LEGAL

LEGAL

Privacy Policy

The KidsVentures Wraparound Care & Camps Privacy Notice

The Kids Ventures Ltd is the Data Controller responsible for processing personal information.

At KidsVentures we respect the privacy of the children attending the Club and the privacy of their parents or carers. The personal information that we collect about you and your child is used only to provide appropriate care for them, maintain our service to you, and communicate with you effectively. Our legal basis for processing the personal information relating to you and your child is so that we can fulfil our contract with you.

Any information that you provide is kept secure. Data that is no longer required* is erased after your child has ceased attending our Club.

Our lead person for data protection is Barbara Matthew. The lead person ensures that the Club meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.

We will use the contact details you give us to contact you via phone (phone call, text and Whatsapp), email, social media and letter, so that we can send you information about your child, our Club and other relevant news, and also so that we can communicate with you regarding payment of our fees. You are able to set your communication preferences through online channels.

By giving us permission to take photographs and videos of your child, you are allowing us to use those images and videos on our social media channels. Your photograph and video permission also allows KidsVentures to share these images and videos with the parents and carers listed on the parent account of the child.

When signing your child in and out of provision, your child’s first and last name will be temporarily visible on the register for all parents and carers collecting/dropping off their child for that session. No other data about your child will be visible.

CONFIDENTIALITY:

At KidsVentures we respect confidentiality in the following ways:

  • We will only ever share information with a parent about their own child.
  • Information given by parents to Club staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
  • Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the Club, except with the designated safeguarding lead and the manager.
  • Staff only discuss individual children for purposes of planning and group management.
  • Staff are made aware of the importance of confidentiality during their induction process.
  • Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
  • All personal data is stored securely on a password protected computer and/or passcode-locked phone.
  • Students on work placements and volunteers are informed of our Data Protection policy and are required to respect it.


We will only share personal information about you or your child with another organisation if we:

  • have a safeguarding concern about your child
  • are required to by government bodies or law enforcement agencies
  • engage a supplier to process data on our behalf (e.g. to take online bookings)
  • or have obtained your prior permission (your consent is obtained if you allow us to take photographs and videos).


You have the right to ask to see the data that we have about yourself or your child, and to ask for any errors to be corrected. We will respond to all such requests within one month. You can also ask for the data to be deleted, but note that:

  • we will not be able to continue to care for your child if we do not have sufficient information about them
  • even after your child has left our care, we have a statutory duty to retain some types of data for specific periods of time” so can’t delete everything immediately.

 

INFORMATION THAT WE KEEP

KidsVentures only collects and retains personal information that is necessary to provide safe, effective, and lawful childcare services.
A record of the categories of personal data processed by KidsVentures is maintained within our internal data management records and reviewed regularly to ensure accuracy, relevance, and compliance with UK data protection legislation.

Children and parents: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Our lawful basis for processing this data is fulfilment of our contract with the child’s parents. Our legal condition for processing any health-related information about a child, is so that we can provide appropriate care to the child. Once a child leaves our care we retain only the data required by statutory legislation, insurance requirements and industry best practicе, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed of securely.

Staff: We keep information about employees in order to meet HMRC requirements, and to comply with all other areas of employment legislation. Our lawful basis for processing this data is to meet our legal obligations. Our legal condition for processing data relating to an employee’s health is to meet the obligations of employment law. We retain the data after a member of staff has left our employment for the periods required by statutory legislation and industry best practice, then it is deleted or destroyed as necessary.

SHARING INFORMATION WITH THIRD PARTIES

We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (eg Police, HMRC, etc). If we decide to share information without parental consent, we will record this in the child’s file, clearly stating our reasons.

We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.

Where we share relevant information where there are safeguarding concerns, we will do so in line with Government guidance ‘Information Sharing Advice for Safeguarding Practitioners’ (www.gov.uk)

Where information is shared without parental consent, KidsVentures will record the reasons for doing so in accordance with safeguarding and data protection requirements. Any information shared will be limited to what is necessary, accurate, relevant, and up to date.

SHARING INFORMATION WITH THIRD PARTIES CONTINUED

Where safeguarding concerns arise, information sharing will be carried out in accordance with current Government guidance, including:
“Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers.”

KidsVentures uses MagicBooking as its secure booking platform. MagicBooking processes parent and child data on our behalf under a GDPR-compliant data processing agreement.

KidsVentures may also share limited personal information with carefully selected thirdparty providers who support the operation of our services, such as:

  • Online booking systems
  • Payroll providers
  • accounting software
  • communication platforms

 

SUBJECT ACCESS REQUESTS

  • Parents/Carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.
  • Staff and volunteers can ask to see any information that we keep about them.
  • We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
  • If our information is found to be incorrect or out of date, we will update it promptly.
  • Parents/Carers can ask us to delete data, but this may mean that we can no longer provide care to the child as we have a legal obligation to keep certain data. In addition, even after a child has left our care we have a statutory duty to retain some types of data for specific periods so can’t delete all data immediately.
  • Parents/Carers can ask us to delete data, but this may mean that we can no longer provide care to the child as we have a legal obligation to keep certain data. In addition, even after a child has left our care we have a statutory duty to retain some types of data for specific periods so can’t delete all data immediately.
  • If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).

 

To request to see any data we have about yourself or your child, please contact us at info@thekidsventures.com.

GDPR

We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.

* We do need to retain certain types of data (such as records of complaints, accidents, and attendance) for set periods of time after your child ceases to be in our care, but we delete as much personal data as we can as soon as possible.

This policy was adopted by: The Kids Ventures Ltd
To be reviewed: July 2027
Date: September 2026
Signed: Barbara Matthew

All third-party providers engaged by KidsVentures are required to comply with UK GDPR, the Data Protection Act 2018, and appropriate confidentiality and security standards.