Whole School Approaches to Nurture Service privacy notice for participating school staff

We keep this privacy notice under regular review and it was last updated in April 2022.

Kent County Council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Who we are

Kent County Council (KCC), on behalf of the Whole School Approaches to Nurture Service provided by nurtureuk, collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Benjamin Watts, whose contact details are set out at the bottom of this privacy notice.

The Whole School Approaches to Nurture Service is delivered by nurtureuk and provides training and consultancy support to staff in mainstream primary and secondary schools in Kent, to assist them in implementing their own whole school approach to nurture in order to support the inclusion of pupils with Special Educational Needs and Disabilities (SEND).

Personal information we collect and use

Information collected by us

In order to provide you with details of training events, follow up to the events, updates, messages and to share information, we collect the following personal information when you provide it to us:

  • Your personal details, such as your name, address, email address and contact number when you register for the training or attend an event.
  • Your special category data, such as accessibility, dietary or health requirements, for the purpose of allowing us to make adjustments and cater to your specific needs when attending events or training sessions.
  • Recordings of online training sessions (will ensure that these do not contain your personal data unless you provide your consent during the registration process).
  • Photographs of you taken at events for promotional purposes.

How we use your personal information

We use your personal information for the following purposes:

  • To provide you with information or details of any events relating to the Whole School Approaches to Nurture Service.
  • To provide information regarding training and consultancy sessions and events. We will communicate with you about your booking and where events are conducted in person, will ensure that necessary arrangements are made for accessibility and dietary requirements. We will also contact you to obtain feedback on events attended and to provide information about future sessions.
  • To share and disseminate relevant information about the Whole School Approaches to Nurture Service to you that is pertinent to your role/organisation.
  • We may use photographs of you to promote the work of the Whole School Approaches to Nurture Service, with your consent.

Reasons we can collect and use your personal information

We collect and use your personal information to carry out tasks with your consent regarding sign ups to training and also for video recordings or using your photograph in our promotional material. We rely on the following legal basis under UK GDPR:

  • Article (6)(1)(a) - Consent: the individual has given clear consent to process their personal data for a specific purpose.

We also collect and use your personal information to carry out tasks in the public interest, in relation to the management of the programme and subsequent follow up, namely for the coordination of the Whole School Approach to Nurture Service to support the inclusion of children and young people with SEN in mainstream schools (as described in the SEN Code of Practice 2015, para 6.4: ‘the quality of teaching for pupils with SEN and the progress made by pupils should be a core part of the school’s performance management arrangements and it’s approach to professional development for all teaching and support staff’ which is underpinned by various pieces of legislation, such as Children & Families Act, 2014, Part 3). We rely on the following legal basis under UK GDPR:

  • Article (6)(1)(e) - Public task: the processing is necessary to perform a task in the public interest or for official functions (task or function has a clear basis in law).

When we collect or share special category personal data, to enable participation in training and feedback against our outcomes for the service, we rely upon the following legal bases under UK GDPR:

  • Article 9(2)(a) - Explicit consent.

Where we are relying on your consent to process your personal data, you may withdraw your consent at any time. Please note that if you consent to us using your image in our promotional material but later withdraw that consent, once we have published that material online or sent it out by email, due to the nature of the internet and the fact that it is possible for individuals to copy or save that digital image without our knowledge, we will not be able to effectively remove all traces of your image.

How long your personal data will be kept

We will hold and use the personal information that you provided to register for the service for 6 years, after which the information is made inaccessible to system users or securely destroyed.

Any photographs and images that are taken at events will be stored securely and used only for the purposes detailed within this privacy notice, for 6 years or until you withdraw your consent, whichever comes first.

Who we share your personal information with

We may share your personal data with the following third parties:

  • Teams within Kent County Council working to improve outcomes for children and young people.
  • Commissioned providers of local authority services.
  • Schools.
  • Partner organisations signed up to the Kent & Medway Information Sharing Agreement, where necessary, which may include health visitors, midwives, housing providers, Police, school nurses, doctors, and mental health workers.
  • The Department for Education and other government departments as required.
  • The Whole School Approaches to Nurture Service is delivered by KCC through its provider, nurtureuk, and your personal information will be shared between nurtureuk and KCC in order to co-ordinate and deliver the sessions.
  • Where you have consented to us doing so, your photographs may be used in print and electronic form including but not limited to publications, press, websites, apps and social media platforms.
  • We may share your information with professional advisors, such as lawyers, in the exercise of defence of legal claims.

We will share personal information with law enforcement or other authorities if required by applicable law.

Transferring your information outside of the UK

Nurtureuk uses cloud-based providers to store personal information. Some of those providers store information outside of the UK. Where your personal information is stored outside of the UK, nurtureuk has in place appropriate safeguards to ensure your personal information is subject to the same level of protection as it would be subject to within the UK. Those cloud-storage providers, the countries where they store personal information and, where applicable, the relevant safeguards are set out below:

  • Thinkific (Canada) – nurtureuk seek your consent when it will be using this provider to store your personal information outside of the UK.

Your rights

Under UK GDPR you have rights which you can exercise free of charge which allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you (subject access request)
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office (ICO)
  • withdraw consent at any time (if applicable).

Depending on our reason for using your information you may also be entitled to:

  • ask us to delete information we hold about you
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • object to how we are using your information
  • stop us using your information in certain ways.

We will always seek to comply with your request. However, we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office on individuals’ rights under UK GDPR.

If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.

Withdrawing your consent

Where we rely on your consent to process your personal information, you can withdraw your consent to our use of your data at any time.

You can do this by emailing data.protection@kent.gov.uk.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk, or write to: Data Protection Officer, Sessions House, Maidstone, Kent ME14 1XQ.

UK GDPR also gives you right to lodge a complaint with the Information Commissioner, who can be contacted via their website or by calling 03031 231113.

Read our corporate privacy statement.