Privacy Policy

At Louno Space, we respect the privacy of the children attending our clubs, their parents or carers, and our staff. We aim to ensure that everyone using and working at Louno Space can do so with confidence that their personal data is kept secure and handled responsibly.

Our lead person for data protection is Mr Mirko Viviano. The lead ensures that the Club meets GDPR requirements, liaises with statutory bodies when necessary, and responds to any subject access requests.

1. Confidentiality

  • We only share information with a parent about their own child.
  • Information provided by parents to Louno Space staff will not be shared with third parties without their consent, unless required for safeguarding purposes (see our safeguarding policy).
  • Concerns or evidence relating to a child’s safety are kept in a confidential file and shared only with the Designated Safeguarding Lead and relevant authorities.
  • Staff discuss individual children only for planning and group management purposes.
  • All staff, students, and volunteers are made aware of confidentiality obligations during induction.
  • Issues relating to staff employment remain confidential to those involved in personnel decisions.

2. Information We Collect

We collect only the information necessary to provide our childcare and educational services.

Children and Parents/Guardians:

  • Registration information (name, date of birth, contact details).
  • Medical, allergy, or special needs information (to ensure safety and inclusion).
  • Parent/guardian contact details (for emergencies and communication).
  • Attendance records, incident/accident records, and consent forms (including photography/media consent).
  • Our lawful basis for processing children’s data is contractual necessity (to deliver the service parents have booked) and legitimate interest (to ensure safety and programme quality). Our legal condition for processing health data is to provide appropriate care.

3. Data Retention

  • Once a child leaves our care, we retain only the data required by statutory legislation, insurance, or best practice (for example, accident records).
  • Electronic data no longer required is securely deleted. Paper records are shredded or returned to parents.
  • Staff data is kept for the legally required periods (e.g. payroll records) before deletion.

4. Sharing Information

We share personal information only when necessary:

  • With outside agencies where required for safeguarding, criminal investigations, or legal compliance (e.g. Police, HMRC).
  • With authorised third-party providers for essential business functions (e.g. online bookings, payroll, accounting). These providers must comply with GDPR.
  • Only relevant, accurate, and up-to-date information is shared.

5. Photography & Media

  • Our general policy is not to capture identifiable faces of children in photographs or videos. Media typically focuses on activities, materials, and group work.
  • During enrolment, parents/guardians are asked to give or withhold consent for their child’s identifiable image to be used.
  • Media may be used for social media posts, promotional materials, marketing emails, and related communications.
  • Parents/guardians may withdraw consent at any time by notifying us in writing.

6. Subject Access Requests

  • Parents/carers can request access to information we hold about their child or themselves.
  • We will respond within one month of receiving the request.
  • If information is incorrect or outdated, it will be corrected promptly.
  • Requests to delete data will be honoured where legally possible. Some data must be retained to comply with the law or insurance requirements.

7. Data Security

  • All personal data is stored securely in encrypted digital files or locked storage.
  • Access is restricted to authorised staff only.
  • Volunteers and students are informed of this policy and required to comply.

8. Complaints

If you have concerns about how we have handled your data, you may contact the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk

Helpline: 0303 123 1113

9. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) regarding the obtaining, storing, and use of personal data.