Last updated: April 2026

Review date: April 2027

Paint Pots Preschool & Nursery Data Protection Officer: Joseph Wright

Introduction & Overview

This Data Protection Policy sets out how Paint Pots Preschool & Nursery collects, processes, stores, and protects personal data in line with the Data Protection Act 2018, the UK GDPR, and the Data Use and Access Act 2025 (DUAA).

We are committed to safeguarding personal data, respecting individual privacy, and handling data responsibly and lawfully.

Privacy Commitment

Paint Pots Preschool & Nursery is committed to the protection and security of your personal information. We collect only what is necessary to provide our services and comply with our legal obligations.

Legal Framework and Data Protection Principles

Our data protection practices are underpinned by the following legal framework:

We are committed to complying with these laws and ensuring all staff understand and act in accordance with their responsibilities. These laws are enforced by the Information Commissioner's Office (ICO), which has powers to investigate, audit, and impose penalties.

In accordance with these laws, we uphold the seven core Data Protection Principles:

  1. Lawfulness, Fairness, and Transparency – We collect and process personal data in a lawful manner, ensure fairness in how individuals are treated, and are transparent about how we use data.
  2. Purpose Limitation – We collect data for specific, explicit, and legitimate purposes, and do not use it for any incompatible purpose.
  3. Data Minimisation – We only collect the data we actually need and no more.
  4. Accuracy – We take steps to ensure personal data is accurate and, where necessary, kept up to date.
  5. Storage Limitation – We only keep personal data for as long as necessary and in line with our retention schedule.