Privacy Policy

Philosophy
At Little Cubs Academy, we are committed to protecting the privacy and security of the personal
information of the children in our care, their parents/carers and our staff. This privacy policy explains
how we collect, use, and safeguard personal data in accordance with the UK General Data Protection
Regulation (UK GDPR) and other relevant data protection laws.

Data Controller
Little Cubs Academy, located at Labs Hawley Lock, 1 Water Lane, London, NW1 8NZ, is the data
controller responsible for your personal data. If you have any questions about this privacy policy or
our data practices, please contact our privacy manager at info@littlecubsacademy.com or call us at
0203 432 9704.

Personal Data We Collect
We collect and process the following types of personal data:

Child Data
• Full name and date of birth
• Home address
• Medical information, including allergies and dietary requirements
• Developmental records and progress reports
• Photographs (with parental consent)
• Emergency contact details

Parent/carer Data
• Full name and contact details (address, phone number, email)
• Relationship to the child

Staff Data
• Full name and contact details
• Employment history and qualifications
• DBS (Disclosure and Barring Service) check results
• Medical information relevant to their role

How We Collect Personal Data
We collect personal data through:
• Registration forms
• Admission starter forms
• Face-to-face meetings/conversations
• Phone calls and emails
• Our website where you can send us an email via ‘chat with us’.
• CCTV recordings on our premises

How We Use Personal Data
We use personal data for the following purposes:
• To provide childcare services and ensure the safety and well-being of children
• To communicate with parents/carers about their child’s progress and nursery activities
• To allocate payments and manage our accounts
• To comply with legal and regulatory requirements
• To safeguard children and staff
• To manage and train our staff

Legal Basis for Processing
We process personal data on the following legal bases:
• Contractual necessity: To fulfill our obligations in providing childcare services
• Legal obligation: To comply with childcare regulations and other applicable laws
• Vital interests: To protect the vital interests of children in our care
• Legitimate interests: To operate our nursery effectively and provide high-quality childcare
• Consent: Where we have explicitly asked for consent, such as for using photographs

Data Sharing
We may share personal data with:
• Local authorities and Ofsted, as required by law
• Other multi-agency safeguarding partners such as the police or social services
• Other childcare providers or schools (with parental consent)
• Medical professionals in case of emergencies
• Our IT service providers (subject to appropriate safeguards)
We do not sell personal data or share it with third parties for marketing purposes.

Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected,
or as required by law. Typically, we retain:
• Child and parent data for 3 years after the child leaves the nursery
• Staff data for 6 years after employment ends
• CCTV footage is stored on the system for up to 4 weeks and thereafter automatically
recorded over.

CCTV
We use CCTV on our premises for the safety and security of children, parents/carers, staff, visitors and
other agencies concerned with the setting.
The use of CCTV is informed by the guiding principles of the Surveillance Camera Code of Practice
(Home Office 2013) as follows:
• Use of a surveillance camera system must always have a specified purpose which is in pursuit
of a legitimate aim and necessary to meet a pressing need. The purpose will be to further
support the perception of the safety and well-being of children, staff and visitors to the
setting; to protect the setting and its assets; to assist in the detection of any crime that may
have been committed and ultimately to further ensure that the safeguarding and welfare
requirements of the Early Years Foundation Stage are adhered to at all times. CCTV is never
used without a specified purpose and likewise is not reviewed by staff members who do not
have authority and a specific reason for doing so.
• The use of a surveillance camera system must take into account its effect on individuals and
their privacy, with regular reviews to ensure its use remains justified. The Human Rights Act
(1998) gives every individual the right to private life and correspondence. This means that
CCTV will only be used in public areas of the setting i.e. reception and classrooms. We do not
use CCTV in private areas such as toilets.
• The owners/directors will review the continued use of CCTV at least annually.
• Complaints relating to the use of CCTV should be discussed with the headteacher in the first
instance following LCA Complaints procedure.
• There must be clear responsibility and accountability for all surveillance camera system
activities including images and information collected, held and used. The headteacher is
responsible for the day-to-day management of the CCTV system. Images are stored on the
system for up to 4 weeks and are then automatically recorded over. Images are not routinely
scrutinised unless there is a legitimate reason to do so, i.e. a complaint or allegation is made
by a parent, member of staff or visitor to the premises, or an allegation is made by a child.
• No more images and information should be stored than that which is strictly required for the
stated purpose of the surveillance camera system, and such images and information should
be deleted once their purpose is discharged
• Images are recorded over or destroyed after 4 weeks and are only used as stated above.
Images must not be destroyed before this time if an official request to view them is made.
• Only the setting headteacher, deputy and owners have access to retained CCTV images or
any other person authorised by them. Access to retained images and information should be
restricted and there must be clearly defined rules on who can gain access and for what
purpose such access is granted; the disclosure of images and information should only take
place for law enforcement purposes.
• If an instance arises where the CCTV images need to be reviewed to prove or disprove an
allegation or incident, this is the responsibility of the setting headteacher who will share the
images with the police, social care or Ofsted to assist with an official investigation if required.
A record is retained, containing the date of the incident/allegation; camera number of
positions; brief description of the incident/allegation – with reference to related safeguarding
forms; who the footage was viewed by, date viewed and action taken – and counter signed
by a senior member of staff.
If CCTV images are reviewed following an incident or an allegation, the process for using CCTV in
these circumstances is as follows:
• an allegation or incident occurs that may have been caught on CCTV
• setting headteacher reviews CCTV footage and retains a record
• setting headteacher reports their findings to the directors.
Head Office Tel: 020 83462909 Email: Operations Director am@littlecubsacademy.com
Website: https://www.littlecubsacademy.com
• if there is reason to believe that a crime may have been committed then an investigation
takes place following the Safeguarding children, young people and vulnerable adults
procedures and Record keeping procedures
• a parent or other person whose image has been recorded and retained and wishes to access
the images must apply to the setting headteacher in writing
• the Data Protection Act gives the headteacher the right to refuse a request to view the
images, particularly where such access may prejudice the prevention or detection of a
crime
• if access to the image is refused then the reasons are documented and the person who
made the request is informed in writing within 28 days. The images are not destroyed until
the issue is resolved at all times, Safeguarding children, young people and vulnerable adults
procedures are followed.

Data Security
We have implemented appropriate technical and organisational measures to protect personal data,
including:
• Secure, password-protected digital storage systems
• Limited access to personal data on a need-to-know basis
• Physical security measures for our premises

Your Rights
Under the UK GDPR, you have the right to:
• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your personal data (in certain circumstances)
• Restrict or object to processing
• Data portability
• Withdraw consent (where processing is based on consent)
To exercise these rights, please contact our privacy manager at info@littlecubsacademy.com or call
us at 0203 432 9704.

Complaints
If you have concerns about how we handle your personal data, please contact us first so we can
address your concerns. If you are not satisfied with our response, you have the right to lodge a
complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/ or by
calling 0303 123 1113.

Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal
reasons. We will notify you of any significant changes and make the updated policy available on our
website and at our premises.

Legal Basis

Human Rights Act 1989 Data Protection Act 1998 Protection of Freedoms Act 2012 GDPR 2018

Guidance

Surveillance Camera Code of Practice (Home Office 2013)
www.gov.uk/government/publications/surveillance-camera-code-of-practice