Information
Privacy Notice
Happy Mojos acts as a Data Controller for the purposes of GDPR. To process your information or booking, we need to collect personal details about you and your children as appropriate . We will respect and protect your privacy at all times. This policy sets out how we will collect, use and store any personal data about you and your child(ren).
By subscribing or creating an account with us, you are agreeing to us storing and processing this information as set out below. You are responsible for ensuring you have the agreement from all persons on your account and booking to pass on their details to us.
At Happy Mojos we respect the privacy of the children attending our Clubs and the privacy of their parents or carers. The personal information that we collect about you and your child is used only to provide appropriate care for them, maintain our service to you, and communicate with you effectively. Our lawful basis for processing the personal information relating to you and your child is so that we can fulfil our contract with you. Our legal condition for processing any health-related information that you provide about your child is so that we can provide appropriate care for that child.
We will use the contact details you give us to contact you via phone and/or email so that we can send you information about your child, our Club and other relevant news, and so that we can communicate with you regarding payment of our fees.
When do we collect data?
When you register using the online booking platform or subscribe to our mailing list, we will need to collect certain personal details in order to process your booking and make the necessary arrangements for your child(ren) to attend activities.
Prior to attending an activity we will also need to collect more sensitive personal data, specifically relating to the children on your bookings, such as medical conditions, allergies and educational needs in order to ensure we can provide the appropriate care for your child. During activities you may need to complete forms which will require personal information relating to you or your child or if you contact us with a query/complaint.
We may also collect data from you in other ways that will request your name, address, email address and telephone number.
What data do we collect?
Account Holder details – Name, address, DOB, telephone numbers, email address, encrypted log in password, details of your interactions with us e.g. a query on your account/complaint, details of your visits to our website (see Cookies), personal details to help tailor our services to you.
Children’s details – Name, address, DOB, dietary, medical, behavioural or educational needs, school and registered GP.
The law requires us to take reasonable steps to ensure data is kept accurate and up to date. We remind customers to update details when logging into their account.
Cookies
Our website uses cookies. Some cookies are essential and are there to enable you to make your booking and transaction, others are non- essential and are used to track visitor behaviour on the site, determine relevant products to show you for re-marketing purposes, track where visitors have come from or to improve user experience. Cookies are not harmful and do not contain any personal information e.g. address or DOB. You can choose to accept or decline cookies when you first visit the site by accessing the preference panel from your browser’s main menu (usually found under Edit, Tools or Options). If you choose to remove cookies, some of our site may not function properly for you and your use of the site may be impaired.
We may collect details about your device and visits to this site including IP address, browser type, device type, page interaction information, traffic data and location information. This is statistical information to help us provide the best online experience for our customers and does not identify any individual.
How do we use your data?
If you have a booking with us, we will use your data in relation to delivering our childcare services, to contact you with information relating to your booking and your child(ren)’s time at an activity, to protect the welfare of your child, to comply with our legal obligations and to process payments.
We will only share personal information about you or your child with another organisation if we:
• have a safeguarding concern about your child
• are required to by government bodies or law enforcement agencies
• engage a supplier to process data on our behalf (eg to take online bookings, or to issue invoices)
• have obtained your prior permission.
Third Parties – We will not pass on your personal information to other users of the site and we will only ever pass on your personal details to a third party if it is necessary to fulfill a particular service on your behalf or as part of our normal business activities.
Should any safeguarding concerns or legal proceedings require us to pass on your personal information we trust you will understand that we have a duty to comply with the law. Please be aware that the way in which your personal details would be legally protected within the UK may differ from other countries.
How do we protect data?
Storage – Once data is received, we will take all reasonable steps to ensure your data is secure to prevent unauthorised access to it. All information you provide is stored on secure databases, our IT systems are password protected and all payment transactions are encrypted. Paper copies are secure in a safe, locked area.
Security and passwords – When you create an online booking account with us you are assigned a Customer ID number. Your account will require an email and password so that you can access your details online. The password is automatically generated by the booking system and we recommend you keep this password safe for future bookings.
Please do not share your password with anyone. Unfortunately, the passing of data via the internet is not completely secure therefore any transmission is at your own risk. Please keep these details safe and not written down anywhere. If you change your personal details or if you suspect that someone else has used your password, please notify us as soon as possible.
How long do we keep data for?
Data that is no longer required is erased after your child has ceased attending our Club. The processing of medical information is for the provision of health care. We do need to retain certain types of data (such as records of complaints, accidents, and attendance) for set periods of time after your child ceases to be in our care, but we delete as much personal data as we can as soon as possible.
Your rights
You have the right to ask to see the data that we have about yourself or your child, and to ask for any errors to be corrected. We will respond to all such requests within one month. You can also ask for the data to be deleted, but note that:
· we will not be able to continue to care for your child if we do not have sufficient information about them
even after your child has left our care, we have a statutory duty to retain some types of data for specific periods of time so we can’t delete everything immediately.
Your right of access – You have the right to ask us for copies of your personal data.
Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details within this privacy notice.
If you would like to exercise any of these rights, please write to:
Min Robertson
Happy Mojos
2 Myrtle Cottages
Gurney Slade
Nr Radstock
Somerset
BA34TT
Or email: [email protected]
Please note that in some circumstances we will still need to retain certain data in order to comply with our legal obligations.
If a subject access request is put forward, we will send the information within one month and free of charge – this will be sent in a protected file.
If you are not happy with the way we have handled your data, or responded to your requests you can lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns or by phone on 0303 123 1113.
Changes to our policy
We reserve the right to update this policy from time to time and we will keep you informed by updating this statement on our website.
GDPR Policy
At Happy Mojos we respect the privacy of the children attending the Club and the privacy of their parents or carers, as well as the privacy of our staff. Our aim is to ensure that all those using and working at Happy Mojos can do so with confidence that their personal data is being kept secure.
Our lead person for data protection is Min Robertson. The lead person ensures that the Club meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.
Confidentiality
Within the Club we respect confidentiality in the following ways:
· We will only ever share information with a parent about their own child.
· Information given by parents to Club staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
· Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the Club, except with the designated Child Protection Officer and the manager.
· Staff only discuss individual children for purposes of planning and group management.
· Staff are made aware of the importance of confidentiality during their induction process.
· Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
· All personal data is stored securely on a password protected computer.
· Students on work placements and volunteers are informed of our Data Protection policy and are required to respect it.
Information that we keep
The items of personal data that we keep about individuals are documented on our personal data matrix. The personal data matrix is reviewed annually to ensure that any new data types are included.
Children and parents: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Our lawful basis for processing this data is fulfillment of our contract with the child’s parents. Our legal condition for processing any health-related information about a child is so that we can provide appropriate care to the child. Once a child leaves our care we retain only the data required by statutory legislation, insurance requirements and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed of securely.
Staff: We keep information about employees in order to meet HMRC requirements, and to comply with all other areas of employment legislation. Our lawful basis for processing this data is to meet our legal obligations. Our legal condition for processing data relating to an employee’s health is to meet the obligations of employment law. We retain the data after a member of staff has left our employment for the periods required by statutory legislation and industry best practice, then it is deleted or destroyed as necessary.
Sharing information with third parties
We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (eg Police, HMRC, etc). If we decide to share information without parental consent, we will record this in the child’s file, clearly stating our reasons.
We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.
Where we share relevant information where there are safeguarding concerns, we will do so in line with Government guidance ‘Information Sharing Advice for Safeguarding Practitioners’ (www.gov.uk)
Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to manage our payroll and accounts. Any such third parties comply with the strict data protection regulations of the GDPR.
Subject access requests
· Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.
· Staff and volunteers can ask to see any information that we keep about them.
· We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
· If our information is found to be incorrect or out of date, we will update it promptly.
· Parents /carers can ask us to delete data, but this may mean that we can no longer provide care to the child as we have a legal obligation to keep certain data. In addition, even after a child has left our care we have to keep some data for specific periods so won’t be able to delete all data immediately.
· Staff and volunteers can ask us to delete their data, but this may mean that we can no longer employ them as we have a legal obligation to keep certain data. In addition, even after a staff member has left our employment we have to keep some data for specific periods so won’t be able to delete all data immediately.
· If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
GDPR
We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.
This policy was adopted by: Happy Mojos Ltd Date: 10th July 2023
Written in accordance with the Statutory Framework for the Early Years Foundation Stage (2023): Safeguarding and Welfare Requirements: Information and records [3.67 -3.72].
Ofsted
Our Mini Mojos Holiday Clubs are Ofsted registered. For more information see our Holiday Clubs page.
Safeguarding & Child Protection
Happy Mojos is committed to building a ‘culture of safety’ in which the children in our care are protected from abuse, harm and radicalisation.
The Club will respond promptly and appropriately to all incidents or concerns regarding the safety of a child that may occur. The Club’s child protection procedures comply with all relevant legislation and guidance in accordance with:
• Current legislation (these are summarised within Working Together to Safeguard Children: statutory framework)
• Statutory, national, and local guidance – this includes:
Working Together to Safeguard Children which sets out the multi-agency working arrangements to safeguard and promote the welfare of children and young people and protect them from harm; in addition, it sets out the statutory roles and responsibilities of schools.
Keeping Children Safe in Education (2023) is statutory guidance issued by the Department for Education which all schools and colleges must have regard to when carrying out their duties to safeguard and promote the welfare of children. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1181955/Keeping_children_safe_in_education_2023.pdf
Local Guidance from the Local Safeguarding Partnership around particular safeguarding topics are available on the Somerset Safeguarding Children’s Partnership.
There is a Designated Safeguarding Lead (DSL) available at all times while the Club is in session. The DSL coordinates safeguarding and child protection issues and liaises with external agencies (eg Social Care and Ofsted).
The Club’s designated DSL is Min Robertson.