Privacy Policy

Policy Last Updated: May 2018

Data protection is a particularly high priority for the management of Bridgewater Nursery, and the use of the Bridgewater Nursery website is possible without any submission or indication of personal data; however, some services via our website may require processing personal data. Because of this, we will ask for consent from all users upon visiting the website for the first time.

The processing of personal data, such as name, address, email address, or telephone number, shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Bridgewater Nursery. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, users are informed, by means of this data protection declaration, of the rights to which they are entitled.

Bridgewater Nursery has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, every user is free to transfer personal data to us via alternative means, e.g., by telephone.

1. Definitions

The data protection declaration of Bridgewater Nursery is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use the following terms:

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public authority, agency, or other body to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Bridgewater Nursery
1A Bridgewater Road,
Altrincham, WA14 1LB

Phone: 0161 820 0288
Email: admin@bridgewaternursery.com
Website: https://www.bridgewaternursery.com

3. Cookies

The Internet pages of Bridgewater Nursery use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID, which is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.

Through the use of cookies, Bridgewater Nursery can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

Cookies allow us, as previously mentioned, to recognise our website users. The purpose of this recognition is to make it easier for users to utilise our website. For example, website users that use cookies do not have to enter access data each time the website is accessed, because this is managed by the website, and the cookie is thus stored on the user’s computer system.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

4. Collection of General Data and Information

The Bridgewater Nursery website collects a series of general data and information when a data subject or automated system accesses the website. This general data and information are stored in the server log files. Collected data may include:

The browser types and versions used,
The operating system used by the accessing system,
The website from which an accessing system reaches our website (so-called referrers),
The sub-websites accessed,
The date and time of access to the website,
An Internet protocol address (IP address),
The Internet service provider of the accessing system, and
Any other similar data and information.

When using these general data and information, Bridgewater Nursery does not draw any conclusions about the data subject. Rather, this information is required to:

Deliver the content of our website correctly,
Optimise the content of our website,
Ensure the long-term viability of our information technology systems and website technology, and
Provide law enforcement authorities with the necessary information for criminal prosecution in case of a cyber-attack.

Bridgewater Nursery analyses anonymously collected data and information statistically, with the aim of enhancing data protection and data security and ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Subscription to Our Newsletters

When registering your child at Bridgewater Nursery, parents are given the opportunity to subscribe to our newsletter. During the registration for the newsletter, we also store the date and time of the registration. The collection of this data is necessary to prevent the possible misuse of the email address of a data subject at a later date, serving the purpose of legal protection for the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter via an email service provider. In addition, subscribers to the newsletter may be informed by email of other key updates relating to the nursery, as long as this is necessary for the operation of the newsletter service or the registration in question.

The subscription to our newsletter may be terminated by the data subject at any time by using the ‘Unsubscribe’ link at the bottom of every newsletter we send out. The consent to the storage of personal data, which the data subject has given for sending the newsletter, may be revoked at any time.

6. Newsletter-Tracking

The 22 Street Lane Nursery newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, 22 Street Lane Nursery may see if and when an email was opened by a data subject, and which links in the email were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties.

7. Contact Possibility via the Website

The Bridgewater Nursery website contains several forms through which data and information can be transmitted to the nursery. If a data subject contacts us via a contact form, the personal data provided by the data subject are automatically stored. Such personal data, transmitted voluntarily by the data subject to the data controller, are stored for the purpose of processing the inquiry or contacting the data subject. This also includes the submission time of the query, as well as the current IP address of the user who submitted the form.

There is no transfer of this personal data to third parties.

8. Routine Erasure and Blocking of Personal Data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as long as this is permitted by the European legislator or other legislators in laws or regulations to which the controller is subject. The retention period for personal data may vary depending on the type of information, as we are required to retain certain data for specific lengths of time in accordance with UK or European regulations.

Once the retention period has expired, or once the purpose of processing has been fulfilled, the personal data will be routinely erased or blocked in compliance with applicable laws.

9. Rights of the Data Subject

a) Right of Confirmation
Each data subject has the right to confirm whether or not any personal data concerning them is being processed. If a data subject wishes to exercise this right, they may contact the Group Marketing Department for confirmation.

b) Right of Access
Each data subject has the right to obtain free information about their personal data stored and a copy of this information. The information provided will include:

The purposes of processing;
The categories of personal data concerned;
The recipients or categories of recipients to whom the data has been or will be disclosed;
The envisaged period for which the personal data will be stored or the criteria used to determine the period;
The right to request rectification, erasure, or restriction of processing, or to object to processing;
The right to lodge a complaint with a supervisory authority;
Information about the source of the data if it wasn’t collected from the data subject;
The existence of automated decision-making, including profiling, and the logic involved. If a data subject wishes to exercise this right, they may contact the Group Marketing Department for access to this information.

c) Right to Rectification
Each data subject has the right to obtain rectification of inaccurate personal data concerning them without undue delay. If the personal data is incomplete, they may also have the right to have it completed. To exercise this right, they may contact the Group Marketing Department.

d) Right to Erasure (Right to be Forgotten)
Each data subject has the right to obtain the erasure of personal data concerning them without undue delay when the data is no longer necessary, consent is withdrawn, or there are other legal grounds for erasure. If a data subject wishes to request erasure, they may contact the Group Marketing Department for assistance. If personal data has been made public, reasonable steps will be taken to inform other controllers of the erasure request.

e) Right to Restriction of Processing
Each data subject has the right to restrict the processing of their personal data in certain situations, such as when data accuracy is contested or when the data is unlawfully processed. To request a restriction, the data subject may contact the Group Marketing Department.

f) Right to Data Portability
Each data subject has the right to receive personal data provided to the controller in a structured, commonly used, and machine-readable format and to transmit it to another controller, provided the processing is based on consent or contract. The data subject may contact the Group Marketing Department to exercise this right.

g) Right to Object
Each data subject has the right to object to processing of their personal data on specific grounds, such as when processing is based on legitimate interests or when data is processed for direct marketing. If the objection is related to direct marketing, 22 Street Lane Nursery will cease processing the data for these purposes. To exercise this right, the data subject may contact the Group Marketing Department.

h) Automated Individual Decision-Making, Including Profiling
Each data subject has the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affect them. If the data subject wishes to exercise this right, they may contact the Group Marketing Department for assistance.

i) Right to Withdraw Data Protection Consent
Each data subject has the right to withdraw consent for processing of personal data at any time. If the data subject wishes to withdraw consent, they may contact the Group Marketing Department.

j) Right to Outsource Data
The data controller reserves the right to outsource digital services to third-party partners. If this occurs in the future, data subjects will be contacted for consent to continue processing their personal data. For any concerns or actions related to data outsourcing, data subjects may contact the Group Marketing Department.

10. Data protection provisions about the application and use of Facebook

We have integrated Facebook components into the 22 Street Lane Nursery website. The operating company of Facebook is Facebook, Inc., located at 1 Hacker Way, Menlo Park, CA 94025, United States. The European controller is Facebook Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Some pages on our website contain additional Facebook components that allow users to “share” a link to the page on their personal Facebook account. If a user is logged in to Facebook at the same time and clicks on one of the Facebook buttons integrated into our website, Facebook will match this information with the user's personal Facebook account and store the personal data.

Facebook always receives information about a visit to our website whenever the user is logged in to Facebook at the time they visit our website. If the user does not want this transmission of data to Facebook, they can prevent it by logging off from their Facebook account before visiting our website.

The Facebook Data Protection Policy, available at https://www.facebook.com/about/privacy/, provides detailed information about the collection, processing, and use of personal data by Facebook. It also explains the settings options available to users to protect their privacy and provides different configuration options to prevent data transmission to Facebook. Users can use these settings to stop data from being transmitted to Facebook.

11. Data protection provisions about the application and use of Google Analytics (with anonymisation function)

On this website, the controller has integrated the Google Analytics component (with the anonymisation function). Google Analytics is a web analytics service that collects, analyzes, and processes data about visitors' behavior on websites. Web analytics services collect data such as the website from which a person has arrived (the so-called referrer), which sub-pages were visited, and how often and for what duration a sub-page was viewed. Web analytics are primarily used for website optimization and conducting cost-benefit analysis of internet advertising.

The operator of the Google Analytics component is Google Inc., located at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For web analytics, the controller uses the application "_gat._anonymizeIp". With this function, Google anonymizes the IP address of the data subject when they access our website from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of Google Analytics is to analyze traffic on our website. Google uses the collected data to evaluate the use of our website, provide online reports showing website activity, and offer additional services related to website usage.

Google Analytics places a cookie on the data subject’s information technology system. This cookie enables Google to analyze the use of our website. Each time a user visits one of our website pages with Google Analytics integrated, the user’s browser will automatically send data to Google for online advertising purposes and commission settlement. As a result of this technical process, Google learns personal information, such as the user’s IP address, which helps Google understand the origin of visitors and clicks, and later create commission settlements.

The cookie is used to store personal data, including access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit, personal data, including the IP address of the user’s internet connection, is sent to Google in the United States. These personal data are stored by Google in the United States, and Google may transfer this information to third parties.

As mentioned earlier, the user can prevent the setting of cookies at any time by adjusting the browser settings, thus permanently denying cookies from being set. This adjustment would also prevent Google Analytics from placing a cookie on the user’s system. Furthermore, cookies that have already been placed by Google Analytics can be deleted at any time via the browser or other software programs.

Additionally, the user has the option to object to the collection of data generated by Google Analytics related to their use of the website and the processing of this data by Google. To do so, the user must download and install a browser add-on available at: https://tools.google.com/dlpage/gaoptout. This add-on informs Google Analytics via JavaScript that no data or information from website visits should be transmitted to Google Analytics. Installing this add-on is considered an objection by Google. If the user’s system is later deleted, formatted, or newly installed, the user must reinstall the add-on to disable Google Analytics. If the add-on is uninstalled or disabled by the user or someone else in their control, it is possible to reinstall or reactivate the add-on.

For further information and the applicable data protection provisions of Google, visit:

12. Data protection provisions about the application and use of Instagram

On this website, the controller has integrated components of the Instagram service. Instagram is a service that functions as an audiovisual platform, enabling users to share photos and videos, as well as disseminate such data across other social networks.

The operating company of Instagram services is Instagram LLC, located at 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.

With each visit to a page on this website that contains an Instagram component (such as the Instagram button), the user’s browser automatically prompts the download of the corresponding Instagram component. During this technical process, Instagram becomes aware of which specific sub-page of the website the user visited.

If the user is logged in to Instagram at the time of visiting the website, Instagram detects which sub-page of our website the user visited throughout their stay. This information is collected through the Instagram component and is associated with the user’s Instagram account. If the user clicks on one of the Instagram buttons integrated into the website, Instagram links this action with the user’s Instagram account and stores the personal data.

Instagram receives information through the Instagram component about the user's visit to our website, provided that the user is logged in to Instagram during the visit. This occurs regardless of whether the user interacts with the Instagram button. If the user does not want this information to be transmitted to Instagram, they can prevent it by logging out of their Instagram account before visiting our website.

For further information and the applicable data protection provisions of Instagram, you can refer to:

13. Data protection provisions about the application and use of LinkedIn

The controller has integrated components of LinkedIn Corporation on this website. LinkedIn is a web-based social network that allows users with existing business contacts to connect and form new business relationships. With over 400 million registered users across more than 200 countries, LinkedIn is one of the largest platforms for professional networking and one of the most visited websites globally.

The operating company of LinkedIn is LinkedIn Corporation, located at 2029 Stierlin Court Mountain View, CA 94043, United States. For privacy matters outside of the United States, LinkedIn Ireland is responsible, and they can be contacted at Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a user visits a page on this website that contains a LinkedIn component (such as the LinkedIn plugin), the user's browser automatically prompts the download of the relevant LinkedIn component. More details about the LinkedIn plugin can be found at LinkedIn Plugin. During this process, LinkedIn becomes aware of which specific sub-page the user visited.

If the user is logged into LinkedIn at the same time, LinkedIn tracks which specific sub-page of the website the user visits throughout their stay. This information is associated with the user's LinkedIn account. If the user clicks on one of the LinkedIn buttons integrated on the website, LinkedIn links this interaction with the user's LinkedIn account and stores the personal data.

LinkedIn also receives information that the user has visited the website, provided the user is logged into LinkedIn at the time. This occurs regardless of whether the user clicks the LinkedIn button. If the user does not want this information to be transmitted to LinkedIn, they can prevent it by logging out of their LinkedIn account before visiting the website.

LinkedIn provides the option to unsubscribe from email messages, SMS messages, and targeted ads through the following link: LinkedIn Guest Controls. The user can also manage ad settings there. LinkedIn uses affiliates like Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, and users can deny the setting of such cookies through LinkedIn Cookie Policy.

For further information, the applicable LinkedIn privacy policy is available at LinkedIn Privacy Policy.

14. Data protection provisions about the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly accessible microblogging service where users can publish and spread short messages called "Tweets," limited to 280 characters. These Tweets are visible to everyone, including those who are not logged into Twitter. They are also shown to the user's followers—other Twitter users who follow the user's Tweets. Additionally, Twitter allows users to reach a broad audience via hashtags, links, or Retweets.

The operating company of Twitter is Twitter, Inc., located at 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

When a user visits a page on the website containing a Twitter component (such as the Twitter button), the user's browser automatically prompts the download of the relevant Twitter component. More information about the Twitter buttons is available at Twitter Publish. During this process, Twitter learns which specific sub-page of the website was visited by the user. The integration of the Twitter component aims to retransmit the contents of the website, enabling users to share the webpage and increase visitor traffic.

If the user is logged into Twitter at the same time, Twitter will detect which specific sub-page of the website was visited throughout their session. This information is collected through the Twitter component and linked to the user’s Twitter account. If the user clicks on one of the Twitter buttons integrated into the website, Twitter associates this action with the user's personal Twitter account and stores the personal data.

Twitter also receives information that the user has visited the website, provided the user is logged into Twitter at the time of the website visit. This happens regardless of whether the user clicks on the Twitter button. If the user does not wish for this information to be transmitted to Twitter, they can prevent it by logging out of their Twitter account before visiting the website.

For further details, the applicable Twitter data protection provisions can be accessed at Twitter Privacy Policy.

15. Data protection provisions about the application and use of YouTube

On this website, the controller has integrated components of YouTube. YouTube is an internet video portal that allows video publishers to upload clips and other users to freely view, review, and comment on these videos. YouTube supports the publication of various types of videos, including full movies, TV broadcasts, music videos, trailers, and user-generated content.

The operating company of YouTube is YouTube, LLC, located at 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. YouTube, LLC is a subsidiary of Google Inc., based at 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, UNITED STATES.

When a user visits a page on the website with an integrated YouTube component (e.g., a YouTube video), the browser on the user's device automatically downloads and displays the relevant YouTube component. More information about YouTube can be found at YouTube About. During this process, YouTube and Google become aware of which specific sub-page of the website the user has visited.

If the user is logged into YouTube, YouTube recognizes the sub-page that contains a YouTube video and collects this information, associating it with the user's YouTube account.

Both YouTube and Google receive information that the user has visited the website, provided the user is logged into YouTube at the time of the visit. This occurs even if the user does not click on the video. If the user does not wish for this information to be shared with YouTube and Google, they can prevent it by logging out of their YouTube account before visiting the website.

For further details on the collection, processing, and use of personal data by YouTube and Google, the applicable data protection provisions can be accessed at YouTube Privacy Policy.

15. Data protection provisions about the application and use of YouTube

If the user is logged into YouTube, YouTube recognizes the sub-page that contains a YouTube video and collects this information, associating it with the user's YouTube account.

For further details on the collection, processing, and use of personal data by YouTube and Google, the applicable data protection provisions can be accessed at YouTube Privacy Policy.

16. Legal basis for the processing

The legal basis for processing personal data under the General Data Protection Regulation (GDPR) is as follows:

Consent (Article 6(1) lit. a GDPR): If personal data processing is based on the data subject's consent, it serves as the legal basis for processing operations intended for a specific purpose. Consent is typically required for activities where explicit permission is needed from the individual before processing their data.
Contractual necessity (Article 6(1) lit. b GDPR): If the processing of personal data is necessary for the performance of a contract, such as when processing is needed for the supply of goods or the provision of services, the processing is based on this legal basis. It also applies to pre-contractual measures, such as inquiries about products or services.
Legal obligation (Article 6(1) lit. c GDPR): If the company is subject to a legal obligation that requires processing personal data (for example, fulfilling tax obligations), the processing is based on this legal foundation.
Protection of vital interests (Article 6(1) lit. d GDPR): In rare cases, personal data processing may be necessary to protect the vital interests of the data subject or another natural person. For instance, if an individual is injured and their name, age, or health insurance information needs to be shared with a doctor, hospital, or other third parties, the processing is based on this legal basis.
Legitimate interests (Article 6(1) lit. f GDPR): Processing operations may also be based on legitimate interests pursued by the controller or a third party, provided these interests are not overridden by the data subject's rights and freedoms. The European legislator has identified legitimate interests, such as when the data subject is a customer of the controller, as permissible grounds for processing under this provision (Recital 47 Sentence 2 GDPR).

17. The legitimate interests pursued by the controller or by a third party

When personal data is processed based on Article 6(1) lit. f GDPR (legitimate interests), the legitimate interest pursued by the controller is to conduct business activities in a manner that benefits the well-being of the company's employees and shareholders. This may include processing data to improve business operations, ensure security, enhance employee engagement, and foster the overall success and growth of the company.

18. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

19. Provision of Personal Data as Statutory or Contractual Requirement; Requirement Necessary to Enter into a Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide Such Data

We inform the data subject that the provision of personal data may be required by law (e.g., for compliance with tax regulations) or by contractual obligations (e.g., to provide necessary information for the contractual partner).

In certain cases, personal data is necessary for the conclusion of a contract. For instance, when our company enters into an agreement with the data subject, they are obligated to provide personal data that must be processed. Failure to provide the required personal data would prevent the contract from being concluded.

Before providing personal data, the data subject should contact the Group Marketing Department, where an employee will clarify whether the provision of personal data is mandated by law or contract, whether it is necessary for the contract's conclusion, and explain the consequences if such data is not provided.

20. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

21. Controlling Your Cookies

By using our site, you are consenting to accept the cookies we utilise to enhance user experience and deliver a first rate website service. You are, of course, not required to consent to using our cookies, and we can help you set your internet browser to reject them. However, we do warn that this will hinder your user experience.

In order to turn off any cookies that may be placed on your computer, please select your internet browser from the list below, and follow the instructions in the relevant link.

For mobile devices, click here: