Privacy Policy

Congratulations! You’ve found it.   The single best page on our website, and probably the one you’ve been searching for.

Who we are

We are a small, charity run pre-school – Orchard Preschool and Playgroup.   Our website address is: http://www.lustleighorchardpreschool.co.uk.

We’re not trying to sell you anything, and we certainly don’t sell or pass on any of your data.

What personal data we collect and why we collect it

We’re not really into collecting data about people.   We’d much rather be out in the nature garden playing with the children, but we do collect a little bit, and we want to make sure we comply with the General Data Protection Regulation (GDPR), and the Privacy and Electronic Communications Regulations (PECR), which are both as much fun as they sound.

Comments

If you leave a comment on our blog, using the comments form, then this information will be displayed on the site.   We also store your IP address and browser user agent string to help spam detection, but this is held separately for this purpose, and never linked to any other information.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you’d like us to remove your comment or personal details, just send us an email, and we’ll do it as soon as we can.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you fill in our contact form, then that information will be sent to us by email, where we will use it for our legitimate purposes, to provide you with any answers.

Cookies

We don’t have many browser cookies (we prefer chocolate chip), but do use Google Analytics to let us know how many people have visited the website.  Because we don’t link this with any other information, and it is anonymised we don’t think this is personal data, but if you are worried, you can block cookies in your browser.

Who we share your data with

We don’t share your data outside of our organisation, unless required to do so by law.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Data submitted through our contact form is held in our email in line with our data retention policy, and deleted when no longer needed.

What rights you have over your data

If you have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service, but this is only held in session by them, not written to disc, so they don’t know who you are.

What data breach procedures we have in place

In the unlikely event that personal data is lost by us to a third party, we will immediately contact all people affected by the breach.

We will also contact the regulator, the ICO, to inform them.

What automated decision making and/or profiling we do with user data

We don’t make any computer decisions or profiling with your data.