Click IT! Data Privacy Notice
(How we use your information)
We, Click IT! trading as Click IT!, Click IT! Kids Ltd, Click IT! Inclusive Ltd and other Click IT! Franchising companies, are committed to protecting and respecting your privacy. This policy, together with any other documents referred to within, sets out the basis on which we will process any personal data that we collect from you, or that you provide to us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (Act) / EU General Data Protection Regulation 2016 (GDPR), the data controller is Click IT!, The Old Office, 24 Roxeth Hill, Harrow on the Hill, Middlesex, HA2 0JT
The categories of child/parent information that we collect (from enrolment forms), hold and share include:
- Personal information (child’s name, parent’s name, date of birth, mobile telephone number)
- Characteristics (such as gender)
- Attendance information (such as nursery attending, nursery sessions attended e.g. days/AM/PM/all day, the date they joined/left, number of absences and sometimes reasons for absence)
- Debit card/credit card information
Why we collect and use this information
We use the data:
- to enrol the child.
- to produce assessment sheets, attendance sheets and weekly observation sheets with the child’s name printed.
- to set up groupings: date of birth, days attending/session times.
- to support the child’s learning and progress – email parents with child’s report, inform parents what they are learning each week/each term.
- to notify parents of fees due/overdue
- to keep parents updated with relevant information relating to the course
- to administer, support, improve and develop our business.
- to notify you about changes to our service
- to comply with the law regarding data sharing
- payment information – is uploaded directly onto a secure payment website
- to ensure that only parents and nurseries are accessing our App.
The lawful basis on which we use this information
We collect and use information under Article 6 GDPR Lawfulness of Processing:
“processing is necessary for the performance of a contract to which the data subject is party” – by completing an online enrol form or completing a paper copy, parents are entering into a contract for their child to receive Click IT! lessons at their request and we will use this data to enrol their child.
In addition: “processing is necessary for the purposes of the legitimate interests” – so that we can email parents links to their child’s reports, their invoices, and also weekly and end of term newsletters and activity leaflets so that they follow what their child is learning with us each week. Parents can opt out of receiving these emails if they wish to. We may also contact parents and nurseries that have expressed an interest in our business previously by phone or email. In order to promote our products and services to nurseries in our local area, we may also contact them by phone or email. These calls will be limited to twice yearly to avoid annoyance and we will take any nursery off our database that does not wish to be contacted in the future.
How long do we store personal data for?
We hold personal data from the time a child is enrolled on the course, to the term after they leave the course.
How does the information get stored?
Personal data from online enrolments and paper enrolments get uploaded onto a secure, password protected business admin system and secure password protected cloud storage system, Google Drive.
This information is also used to print weekly observation sheets, assessment sheet and attendance sheets for the tutors to use each week. These forms are routinely shredded each term when they are no longer needed.
Register information from the Click IT App is stored on the App Institute server and periodically dowloaded to check usage and to check that parents/nurseries are accessing the app.
How do we dispose of the information?
Once a child has left the nursery, we keep the information until the end of that term and then it is disposed of by either shredding any paper documents or deleting any digital data. Any learning and development information that is held will be sent to you or the nursery and then deleted from our system. Information relating to financial accounts are retained for 6 years as required by the HMRC.
Who we share information with:
We routinely share pupil information with:
- Nurseries that we work with (see below).
Why we share some information
We do not share information about with anyone without consent unless the law and our policies allow us to do so. Nurseries may keep copies of the child’s observation sheets at the end of each term so that a child’s keyworker can refer to them to ascertain progress. Nurseries may also request copies of each child’s end of term reports so that they can keep these records on file for parents to view or use as part of a child’s learning journals.
Other Data Controllers
That may have access to your data
- Mailchimp and Sendinblue – online email company.
- Google Drive
- Text Marketer
- App Institute
Mailchimp and Sendinblue – an online email company. This is so we can send out invoices to parents each term and also send parent’s links to their child’s termly and mid term report. If you do not wish to continue receiving these emails, you can opt out of them.
Google Drive – We host each child’s report on Google Drive. Each member of staff will have access to the report folder by way of invitation. These reports will contain an overview of a child’s progress as well as include their name and the nursery that they attend.
Textmarketer – mobile telephone number so that we can notify you about term dates and notifications of emails sent to you (in case they are in your spam folder).
Payatrader – credit and debit card information that you enter on a secure site to pay for your child’s fee.
App Institute – register information is stored on a secure server and users and their registered information will be deleted once their child has left nursery.
What we will not do with your data
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Requesting access to your personal data
Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Wendy Petersen: The Old Office, 24 Roxeth Hill, Harrow on the Hill, Middlesex.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing (we have opt out options on all of our online marketing campaigns).
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you are concerned that a data breach has been made you can contact the ICO at https://ico.org.uk/for-organisations/report-a-breach/
Changing your Personal Data
For all emails that are sent by Mailchimp and Sendinblue, there is the option to update your preferences and details at any time. If your contact details do change, please contact us so we can update your details on our system: firstname.lastname@example.org
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to:
The Old Office,
24 Roxeth Hill
Harrow on the Hill