographs of children for general display purposes attendance information (such as sessions attended, number of absences and absence reasons)
  • observations and assessment information and tracking of progress ( including photographs)
  • information on special educational needs and disabilities (including if accessing Disability Living Allowance and entitled the Disability Access Fund)
  • referrals to other relevant services
  • dietary requirements

We may also collect, store and use the following “special categories” of more sensitive personal information:

– Information about a child’s race or ethnicity, spoken language and nationality.

– Information about a child’s health, including any medical condition, health and sickness records.

– Information about a child’s accident or incident reports including reports of pre-existing injuries.

– Information about a child’s incident forms /child protection referral forms / child protection case details /reports.


We will collect, store, and use the following categories of personal information about Parents:

  • personal information (such as name, address, telephone numbers, and personal email addresses, National Insurance number, bank account details (where applicable)
  • we will also ask for information about who has parental responsibility for your child and any court orders pertaining to your child

We may also collect, store and use the following “special categories” of more sensitive personal information:

 •         Information about a Parent’s race or ethnicity, spoken language and nationality.

 •         Conversations with Parents where Employees of the Preschool deem it relevant to the safeguarding of children or the prevention of radicalisation or other aspects of the governments Prevent strategy.

            Why we collect this information and the legal basis for handling your data

We use personal data about children and parents in order to provide childcare services and fulfil the contractual arrangement you have entered into and in order for us to comply with our legal obligations.

This includes using your data to:

  • contact you in case of an emergency
  • to support your child’s wellbeing and development
  • to manage any special educational, health or medical needs of your child whilst at our setting
  • to carry out regular assessment of your child’s progress and to identify any areas of concern
  • to maintain contact with you about your child’s progress and respond to any questions you may have
  • to process funding claims
  • meet the requirements of the early years foundation stage (EYFS)
  • grant access to Ofsted, our regulatory body, to access information in the course of an inspection to ensure we meet the needs of children
  • to keep you updated with information about our service

With your consent, we will also record your child’s activities for their individual learning record. This may include photographs and videos. You will have the opportunity to withdraw your consent at any time, for images taken by confirming so in writing.

We have a legal obligation to process safeguarding related data about your child should we have concerns about their welfare.

Who we share your data

In order for us to deliver childcare services we will also share your data as required with the following categories of recipients:

  • Regulatory bodies – i.e. Ofsted for ensuring compliance and the safety and welfare of the children
  • Local Authorities – for funding and monitoring reasons (e.g., equal opportunities and uptake of funded hours, or in special circumstances for SEND reasons)
  • Schools – to provide a successful transition by ensuring information about the child’s progress and current level of development and interests are shared
  • Banking services to process direct debit payments (as applicable)
  • the government’s eligibility checker (for 30-hour funding purposes)
  • our insurance underwriter (if applicable)
  • our setting software management provider

We will also share your data if:

  • We are legally required to do so, for example, by law or by a court
  • to enforce or apply the terms and conditions of your contract with us
  • to protect your child and other children; for example by sharing information with social care or the police;
  • it is necessary to protect our/or others rights, property or safety
  • We transfer the management of the setting, in which case we may disclose your personal data to the prospective buyer so they may continue the service in the same way.

We will never share your data with any other organisation to use for their own purposes

How do we protect your data?

We protect unauthorised access to your personal data and prevent it from being lost, accidentally destroyed, misused, or disclosed by:

  • storing all paper records securely in a lockable filing cabinet
  • ensuring that access to all personal data is restricted to those authorised to see them
  • maintaining an archive system for paper records showing the date due for destruction
  • ensuring electronic records are kept to a minimum and deleting any data that is not required
  • ensuring computer, laptops and tablets are password protected and accessed by authorised persons only
  • storing the tablets and memory sticks in a lockable filing cabinet
  • checking the tablets and computer weekly and deleting all unnecessary photographs

How long do we retain your data?

We are required to hold children’s data for a reasonable period of time after children have left the provision (e.g., for 3 years or until after the next Ofsted inspection) as a requirement under the EYFS.

Medication records and accident records are kept for longer according to legal requirements. Your child’s learning and development records are maintained by us and transferred to you when your child leaves.

In some instances (child protection, or other support service referrals) we are obliged to keep your data for longer, if it is necessary to comply with legal requirements (see our Retention of Records policy which is available from the manager)

Data will be securely retained at the Company’s Registered Office address and destroyed securely through shredding.

Automated decision-making

We do not make any decisions about your child based on automated decision-making.


Your duty to inform us of changes

It is important that the personal information we hold about you and your child is accurate and current. Please keep us informed if your personal information changes during your contractual relationship with us. To assist this process, we will request an update of the registration process on an annual basis.

Your rights with respect to your data

You have the right to:

  • request access, amend or correct your/your child’s personal data
  • request that we delete or stop processing your/your child’s personal data, for example where the data is no longer necessary for the purposes of processing; and
  • request that we transfer your, and your child’s personal data to another person

If you wish to exercise any of these rights at any time or if you have any questions, comments or concerns about this privacy notice, or how we handle your data please contact Cheryl Oram, Preschool Owner, in writing.

 If you have continue to have concerns about the way your data is handled and remain dissatisfied after raising your concern with us, you have the right to complain to the Information Commissioner Office (ICO).

Changes to this notice

We keep this notice under regular review. You will be notified of any changes where appropriate.

If you have any questions about this privacy notice, please contact:

Data Protection Officer : CHERYL ORAM – PRESCHOOL OWNER