Happy Faces Out of School Club
Date of last revision: 17th May 2018
Happy Faces Out of School Club Ltd is committed to protecting and respecting your privacy. We want you to understand how we collect and use information about you. We also value your comments in this regard.
The privacy notice describes to you:
- who we are
- what personal data we collect and store about you, and how we collect it
- why we collect personal data and what we do with it
- the categories of third parties with whom we share your personal data
- how we retain your information and keep it secure
- your rights and how to exercise them
- how to contact us
- Who are we?
For the purposes of data protection law, the “controller” is Happy Faces Out of School Club Limited, a company incorporated and registered in England and Wales under company number 9945908 and having its registered office address DonnellyBentley Chartered Accountants, 70 Chorley New Rd, Bolton BL1 4BY.
As controller we are responsible for, and control the processing of, your personal data. We are registered as a data controller with the Information Commissioner’s Office, which is the UK’s supervisory authority for data protection matters.
If you would like to contact us about this notice, including if you wish to receive further information about any aspect of it, our details are as follows:
Jane Casey, Data Controller Officer for Happy Faces OOSC Ltd, DonnellyBentley Chartered Accountants, 70 Chorley New Rd, Bolton BL1 4BY
- What information do we collect from you?
In the course of our service which is providing before and after school care for children, we collect the following personal data when you provide it to us:
Personal details of you or your child, such as:
- name and title
- date of birth
- health and dietary details
- relationship to child
- responsibility for the child
- criminal convictions (for employees only)
Contact data, such as:
- address (including billing)
- telephone and mobile number (s)
- e-mail address
- Emergency contact details for you or your child for which you should have explicit consent from them to be listed in the registration pack or on the staff emergency details form
Image data, namely:
- photographs (for EY books, website only when permission has been granted)
Biographical data (for employees only) from job applications and CVs:
- institutions attended
- academic and other results gained
- employment history
- Identity paperwork (e.g. marriage certificate, drivers’ licence, passport, national insurance)
Transaction data, such as:
- details about payments to and from you
Profile data, such as:
- password for collection of a child
- feedback and survey responses
We do not knowingly collect “special category” personal data. This is a special type of sensitive data to which more stringent processing conditions apply, and comprises data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, and genetic data and/or biometric data.
- How do we collect personal data?
We obtain personal data from sources as follows:
Directly from you when you interact with us, for example when you
- Register a child to receive before and after school care
- Apply for a job or send a CV and/or become employed with the company
- Sign up to our mailing lists by providing an email address
- Request information
- Write to us
- Take part in a survey
- Give us feedback or post comments or reviews
- From automated technologies such as cookies and tags when you use our website
- How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- to allow you to register a child with us or become employed
- to perform a contract we are about to enter into or have entered into with you
- where we need to comply with a legal or regulatory obligation.
In order to process personal data, we must have a lawful reason (sometimes called a lawful basis). We always ensure that this is the case, and we set out our lawful bases below – but please note that more than one may apply at any given time: for example, if we inform you of changes to our privacy notice, we may process your personal data on the ground of complying with law and on the ground of legitimate interests.
We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose i.e. safeguarding.
If you are our parent/carer or applying for a job, we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our products and services to you:
- to enable us to carry out our services
- to identify you
- to respond to your inquiries
- to enable you to register a child with us
- to carry out billing and administration activities, including refunds and credits
- to evaluate your job application and take any next steps, and to evaluate your suitability for roles where you have asked to be considered for future opportunities.
Of course, you are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the product or service that you have requested.
We process your personal information for our legitimate purposes, which include the following:
- To carry out the service in line with Ofsted Regulations
- To be compliant with Employment Law
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
Compliance with laws
We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant to a court order).
If you have never had a contract with us or have not used our service us for a long time, but have given us your explicit consent to hear from us via newsletter, we will contact you by email. You have the right to withdraw consent to newsletters at any time.
- Do we share your personal data?
We may provide your personal data to the following recipients for the purposes set out in this notice:
- Social Services
- Disclosure and Barring Service
- Mult-Agency Safeguarding and Screening Service
- Local Authority Designated Officer
- Do you have to provide personal data – and, if so, why?
To form a contract with you, we will need some or all of the personal data described above so that we can perform that contract or the steps that lead up to it: this is set out above in this notice. If we do not receive the data, the contract could not be performed.
If you sign up to our mailing list, you will have to provide certain personal data e.g. email. Of course, you may decide to stop receiving our mailings at any time.
- How long will your personal data will be kept for?
We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law. In some instances, we are required to hold data for minimum periods: for example, accident forms should be kept for employees up to three years and up to the child’s 21st Birthday.
- How do we keep your personal data secure?
Happy Faces Out of School Club has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorised Happy Faces Out of School Club employees have access to your personal data. Occasional it is necessary to allow Connect technical support team to connect remotely for a time allowed session to help overcome technical problems which might give access to personal details. Connect is duty bound by the Information Commissioner’s Office.
All Happy Faces Out of School Club staff employees have access to registration packs in the club lockable cupboard and are required to adhere to the Happy Faces Out of School Club Privacy Notice and are required to have signed ‘Happy Faces OOSC Ltd Employee Data Protection Compliance Form’ during the induction process.
The security measures we have in place include:
- regular reviews of information collection, storage and processing practices to protect against unauthorised access
- restriction of access to personal information in Connect via password protection
- monitoring of systems storing and processing information
- use of secure technologies on website via D Room (e.g. SSL, encryption)
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us in that way (an registration pack that has been emailed to us, for example). Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
- Your information rights
We draw your attention to your following rights under data protection law:
- Right to be informed about the collection and use of your personal data
- Right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identify and residential address, and we may ask you to provide further details to assist us in the provision of such information
- Right to have inaccurate personal data that we process about you rectified – we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if you have moved house or changed your contact details. It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes.
- Right of erasure – in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed
- Right to object to, or restrict – if you no longer want to remain on a mailing list
These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
- Changes to this privacy notice
We may change this notice from time to time. You should check this notice on our website occasionally, in order to ensure you are aware of the most recent version.
- What should you do if you have a complaint?
We hope that you will be satisfied with the way in which we approach and use your personal data.
Should you find it necessary, you have a right to raise a concern with the information regulator, the Information Commissioner’s Office: https://ico.org.uk/.
However, we do hope that if you have a complaint about the way we handle your personal data, you will contact us in the first so that we have an opportunity to resolve it.
END OF PRIVACY STATEMENT