Privacy Notice for Participants, Customers and School Providers
1. What is the purpose of this notice?
Let’s Create Art Club Ltd is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with data protection law, including the General Data Protection Regulation (GDPR). It applies to all employees, workers and contractors. Let’s Create Art Club Ltd is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice applies to current and former Participants, Customers and School Providers. This notice does not form part of any contract of employment or other contract to provide services. This notice can be updated at any time and we will inform you if this occurs. It is important that you read this notice, together with any other privacy notice that is provided on specific
occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
2. Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
3. The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.
We collect, store, and use the following categories of personal information about you:
● Personal contact details such as name, title, addresses, telephone numbers, and personal
● Dates of birth, marriage and divorce.
● Marital status.
● Dependent information including on roll school name and year group.
● Emergency contact.
● Bank account details.
● Customer start date, leaving date.
● Accident book, first aid records, injury at work and third party accident information.
We will also collect, store and use the following "special categories" of more sensitive personal information:
● Information about your/ your child’s race or ethnicity, religious beliefs, sexual orientation and political opinions.
● Information about your/ your child’s learning needs, special educational needs, higher needs, disabilities or health conditions
● Information about your/ your child’s safeguarding history including requesting a copy of any Child Protection or Early Help Plan.
● Information about your/ your child’s academic progress and other progress as detailed in Lesson Plans and Reports.
2. Why is your personal information collected?
We collect personal information for one or more of the following reasons:
Safeguarding young people and vulnerable adults
An ‘in case of an emergency’ situation
Payment for tuition
Marketing and promotion
Educational records for planning and improvement
Maintaining our own records
To keep you informed
The situations in which we will process your personal information are listed below:
Having relevant information required to book a child into an after-school program or in-school intervention.
Determining the level of participation support and supervision ratio is necessary.
Understanding a child’s history to make planning decisions when creating bespoke mindfulness courses.
Understanding a child’s safeguarding history for child protection best practice.
Liaising with the child’s school or college.
Implementing individual risk assessments.
Using availability information for timetabling in-school mindfulness courses.
Creating risk assessments and care plans for children with disabilities or health needs
Charging the customer or school provider for the services delivered.
Business management and planning, including accounting and auditing.
General administration of the Service Level Agreement or Terms of Conditions we have entered into with you.
Gathering feedback data and making decisions about improvement initiatives
Gathering evidence and any other steps relating to possible grievance or disciplinary matters for an employee.
Education, training and development requirements.
Dealing with legal disputes.
Complying with health and safety obligations.
To make customers aware of new offers and for other marketing reasons
To send booking confirmations and other email campaigns
To conduct data analytics studies to review and better understand customer retention and
Equal opportunities monitoring.
We will collect additional personal information to abide by child protection and safeguarding legislation - this includes recording concerns and passing these onto Child and Family Services sometimes without prior consent from the parent/carer.
Please note that safeguarding concerns and reports may not be disclosed if it is felt that doing so may increase risk of harm to the child.
Our website uses ‘operational cookies’ but none of them are connected with personal data collection.
3. How is your personal information collected?
We typically collect personal information about Participants, Customers and Providers directly from themselves via:
Contact Form (via wix website)
Email from the customer
Telephone call from the customer
Call/meeting with schools
4. Lawful bases
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting our Data Protection Officer Rachel Bray at: email@example.com
(b) We have a contractual obligation.
(c) We have a legal obligation.
6. How we store your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. e limit access to your personal data to those third parties who have a business to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
Your information is securely stored using the Customer Relationship Management (CRM) tool Capsule.
7. Who we share your personal data with
We will only share your personal data with internal third parties i.e. staff and volunteers or external third parties as required by law. We do not pass on either identity or contact data of either participants or staff to any party until each has confirmed that this is acceptable in furtherance of tuition arrangements.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers i.e. staff to use your personal data for their own purposes and only permit them to process your personal data for the specified purpose of tuition and in accordance with our instructions.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including the purpose of any legal or accounting requirements. We keep all contact information for the duration of the children's enrollment with us and three years after. We will then dispose of your information by deleting any stored information.
Safeguarding concerns and historical child protection data will be kept until the child/ young person turns 26 years old (7 years after reaching school leaving age) - at this point it will be reviewed as to whether the profile should stay open or be deleted.
8. Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at firstname.lastname@example.org, if you wish to make a request.
9. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Officer:
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk