Privacy Policy
Engineering 4 Kids Limited prioritizes the safeguarding of the personal privacy of children partaking in our Club activities, their guardians, and our staff members. Our mission is to foster an environment where all individuals involved with Engineering 4 Kids Limited can trust that their personal data is secure and protected.
Our primary representative for data protection matters is [Howard Grahame]. The appointed representative ensures the Club's compliance with General Data Protection Regulation (GDPR) provisions, liaises with regulatory entities when required, and manages subject access requests.
Confidentiality
Confidentiality is respected within the Club through the following measures:
路 Information disclosure is limited to parents or guardians and is strictly about their own child.
路 Parents' or guardians' shared information about their child will not be disclosed to third parties without their consent, except in circumstances related to safeguarding issues (as delineated in our Safeguarding Policy).
路 Documentation relating to child safety concerns is confidentially archived and shared exclusively with the designated Child Protection Officer and the manager.
路 Staff discussions about individual children are solely for planning and group management purposes.
路 The importance of maintaining confidentiality is emphasized to staff during their induction.
路 Employment-related matters, whether for paid or voluntary staff, remain confidential to decision-makers in personnel matters.
路 All personal data is securely stored on a password-protected computer system.
路 Work placement students and volunteers are informed of our Data Protection Policy and required to adhere to it.
Record Keeping
The types of personal data we keep about individuals are recorded in our personal data matrix. This matrix is reviewed annually to include any new types of data.
Children and Parents: We retain only essential data to provide a childcare service for each child. This data includes registration details, medical information, parent contact details, attendance, incident, and accident records, among others. After a child leaves our care, we retain only the data required by statutory legislation and industry best practices for the prescribed periods. Redundant electronic data is deleted, and physical records are securely disposed of.
Staff: We retain employee data to fulfill HMRC requirements and comply with employment legislation. After a staff member leaves our employment, we keep their data for the recommended period before securely deleting or destroying it.
Third-Party Data Sharing
Child information is shared with outside agencies on a need-to-know basis and with parental consent, excluding cases involving child safeguarding, criminal activities, or legally authorised bodies (e.g., Police, HMRC, etc.). If information is shared without parental consent, we document the reasons in the child's file.
We ensure that the shared information is accurate, up-to-date, and relevant. Our principal commitment is to the safety and well-being of the children under our care.
For operational reasons, we may disclose limited personal information to authorized third parties processing the information on our behalf, for instance, to facilitate online bookings, and manage our payroll and accounts. These third parties are compliant with the stringent data protection regulations of the GDPR.
Subject Access Requests
路 Parents or carers can request access to information and records relating to their child and themselves.
路 Staff members and volunteers can request access to any data we keep about them.
路 Requested information will be made available as promptly as possible, but no later than one month from the request date.
路 Incorrect or outdated information will be promptly updated upon discovery.
路 If any individual for whom we hold data has a complaint about our data security or our response to a subject access request, they may lodge a complaint with the Information Commissioner鈥檚 Office (ICO).
GDPR Compliance
We ensure adherence to the provisions of the General Data Protection Regulation (GDPR) concerning the acquisition, storage, and use of personal data.