Privacy Policy

At The Learning Lodge Nursery, we promise to keep your data safe and private and only use your personal information to manage your account and provide tailored care to your child.

Your privacy is protected by law and the General Data Protection Regulation (GDPR) which says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing outside of The Learning Lodge Nursery. The law says we must have one of more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

From time to time, we will need to contact you, via phone or email to provide you with nursery updates, share important information or send your monthly invoices.

The categories of child information that we collect, hold and share include

  • Personal information and contacts (such as name, date of birth and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth)
  • Attendance information (such as sessions attended, absences and absence reasons)
  • Assessment information (such as development records, progress reports and observations)
  • Medical information (such as immunisation records, allergy information or dietaries)
  • Safeguarding information (such as court orders and professional involvement)
  • Special educational needs (including the needs and ranking)

The categories of parent or carer information we collect and hold include:

  • Personal information (such as name, address and contact details)
  • Characteristics (such as appearance)

Why we collect and use this information

We use child data:

  • to support child learning
  • to monitor and report on child progress
  • to provide appropriate care
  • to assess the quality of our services
  • to comply with the law regarding data sharing

We use parent or carer data:

  • to support a child’s care
  • to help identify parents when collecting children
  • for the purposes of maintaining open communication
  • to assess the quality of our services
  • to comply with the law regarding data sharing

The lawful basis on which we use this information

We collect and use child information under GDPR Article 6, 1b, 1c and 1f, as well as Article 9, 2a and 2c.

Collecting child information

Whilst the majority of child information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain child information to us or if you have a choice in this. Data will be collected via your registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery. You may also be asked to sign local authority forms, such as funding consent.

Collecting parent or carer information

When registering your child, the majority of the information you provide about yourselves will be mandatory, although we may also ask for some voluntary information to help us care for your child. Data will be collected via your child’s registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery.

Storing child data

We hold child data for up to seven years from their start date with The Learning Lodge Nursery, or two years from their last day.

Who we share child information with
We routinely share child information with:

  • schools or settings that the child attends after leaving us
  • our local authority
  • Ofsted

Sharing of child information
We do not share information about our children with anyone without consent unless the law and our policies allow us to do so.

Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education, go to

Requesting access to your personal data

Under data protection legislation, parents have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational records, contact your Nursery Manager or Nursery Data Protection Officer.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at

Right to be forgotten

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Whilst a child or employee still attends The Learning Lodge Nursery, the right may not be exercised, as the personal data is still necessary for the purpose for which we originally collected it for.

Notice of Breach of Security

We will notify you if there was a breach of your personal information. If a security breach causes an unauthorised intrusion into our system that materially affects you or your information, then we will notify you as soon as possible and later report the action we took in response.

Safeguarding Your Information

We work hard to keep your information safe and secure. We take reasonable and appropriate measures to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information. We rely on Microsoft and Connect Childcare to safeguard the physical and technical security of your information, and we have documented and enforced controls to limit access to, and to protect your information.


We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the modification date located at the bottom. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the nursery website.