A:The Data Protection Act 1998
B:General Data Protection Regulations 2018 (GDPR 2018).
2.This policy and any amendments to it will be established by the Company and will be subject to ratification at the Annual Meeting of Directors.
3.The Directors and Board are, collectively and separately, custodians of this policy and responsible for the timely and efficient implementation of its provisions.
The Company will appoint a Privacy Officer responsible for, inter alia:
a.Providing advice and guidance as required.
b.Creating and maintaining, and as instructed destroying, data records.
c.Drafting data policies and procedures.
d.Acting as the first point of contact for all matters of data policy.
The Company Requests, Collects and Stores the following Parents/Carers/Children details:
4.Name, title, postal and email addresses and telephone number(s), child’s name and date of birth, children’s health disclosures.
5. Any other reasonable information to enhance the service to pupils. If received this will be treated in the same way as any other personal data.
6.Parents/Carers/Children on engaging the Company will be required to give their written consent for:
a. Their data to be held and stored securely on the Company’s electronic database or for them to be contacted
b. or for them to be contacted by one or all means of electronic, postal, SMS text and telephonic communications.
7.The Company collects and stores this information for the following purposes of:
a. Internal record keeping and administration purposes.
b. Establishing and maintaining a record of pupils and classes.
c. Health issues relating to a child, to ensure safety of said children in class.
d. Responding to enquiries and requests from potential parents/carers and pupils.
Security and Confidentiality
8.The Company is committed to ensuring that Parents’/Carers’/Children’s information is secure. This includes storage on computers, laptops, and portable devices.
9.Parents’, Carers’ and Children’s data is stored on a suitably encrypted and fire-walled electronic database which is in the general custody of the Privacy Officer.
10.Neither the Company nor its employees will divulge individual Parents’/Carers’ or Children’s information without their express written permission.
Contacting the Company and Controlling Parents/Carers/Children’s Personal Information
11.Parent/Carers/Children who have previously consented to provisions of paragraph 6 above can change, amend or remove any information that is held by the Company at any time by informing the Privacy Officer electronically or by post, the contact details for whom are promulgated on the website.
12.Parents/Carers/Pupils may also request details of personal information held by the Company by emailing or writing to the Privacy Officer.
Subject Access Requests
13.Parents/Carers/Pupils may request of the Privacy Officer in writing, details that the Company holds on them. The object is to give Parent/Carers/Pupils individual access to allow them to check what is being held is accurate. The deadline for these requests is 30 days from the date of the request being received.
14.Parents/Carers/Pupil are considered to be current for five years from the date of registering with Stretch-n-Grow. Parents/Carers/Pupils who do not return to the company in this period will have their records archived.
15.Details of former Parent/Carers/Children of the Company will be maintained in a Past Contacts archive until the child has reached the age of 25.