1. INTRODUCTION
This Privacy Policy sets out what personal information Pelican Children’s Centre collected and why its collected. It covers:
- What data we collect
- How data is collected
- How data is used
- How data is stored
- How data is disposed of
- Data protection rights
Please read this Privacy Policy, providing consent to both documents in order to have permission to use our services.
2. DATA COLLECTED
DATA STORAGE LOCATION
We are UK based and operate web servers hosted in UK. Our hosting provider Firebox Creative adheres to the EU/US “Privacy Shield”, ensuring that your data is securely stored and GDPR compliant.
All information is stored appropriately, it is kept on is paper, USB and computer. Paper versions are kept in lockable units and filing cabinets in the office.
This information is accessed by the management team, and Trustees.
REGISTRATION DATA
If you register your child on our website, we store your information securely and transfer this offline for user within our internal system. You can request this personal information at any time. Website administrators can also see and edit this information.
We collect personal identification information such as name, address, phone number, email address etc.
We also collect data regarding safeguarding/ child protection or care plans or any other data relating to a child’s childcare.
COMMENTS
When you leave comments on the website we collect the data shown in the comments form, and also the IP address and browser user agent string to help spam detection.
CONTACT FORM
Information submitted through the contact form on our site is sent to our company email, hosted by Google. These submissions are only kept for customer service purposes they are never used for marketing purposes or shared with third parties.
GOOGLE ANALYTICS
We use Google Analytics on our site for anonymous reporting of site usage. So, no personalised data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.
HOW WE COLLECT DATA
The personal data information we collect is from
- registration forms,
- accident, incident, medical forms,
- SEND, care plans, referrals, IEP’s
- EYLOG,
- Me 2, 15 and 30 hour funding forms,
- safeguarding/child protection plans in place.
HOW THE DATA IS USED
This data used for its sole purpose and is collected to enable the centre to ensure that the child’s needs and safeguarding are protected.
The information we hold is used for Child Protection, SEND, and OFSTED.
In terms of the website, we use your personal information in the following cases:
- Verification/identification of the user during website usage;
- Sending updates to our users with important information to inform about news/changes;
- Checking the accounts’ activity in order to prevent fraudulent transactions and ensure the security of our customers’ personal information;
- Customise the website to make your experience more personal and engaging;
- Guarantee overall performance and administrative functions run smoothly.
3. EMBEDDED CONTENT
Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website. Below you can find a list of the services we use:YOUTUBE
We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.4. COOKIES
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics.
Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
First party cookies, related to login and on-site services such as registration, bookings and contact forms.
Third party cookies, relating to Google Analytics which helps us to optimise and improve the customer experience.
This Policy was adopted at a meeting of The Board of Trustees at Pelican Children’s Centre
NECESSARY COOKIES (ALL SITE VISITORS)
- cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
- PHPSESSID: To identify your unique session on the website.
NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
5. WHO HAS ACCESS TO YOUR DATA
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.
If you have used an online service – such as parent registration, your personal information can be accessed by:
- Our internal team.
- Our system administrators, including Firebox Creative.
6. THIRD PARTY ACCESS TO YOUR DATA
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us.
Information may be shared with HMRC, OFSTED, FIREBOX CREATIVE and PLYMOUTH CITY COUNCIL. In compliance with the Data Protection Act 2017, the information will not be shared with any other third party.
7. HOW LONG WE RETAIN YOUR DATA
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.
If you use our online registration service, we also store the personal information you provide and transfer this information to offline storage such as internal excel documents.
Information collected will stored for the required time then deleted or shredded.
8. SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected parents. If a breach of information has been identified we would follow the procedures set down by the ICO (Independent Commissioners Office), see Policy on Data Breach Management.
9. YOUR DATA RIGHTS
GENERAL RIGHTS
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
Anyone has the right to request to copies of any information and personal data we hold on them.
They have the right to request that Pelican Children’s centre correct any information that they believe to be inaccurate. They also have the right to request that any incomplete information is completed.
GDPR RIGHTS
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. Pelican Childrens Centre permits residents of the European Union to use its Service. Therefore, it is the intent of AxiomThemes to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
11. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to Pelican, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with English law.