Privacy Policy
LOUNO SPACE CLUB
Privacy Policy
Data Controller: Louno Space Limited · Data Protection Lead: Mr Mirko Viviano · contact@louno.space
At Louno Space, we respect the privacy of the children attending our clubs, their parents or carers, and our staff. We are committed to ensuring that all personal data is collected, stored, and processed responsibly, securely, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Our Data Protection Lead is Mr Mirko Viviano. The Lead is responsible for ensuring compliance with data protection legislation, liaising with statutory bodies where necessary, and handling subject access requests.
1. Confidentiality
1.1 We only share information with a parent or guardian about their own child.
1.2 Information provided by parents or guardians to Louno Space staff will not be shared with third parties without consent, except where required for safeguarding purposes (see our Safeguarding Policy).
1.3 Concerns or evidence relating to a child's safety are kept in a confidential file and shared only with the Designated Safeguarding Lead and relevant authorities.
1.4 Staff discuss individual children only for planning and group management purposes.
1.5 All staff, students, and volunteers are made aware of their confidentiality obligations during induction.
1.6 Matters relating to staff employment remain confidential to those involved in personnel decisions.
2. Information We Collect
We collect only the information necessary to provide our childcare and educational services. The categories of data we collect include:
Children and Parents/Guardians
• Registration information: name, date of birth, and contact details.
• Medical, allergy, or special educational needs information (to ensure safety and inclusion).
• Emergency contact details.
• Attendance records, incident and accident records, and consent forms (including photography and media consent).
Lawful Basis for Processing
• Children's data: contractual necessity (to deliver the service booked) and legitimate interest (to ensure safety and programme quality).
• Health and special needs data: processed under the legal condition of providing appropriate care and safeguarding.
• Staff data: contractual necessity and compliance with legal obligations (e.g. payroll, DBS checks).
3. Data Retention
3.1 Once a child leaves our care, we retain only the data required by statutory legislation, insurance obligations, or recognised best practice (for example, accident records are retained for a minimum period in line with legal requirements).
3.2 Electronic data no longer required is securely deleted. Paper records are shredded or returned to parents as appropriate.
3.3 Staff data is retained for the legally required periods (e.g. payroll and tax records) before secure deletion.
4. Sharing Information
We share personal data only where necessary and on a minimum-necessary basis:
4.1 With outside agencies where required for safeguarding, criminal investigations, or legal compliance (e.g. Police, Local Authority Designated Officer, HMRC).
4.2 With authorised third-party service providers for essential business functions (e.g. online booking platforms, payroll, accounting software). All such providers are required to comply with UK GDPR and are subject to data processing agreements where applicable.
4.3 We do not sell personal data to third parties, and we do not share data for marketing purposes without explicit consent.
5. Photography & Media
5.1 Our general policy is not to capture identifiable faces of children in photographs or videos. Media typically focuses on activities, materials, and group work rather than individual children.
5.2 During enrolment, parents/guardians are asked to give or withhold explicit consent for their child's identifiable image to be used.
5.3 Where consent is given, media may be used for social media posts, promotional materials, marketing emails, and related communications.
5.4 Parents/guardians may withdraw consent at any time by notifying us in writing at contact@louno.space. Withdrawal of consent applies to future use only. Media already published prior to the withdrawal will not be retroactively removed, but no new identifiable images of that child will be captured or used from the date of withdrawal.
6. Subject Access Requests
6.1 Parents and carers have the right to request access to the personal data we hold about their child or themselves.
6.2 Requests should be submitted in writing to our Data Protection Lead at contact@louno.space. We will respond within one calendar month of receiving the request.
6.3 If any information we hold is found to be inaccurate or out of date, it will be corrected promptly upon notification.
6.4 Requests to delete data will be honoured where legally permissible. Some data must be retained to comply with the law or insurance requirements and cannot be deleted on request.
7. Data Security
7.1 All personal data is stored securely in encrypted digital systems or locked physical storage, as appropriate.
7.2 Access to personal data is restricted to authorised staff only, on a need-to-know basis.
7.3 All volunteers and placement students are informed of this policy and required to comply as a condition of their engagement.
7.4 In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay, where required.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
• Right of access — to obtain a copy of the data we hold about you or your child.
• Right to rectification — to have inaccurate data corrected.
• Right to erasure — to request deletion of data, subject to legal retention requirements.
• Right to restrict processing — to ask us to limit how we use your data in certain circumstances.
• Right to object — to object to processing based on legitimate interests.
• Right to data portability — to receive your data in a structured, machine-readable format where applicable.
To exercise any of these rights, please contact our Data Protection Lead at contact@louno.space.
9. Complaints
9.1 If you have concerns about how we have handled your personal data, please contact our Data Protection Lead in the first instance.
9.2 If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: www.ico.org.uk
Helpline: 0303 123 1113
10. Changes to This Policy
10.1 Louno Space reserves the right to update this Privacy Policy as required, including in response to changes in legislation or our operational practices.
10.2 Any material changes will be communicated to parents/guardians with reasonable notice prior to implementation.