Nant-y-Cwm School

Steiner Education

Privacy Policy

Who we are

Our website address is: https://nant-y-cwm.co.uk.

What personal data we collect when visiting our website and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is [our legitimate interests, namely the proper administration of our website and business and communications with users].

Emails

When you send an email to the email address displayed on our website, we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email). The legal basis for this processing is [our legitimate interests, namely responding to enquiries and messages we receive and keeping records of correspondences]

Google Forms

This website uses Google Forms. The data that is entered in the form is only transmitted to Nant-y-Cwm Steiner School’s G Suite if you submit the form by clicking on the corresponding Submit button. The legal basis for this processing is [our legitimate interests, namely solving problems and enhancing our services]

Use of Cookies

Our Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

External data processors

G Suite is a tool for providing services which are available over the internet. We use Google Forms to collect and Google Drive to store information relating to events, family feedback and staff questionnaires. Data is stored securely inside Nant-y-Cwm Steiner School’s G Suite.

G Suite is General Data Protection Regulation (GDPR) compliant. Information about Google’s compliance with international legal obligations on data protection can be seen in the Data Processing Amendment to G Suite and/or Complementary Product Agreement, which describes the extensive measures established for data security.

Analytics

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. The results of these reports are anonymised and no personally identifiable information is presented. Google’s privacy policy is available at: policies.google.com/privacy.

Who we share your data with

We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We keep your personal data for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal data to comply with our legal and regulatory requirements.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Contact information

This website is owned and operated by Richard Turner .

Our address is Nant-y-Cwm Steiner School, Llanycefn, Nr Clynderwen, Pembrokeshire SA66 7QJ.

You can contact us:

  • by post, to the address given above;
  • using our website contact form;
  • by telephone, on the contact number published on our website from time to time; or
  • by email, using the email address published on our website from time to time.

To exercise all relevant rights, queries or complaints please in the first instance contact Richard Turner using any of the methods provided in the list above.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Additional information

How we protect your data

The security of your personal information is of paramount importance to us and we use a wide range of technical and organisational security measures to safeguard it, including physical, electronic, and procedural controls.

What data breach procedures we have in place

We protect customer data with the following website features:

  • We are entirely using SSL/HTTPS throughout our site. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization.
  • Databases are sanitized (actual user personal details are removed) before deploying to development or testing environment.
  • The software used to run this website is constantly updated as and when updates, including security updates, become available.

In case of a data breach, System Administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.

What third parties we receive data from

We receive no data from third parties other than analytics information (refer to the Analytics section above).

What automated decision making and/or profiling we do with user data

We do not use automated decision-making. Regarding profiling, we use the tracking tool Google Analytics (refer to the Analytics section above).

Industry regulatory disclosure requirements

We have no industry regulatory disclosures.

The personal data we collect from parents/carers and pupils

A General Data Protection Regulation (GDPR) notice to inform the parents/carers and pupils of our company, Nant-y-Cwm School Limited, of the types of data we process about you, the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.