Little Angels Childcare Group Privacy Notice

1. Who we are

Little Angels Childcare Group is the data controller for personal information we collect and use about children, parents or carers, visitors, and employees. This means we decide how and why your personal information is used.

Sites covered by this notice:
• Marcham Little Angels
• Southmoor Little Angels

Contact for data protection queries:
Email: info@littleangelschildcaregroup.co.uk
FAO: Kaye Merriman, Data Protection Officer
Address: Marcham Little Angels, 1 Barrow Close, Marcham, OX13 6TY
Telephone: 01865 819992

2. What this notice covers

This privacy notice explains how we collect, use, store, share, and protect personal information about:
Children in our care
Parents or carers and emergency contacts
Employees, applicants, and volunteers
Website enquiries and general communications

This notice does not form part of any contract. We may update it from time to time and will publish the latest version on our website.

3. Data protection principles

We process personal information in line with UK GDPR principles. That means we aim to ensure personal data is:
• used lawfully, fairly and transparently
• collected for specific purposes and not used in incompatible ways
• adequate, relevant and limited to what is needed
• accurate and kept up to date
• kept only as long as necessary
• protected with appropriate security

4. The kind of information we hold

A) Children

We may collect and hold:
• name, date of birth, home address
• attendance records and booking patterns
• dietary requirements, allergies, medical needs, care plans
• emergency contacts and authorised collectors
• accident, incident and existing injury records
• safeguarding and child protection records (where relevant)
• learning and development records, observations, assessments, progress information
• photographs and video (for learning records, displays, or communications where applicable)

Special category data (more sensitive):
• health information, allergies, medical conditions
• disability or additional needs information
• race or ethnicity, nationality, first language (where required or relevant)

B) Parents or carers (and emergency contacts)

We may collect and hold:
• names, addresses, telephone numbers, email addresses
• relationship to the child and authorised collection details
• funding and entitlement information required for local authority claims
• payment and invoicing information (including bank or transaction details where needed)
• records of communications and queries (including invoicing queries and admin requests)

Special category data (only where relevant):
• information shared with us about health, disability, language, or other needs that affects the child’s care or safeguarding

C) Employees, applicants, and volunteers

We may collect and hold:
• contact details, date of birth, emergency contacts, next of kin
• recruitment information, references, right to work checks
• payroll, tax, pension and benefits information
• working hours, training, performance and capability records
• disciplinary and grievance records
• health and sickness records, workplace adjustments (where relevant)
• IT usage and security logs (as needed for security and policy compliance)

Special category data:
• health, disability, sickness absence, workplace adjustments
• equality monitoring data (where collected)

D) Website and enquiries

If you contact us via our website, email, phone, or forms, we may collect:
• your name and contact details
• information you provide about childcare requirements
• records of communications with you

5. How we collect personal information

We collect personal information:
• directly from parents or carers during enquiry, registration, and ongoing care
• from employees during recruitment and employment
• from local authorities for funding checks and confirmations
• from other professionals where appropriate (for example health visitors or SEN professionals), usually with consent or where legally permitted
• from CCTV or site security systems
• from our nursery management, invoicing, and communication systems

6. How we use information and our lawful bases

We use personal information to run the nursery safely and effectively, meet legal duties, and provide childcare and early years education.

Typical purposes and lawful bases (UK GDPR Article 6)

Providing childcare services
Examples: registrations, day to day care, parent communications, learning records
Lawful basis: Contract (with parents or carers)

Safeguarding and welfare
Examples: child protection concerns, referrals, safety planning
Lawful basis: Legal obligation and vital interests (and where relevant, substantial public interest)

Local authority funding
Examples: eligibility checks, headcount submissions, funding claims
Lawful basis: Legal obligation and public task (depending on the requirement)

Health and safety
Examples: accident forms, incident reporting, risk management
Lawful basis: Legal obligation

Payments and debt management
Examples: invoicing, receipts, chasing overdue accounts
Lawful basis: Contract and legitimate interests

Staffing and HR
Examples: recruitment, payroll, training, performance management
Lawful basis: Contract and legal obligation

Security and IT
Examples: protecting systems, preventing fraud, access control, policy compliance
Lawful basis: Legitimate interests and legal obligation (where applicable)

Photos and marketing
Examples: newsletters, social media, promotional materials
Lawful basis: Consent (where required)

Special category data (UK GDPR Article 9)

Where we process special category data (for example health or safeguarding information), we only do so where we have a valid condition, typically:
• explicit consent (for specific uses such as certain photos or optional information)
• vital interests (where someone’s life is at risk and consent cannot be obtained)
• reasons of substantial public interest (including safeguarding children and individuals at risk, where applicable)
• employment, social security and social protection law (for staff data)
• health or social care purposes (where applicable)

7. Criminal convictions and DBS checks (employees and volunteers)

We may process information about criminal convictions only where legally permitted, typically to:
• carry out DBS checks and related safeguarding requirements
• record check dates, reference numbers, and outcomes as required
We apply appropriate safeguards and restrict access to this information.

8. Automated decision-making

We do not use purely automated decision-making that produces legal or similarly significant effects about you without lawful basis and appropriate safeguards.

9. Data sharing

We may share personal information where necessary and lawful, including with:
Local authorities (funding, safeguarding, statutory returns)
Ofsted and other regulators (inspection and compliance)
Schools (transition information, usually with parent or carer agreement, or where appropriate)
Health and safeguarding agencies (for example social care, police, NHS services) where required to protect a child
Service providers (processors) who support our operations, such as nursery management systems, invoicing and accounting, email and messaging platforms, cloud storage, IT support, and payment providers
Debt recovery providers only where necessary for significant and unresolved non-payment and where lawful

We only share what is necessary, and we require processors to protect information and use it only under our instructions.

10. International transfers

Some of our service providers may store data outside the UK. If we transfer personal data internationally, we will ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements, addendums, or other approved mechanisms.

11. Data security

We take appropriate measures to protect personal information, including:
• access controls and role-based permissions
• staff confidentiality expectations and training
• secure storage and secure disposal
• appropriate technical protections for systems used
• minimising the amount of data shared and stored where possible

12. Data retention

We keep personal information only as long as necessary for the purposes it was collected, including legal, safeguarding, and accounting requirements.

13. Your rights

You have rights under UK GDPR, including the right to:
• access your personal data
• correct inaccurate or incomplete data
• request deletion of data (in some circumstances)
• restrict processing (in some circumstances)
• object to processing where we rely on legitimate interests
• withdraw consent where processing is based on consent
• request data portability where applicable

To exercise your rights, contact us using the details above. We may need to confirm your identity before responding.

14. Complaints

If you are unhappy with how we handle your information, please contact us first so we can put it right.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data protection regulator.

15. Changes to this notice

We may update this notice to reflect changes in our practices, systems, or legal obligations. The current version will always be available on our website.

HomeAboutDNAContact
Book a visit
Book a visit
CareersParents' login
Marcham 
01865 819 992
Southmoor 01865 597 512
Copyright © 2021 Little Angels. All rights reserved.
Website by Corin Design
Privacy Policy
Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Deny
Accept
Cookie preferences