Staff Privacy Notice

Last modified: 25 October 2024

Data ControllersHampshire County Council 
 Ofsted 
 St. James Church 
Data ProcesserLittle Fishes Nursery SchoolChurch Lane, Rowledge,
Farnham, GU10 4EN
Data Protection LeadVicar of St James Churchvicar@stjamesrowledge.org.uk​ 01252 792402  
Data Protection AdministratorEmily Scotcheradmin@littlefishesrowledge.org.uk 01252 794617

At Little Fishes Nursery School, we promise to keep your data safe and private and only use your personal information to manage your employment at the Nursery School.

Your privacy is protected by law which says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing outside of Little Fishes Nursery School. The law says we must have one or more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

From time to time, we will need to contact you, via phone or email to provide you with nursery updates, share important news or send your monthly payslips.

The categories of employee information that we collect, hold and share

We process data relating to those we employ, or otherwise engage, to work at our nursery school. Personal data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to:

  • Contact details
  • Date of birth, marital status and gender
  • Next of kin and emergency contact numbers
  • Salary, annual leave, pension and benefits information
  • Bank account details, payroll records, National Insurance number and tax status information
  • Recruitment information, including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process
  • Disclosure and Barring Information
  • Qualifications and employment records, including work history, job titles, working hours, training records and professional memberships
  • Performance information
  • Outcomes of any disciplinary and/or grievance procedures
  • Absence data
  • Copy of driving licence and / or passport
  • Photographs

We may also collect, store and use information about you that falls into “special categories” of more sensitive personal data. This includes information about (where applicable):

  • Race, ethnicity, religious beliefs, sexual orientation and political opinions
  • Trade union membership
  • Health, including any medical conditions, and sickness records

Why we collect and use this information

  • To enable the development of a comprehensive picture of the workforce and how it is deployed
  • To analyse areas of development in our teams
  • To meet our EYFS staffing targets
  • To assess the quality of our services
  • To comply with the law regarding data sharing
  • To enable individuals to be paid

The lawful basis on which we use this information

We collect and use employee information under GDPR Article 6, 1b, 1c and 1f, as well as Article 9, 2a.

Collecting employee information

Whilst the majority of employee information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this. Data is collected via your application form and new starter forms, as well as supervision and appraisal forms during your employment.

Storing employee data

We hold employee data for up to six years from their end date with Little Fishes Nursery School. Unsuccessful applicant data is held for one year. Employee data is collected through forms and stored on site at the nursery in locked filing cabinets or on secure internet-based cloud storage (Microsoft Onedrive).

Who we share employee information with

We routinely share employee information with:

  • MSP for payroll
  • Our local authority
  • Ofsted
  • Other staff members

We do not share information about our employees with anyone without consent unless the law and our policies allow us to do so.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

Requesting access to your personal data

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your employment records, contact the Manager or Nursery Data Protection Lead.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Right to be forgotten

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Whilst an employee still works for Little Fishes, the right may not be exercised, as the personal data is still necessary for the purpose for which we originally collected it for.

Notice of Breach of Security

We will notify you if there was a breach of your personal information. If a security breach causes an unauthorised intrusion into our system that materially affects you or your information, then we will notify you as soon as possible and later report the action we took in response.

Data breach procedures

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A breach could include:

  • loss or theft of devices or data, including information stored on USB drives or on paper
  • hacking or other forms of unauthorised access to a device, email account or the network
  • disclosing personal data to the wrong person, through wrongly addressed emails, or bulk emails that inappropriately reveal all recipients’ email addresses
  • alteration or destruction of personal data without permission and not in line with policy.

An identified data breach will be reported to the Information Commission’s Office (ICO) within 72 hours by the data protection lead. In the event that full details of the nature and consequences of the data breach are not immediately accessible (e.g. because Data protection leads do not work on every normal weekday), the Data protection lead will bring that to the attention of the Information Commissioner’s Office and undertake to forward the relevant information as soon as it becomes available. The Trustees will report the breach as a serious incident to the Charity Commission.

Where there is likely high risk to individuals’ rights and freedoms, Little Fishes will inform those individuals affected by the personal data breach without undue delay. The Data protection lead will keep a record of all personal data breaches reported, and follow up with appropriate measures and improvements to reduce the risk of reoccurrence.

Safeguarding Your Information

We work hard to keep your information safe and secure. We take reasonable and appropriate measures to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.

How to ask questions about this notice

If you have any questions, comments or concerns about any aspect of this notice or how we handle your data please contact Amber Delves, manager of Little Fishes Nursery School, on 01252 794617 or manager@littlefishesrowledge.org.uk

If the manager is not able to address your concern, please contact the Data Protection lead, whocan be contacted on 01252 792402​ or at vicar@stjamesrowledge.org.uk​

How to contact the Information Commissioner Office (ICO)

If you are concerned about the way your data is handled and remain dissatisfied after raising your concern, you have the right to complain to the Information Commissioner Office (ICO). The ICO can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or https://ico.org.uk/.

Changes to this notice

We keep this notice under regular review. Any changes to this notice will be shared with you so that you may be aware of how we use your data at all times.

07.01b LF Staff Privacy Notice 2024-25Download