Your privacy is extremely important to us. Kidz Klub Brighton and Hove Ltd (hereby referred to as ‘Kidz Klub’), including all of its subsidiary companies have ensured that your information is safe and stored lawfully in compliance with the EU’s GDPR law.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Who are we?
Kidz Klub Brighton & Hove is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
Kidz Klub Brighton & Hove Ltd complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
- To enable us to provide a voluntary service for the benefit of the public.
- To administer membership records of our clubs;
- For the safety and Safeguarding of the children in our care;
- To fundraise and promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events and activities running at Kidz Klub Brighton & Hove Ltd.
- Checking in each child / young person at each event.
What is the legal basis for processing your personal data?
- Explicit consent of the data subject so that we can keep you informed via email about news, events, activities and services and process your gift aid donations and keep you informed about events.
- Explicit consent of the data subject to take, store and share photos of our activities and trips in order to fundraise and promote the interests of the charity.
- Processing is necessary for carrying out obligations under employment, safeguarding or social security or social protection law, or a collective agreement;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of yourself or your child which require protection of personal data, in particular where the data subject is a child.
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: –
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent unless this is for safeguarding reasons.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of Kidz Klub in order to carry out a service to other charity members or for purposes connected with our charity. We will only share your data with third parties outside of the charity with your consent or if we have a specific reason to do so. Examples of people we may share data with are as follows:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Medical professionals – to safeguard children in our care in event of an emergency or injury.
- Multiagency data sharing with social services or schools in order to protect a child for safeguarding purposes.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We have a data retention policy to implement this
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have any questions about our Data Retention policy, please contact us in writing on the below address.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data which Kidz Klub Brighton & Hove holds about you;
- The right to request that Kidz Klub Brighton & Hove corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Kidz Klub Brighton & Hove to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please in the first instance contact the Office manager at Kidz Klub Brighton & Hove, 52 Station Road, Portslade BN41 1DF.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Statistics are collected by placing a cookie on your computer for general demographic purposes (eg. 100 people from England, 20 from the USA) but this is not used to identify individual users.