Skip to content

Privacy Notice



At Out of Hours Kids’ Club, we take privacy very seriously and we are currently updating all of our records to ensure that we fully meet the new data protection standards for General Data Protection Regulation, GDPR.

We are registered with the Information Commissioner’s Office (ICO).  The categories of children’s and parent’s information that we collect, hold and share include:

  • Personal information (such as name, address, date of birth)
  • characteristics (such as ethnicity, language)
  • attendance information (such as sessions booked and attended)
  • medical information
  • information on special educational need and disabilities
  • safeguarding information.


Data Collection Requirements

To be granted access to children’s information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements, retention and use of the data.


Requesting access to your personal data

Under data protection legislation, parents and children have the right to request access to information about them that we hold.  To make a request for your personal information, contact Lauren McBride who is our date protection officer.






Under Schedule 2 of the data Protection Act 1998, Out of Hours Kids’ Club will only collect personal information for which there is a legitimate use and will not use the information in any way that has unjustifiable adverse effects upon the individuals concerned or use the data in any way that is unlawful.   Your information will be held securely and will only be accessible by staff who are authorised to do so.

You have the right to object to:

the processing of personal data that is likely to cause, or is causing, damage or distress and prevent processing for the purpose of direct marketing.

in certain circumstance, have inaccurate personal data rectified, blocked, erased, or destroyed.

If you have any concern about the way, we are collecting or using your personal data, we request that you raise your concern with us in the first instance.  Alternatively, you can contact ICO.

Collecting children’s information

While most of the children’s information that you provide to us is mandatory, some of it is provided to us on a voluntary basis.  To comply with the GDPR, we will inform you whether you are required to provided certain children’s information to us or if you have a choice in this.

We also collect, hold, and share some information on the children’s parents/guardians: personal information (names, address, contact numbers and emails)

This information is collected on the registration form. This is completed online, and the relevant emergency telephone contact information is held on the Site Managers work mobile phone.



Daily Registers. These detail the children who are due to attend breakfast and afterschool sessions and are a safeguarding requirement.

  • Information sharing books – these vary from site to site but are used as a method of recording information shared with the school and parents/carers.
  • All about me sheets – We use these to support the children’s learning and development, to enable staff to plan suitable activities to support and extend the children’s individual development.
  • Sheets detailing the disabilities, special needs, specific requirements or medical, dietary needs of the child. These include details of allergies and action to be taken in the event of an allergic reaction.
  • Permissions list. These list what activities and events the parent has given or refused permission for. These include administration of first aid treatments, sun cream application and photographs use. These do not include permissions for Trips and Outings. If trips or outings were planned they would require a separate permission form for each event.













Registration Forms are stored in a locked cupboard to ensure confidentiality.

Other less sensitive information is stored on the manager’s desk for ease of access and then in a locked cupboard when the sessions are not in operation.

Confidential information and records about children and staff are held securely and only accessible to those who have a right or professional need to see them.

Restricted documents will not be taken from the setting without strategies being put in place for transport and storage. These documents will not be left unattended in cars or opened on public transport.

All paper based files containing personal or sensitive information that have exceeded their retention period will be shredded at our admin office.

All electronic personal and or sensitive information including photographs of children will be held on a password protected computer in our admin office. Photographs of children on the admin computer will be kept for no longer than twelve months.

We collect and use children’s information under the following lawful basis:


Contract: It is necessary for us to have a contract with you to enable us to provide childcare for your child.


Storing children’s data

We are required to hold children’s data for a reasonable period of time after children have left the provision (we hold the data for 3 – 6 months unless there has been a serious incident/accident or legal reason) as a requirement of the EYFS. The Limitation Act 1980 recommends that we retain data until the child reaches the age of 21 – or until the child reaches the age of 24 for child protection records.


Sharing Children’s Information

We do not share information about your children with anyone without your consent unless the law and our policies allow us to do so.

If you would like to discuss anything, please contact: Lauren McBride.