Video 1

Privacy Policy

KIDACTIVE is aware of its obligations with regard to storing and sharing information under the General Data Protection Regulation, and is committed to complying with its regulations.

This policy applies to the processing of personal data of customers in manual and electronic records kept by KIDACTIVE. It also covers our response to any data breach and other rights under the GDPR.

Access to data
Customers have a right to access personal data that we hold on them. To exercise this right, customers should make a Subject Access Request with evidence of their identity.

Requests made in relation to a customer’s data from a third party should be accompanied by evidence that the third party is able to act on the customers behalf. If this is not provided, we may contact the third party to ask that such evidence be forwarded before we comply with the request.

Usually, we will comply with a request without delay and at the latest within one month. Where requests are complex or numerous, we may contact the customer to inform them that an extension of time is required. The maximum extension period is two months.

We will normally comply with a request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact the customer requesting a fee of £25.00 (administration). This fee must be paid in order for us to comply with the request. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances.

We may refuse to deal with a subject access request if it is manifestly unfounded or excessive, or if it is repetitive. Where it is our decision to refuse a request, we will contact the customer without undue delay and at the latest within one month of receipt, to inform them and to provide an explanation.

Third party processing
Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain KIDACTIVE’s commitment to protecting data.

Customer privacy notice
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, our customers, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

A) Data protection principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

a) Processing is fair, lawful and transparent;
b) Data is collected for specific, explicit, and legitimate purposes;
c) Data collected is adequate, relevant and limited to what is necessary for the purposes of processing;
d) Data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay;
e) Data is not kept for longer than is necessary for its given purpose;
f) Data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
g) We comply with the relevant GDPR procedures for international transferring of personal data.

B) Types of data held
We keep several categories of personal data on our customer in order to carry out effective and efficient processes such as managing bookings, create registers, invoices and other documents/tools which relate to the functioning or running of our childcare services. We keep this data in a personnel file relating to each customer and we also hold the data within our computer systems.

Specifically, we hold the following types of data:

a) Child’s personal details i.e. name, date of birth, nationality, address, medical history, dietary requirements and any other information deemed to be significant;
b) Parents/carers, name, address, contact numbers and bank details (applies to refunds).

C) Collecting your data
We gather customer data via information entered into our database by our customer when 'they' register a portal via our website, when a customer subscribes to our mailing list and when a customer visits our Club/s and corresponds with us by phone, e-mail or post.

Information we receive from other sources
We may be working closely with third parties (including, for example, your child’s current school, medical practitioners, photographers, local authorities, education authorities, business partners, payment and delivery services, debt collectors, lawyers and credit reference agencies) and may receive information about you from them.

D) Lawful basis for processing
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement or in order for us to effectively provide customers with out of school childcare.

Data processing we undertake and the lawful basis we rely on
We maintain comprehensive up to date personnel records about customers to ensure effective correspondence can be achieved and appropriate contact points in the event of an emergency.

E) Who we share your data with
Employees within our company who have responsibility for administration will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR. Data is shared with third parties if we are required to by government bodies or law enforcement agencies. We do not share your data with bodies outside of the European Economic Area.

F) Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

G) Retention periods
We only keep your data for as long as we need it for. Some data retention periods are set by the law. We keep records on children/ young adults until they reach 21.

H) Customer rights
You have the following rights in relation to the personal data we hold:

a) The right to be informed about the data we hold on you and what we do with it;
b) The right of access to the data we hold on you;
c) The right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) The right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) The right to restrict the processing of the data;
f) The right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) The right to object to the inclusion of any information;
h) The right to regulate any automated decision-making and profiling of personal data.

I) Consent
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

J) Making a complaint
If you think your data rights have been breached, you are able to raise a complaint with KIDACTIVE’s Data Compliance Officer e) or the Information Commissioner (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, t) 0303 123 1113 or 01625 545 745.