At Grandma Nurseries Ltd, we promise to keep your data safe and private and only use your personal information to manage your account and provide tailored care to your child.
Your privacy is protected by law and the General Data Protection Regulation (GDPR) which says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing outside of Grandma Nurseries Ltd. The law says we must have one of more of these reasons:
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
From time to time, we will need to contact you, via phone, email or the Parent Zone app to provide you with nursery updates, share important information or send your monthly invoices.
We use child data:
We use parent or carer data:
We collect and use child information under GDPR Article 6, 1b, 1c and 1f, as well as Article 9, 2a and 2c.
Whilst the majority of child information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain child information to us or if you have a choice in this. Data will be collected via your registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery. You may also be asked to sign local authority forms, such as funding consent.
When registering your child, the majority of the information you provide about yourselves will be mandatory, although we may also ask for some voluntary information to help us care for your child. Data will be collected via your child’s registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery.
We hold child data for up to seven years from their start date with Grandma Nurseries Ltd, or two years from their last day. Data on our forms is collected through Cognito Forms and initially held in a US-based datacentre, before being moved to permanent storage on a secure Microsoft-owned datacentre, hosted in the UK. Data is then removed from Cognito Forms and not stored there longer than is necessary to process the initial data.
We routinely share child information with:
We do not share information about our children with anyone without consent unless the law and our policies allow us to do so.
To find out more about the data collection requirements placed on us by the Department for Education, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Grandma may sometimes offer people who are not registered at a nursery the opportunity to sign up to a mailing list to request further information, for example when we are opening a new nursery. In these instances, your data will only be used for the express purpose of keeping you informed during the interim period up until and around the opening of the nursery or event.
At no point will your data be used for any other purpose than the communication of information related to the event for which you registered.
All provided data will be securely kept by Grandma for six months following the event’s date and then deleted from our servers.
‘Uploaded media’ refers to any photos or videos you voluntarily upload to be used in compilation sets, produced by Grandma. Any media you upload using forms on the Grandma website will be kept for up to one month following the publication of said compilation video. It will then be deleted from our servers.
Under data protection legislation, parents have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational records, contact your Nursery Manager or Nursery Data Protection Officer.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Whilst a child or employee still attends Grandma, the right may not be exercised, as the personal data is still necessary for the purpose for which we originally collected it for.
We use a number of authorized third-parties to provide our services. They are not permitted to use information we share with them for any other purpose.
Secure hosting of Grandma Nursery is essential to both us and our families. That is why we entrust Squarespace, an industry leader in secure website hosting, to protect all of our website data.
Cognito Forms provide processing of all forms on our website, allowing us to capture the information we need for your child’s registration or your job application. Their data is stored on Amazon datacentres in the United States. Data is only temporarily stored with Cognito Forms before being moved to Grandma’ own servers (see Microsoft) upon verification by a manager.
All customer and employee data, and the servers that process this data, are securely managed by Microsoft, geo-replicated in real time to multiple datacenters in the United Kingdom and Europe. Microsoft has more security certifications than any other cloud provider. More information about these security measures can be found in the Office 365 Trust Center.
Your personal data will be input into the Connect Childcare system, which helps us manage our nurseries. Your data is held in secure data centres hosted by Memset and Amazon Web Services and can only be accessed by authorised personnel.
We will notify you if there was a breach of your personal information. If a security breach causes an unauthorised intrusion into our system that materially affects you or your information, then we will notify you as soon as possible and later report the action we took in response.
We work hard to keep your information safe and secure. We take reasonable and appropriate measures to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information. We rely on Microsoft and Connect Childcare to safeguard the physical and technical security of your information, and we have documented and enforced controls to limit access to, and to protect your information.
Please email us at firstname.lastname@example.org if you have any questions about the privacy or accuracy of your information!
Grandma Nursery Co.
West Bay, Onaizah 63, El Either Street No. 941
Villa No. 52, P.O. Box 15205 - Doha, Qatar
Tel: +974 4488-4008
Mobile: +974 3344-4008