Website and Online Privacy policy in accordance with the General Data Protection Regulations (‘GPDR’), other applicable laws, and the Ofsted recommended requirement for retention of records. (Please also see our Data Protection Policy below)

Who we are

In this privacy statement references to “we”, “us” and “our” are to Holiday Academy References to “our Website” or “the Website” are to This privacy statement will tell you how you can verify the accuracy of your personal information submitted to Holiday Academy and how you can request that we delete or update your personal information. All privacy practices and methods described herein only apply insofar as permitted by the applicable standards, laws and requirements and as limited by the website you are visiting.

Data Security (Please also see our Data Protection policy)

Holiday Academy is committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal information from loss, misuse or alteration.

We do not store any of your private payment information (such as debit and credit card numbers) and we do not pass your information onto a third party without your knowledge or permission.

Our site is not designed for use by unsupervised children and any information you provide in respect of your children will only be used to provide products and services by us to you and not to your children direct.

It is recommended that you have a ‘strong’ password of more than 8 letters including symbols, upper and lower case, and numerals, to protect your data. Anything less than this could make it easy for someone hacking into other’s accounts on the website booking system via your account.

What information we collect and how

Holiday Academy’s primary goal in collecting personal information from you is to fulfil the obligations given to us by Ofsted and the Department of Education, through our booking system. It is also to give you a relevant and customised experience while using our website, and to allow us to develop new relevant products and services.

The information we collect via the Website, email or in person and may include:

  1. Personal details you supply us with through completing the booking forms, via the telephone, or email, such as names, address, telephone number etc. and any necessary medical details or other details and consents for us to give the appropriate care to your child/children and as required by Early Years Ofsted regulations. Personal information received by you online will only be used by the Holiday Academy brand to which you submit your information, except as otherwise required by law or disclosed to you as the information is collected.
  2. Your preferences and use of email newsletters, recorded by emails we send you (if you select to receive email newsletters on products and offers).
  3. Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
  4. Aggregate and statistical data recorded by the Website which allows us to recognize you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers ‘help’ facility.

What we do with your information

Any personal information we collect from this website will be used in accordance with the General Data Protection Regulations (‘GPDR’), other applicable laws, and the Ofsted recommended requirement for retention of records. The details we collect will be used:

  1. To process your order and to provide after sales service (we may pass your details to another organization to supply/deliver products such as ordering lunch, or services you have purchased and/or to provide after-sales service);
  2. In certain cases we may use your email address to send you information on our other products and services (not any other company’s). In such a case you will be offered the option to opt in/out of receiving such information before completing your purchase.

We may need to pass the information we collect to other companies for administrative purposes, and your payment information will go to credit card providers. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes, and are also bound by the current data protection laws.

Your Rights

You have the right to request a copy of any information that we currently hold about you, and you can also view this information by logging into your account on our booking system. In order to receive such information please send your contact details including address to:

Privacy, Holiday Academy Office, Top Floor, 141 King Henry’s Rd, NW3 3RD

Holiday Academy and Forest school Club is committed to working with customers to obtain a fair and rapid resolution of any complaints or disputes about privacy. Please email us your questions or comments regarding our privacy practices to or write to the address above.

By using this website you signify your acceptance of this Privacy Statement and you adhere to the terms and conditions posted on the website. If you are not in agreement with the privacy statement or any of our terms and conditions please do not use this website or submit any personal information, and contact me if you have any queries

Other Websites

This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.

Other Websites

This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.

Holiday Academy and Forest school club General Data Protection Regulation Policy Statement

(Please also see Privacy policy with respect to the website and booking system, and Staff Code of Ethical Practice, and Parental agreement to administer medication form)

At Holiday Academy and Forest school club we respect the privacy of the children attending, and the privacy of their parents/carers, as well as the privacy of our staff. Our aim is to ensure that all those using and working at Holiday Academy and Forest school club can do so with confidence that their personal data is being kept secure.

Our lead person for data protection is Ruth Peel or the current manager of Holiday Academy and Forest school club. The lead person ensures that we meet the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests. We are on the Early years Ofsted register (rated ‘Good’) and comply with the EYFS Statutory Framework. The Early Years Foundation Stage (EYFS) sets standards for the learning, development and care of children from ‘birth to 5 years old’. This is also the basis for the children in our care aged up to 12 years old.


Within Holiday Academy and Forest school club we respect confidentiality in the following ways:

  • We will only ever share information with a parent about their own child.
  • Information given by parents to Holiday Academy and Forest school club staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
  • Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within Holiday Academy and Forest school club, except with the designated Child Protection/Safeguarding Officer and the manager/owner.
  • Staff only discuss individual children for purposes of planning and group management.
  • Staff, Students on work placements, Temporary staff, and Volunteers are informed of our Data Protection policy and are required to respect it.
  • Staff are made aware of the importance of confidentiality during their induction process.
  • Issues relating to the recruitment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
  • All personal data is stored securely in hard copy form in a lockable file or cabinet, and digitally on a password protected file, on a password protected computer or passcode-locked phone. This depends on which programme the child is attending, and if they are out of the venue on a trip.

The exception to this is the Parental agreement to administer medicine form which is kept with the medication either in a grab bag in the child’s belongings or in the First Aid kit. The parent/carer must sign to agree to this. Exceptions can be made but the welfare of the child must be at the forefront of the decision.

Information that we keep:

Children and parents: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information downloaded from the website booking system; and hard copy attendance records, incident and accident records, and so forth. Once a child leaves our care we retain only the data required by statutory legislation and industry best practice, and for the prescribed periods of time (see below). Electronic data that is no longer required is deleted and paper records are disposed of securely.

Staff: We keep information about staff in order to meet HMRC requirements, and to comply with all other areas of relevant legislation including Ofsted ‘suitable persons’ requirements and disclosures. We retain the information after a member of staff has left our employment for the recommended period of time (see below) then it is deleted or destroyed as necessary.

Sharing information with third parties

We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (eg Police, HMRC, etc). If we need to share information without parental consent, we will record this on file, clearly stating our reasons.

We will only share relevant information that is accurate and up to date. Our primary commitment is to the welfare of the children in our care.

Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to take telephone bookings, manage social media, SEO, administrate our website and its hosting, and to manage our bookkeeping and accounts. We also have partner organisations that we work closely with to add to our services, such as but not limited to Pirate Castle community kayaking programme and Wild child kitchen packed lunch provision. Any such third parties comply with the strict data protection regulations of the GDPR.

Subject access requests

  • Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves. Please contact
  • Staff, volunteers, and visitors can ask to see any information that we keep about them.
  • We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
  • If our information is found to be incorrect or out of date, we will update it promptly.
  • If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).


We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.

Retaining Records Guidance for 2018 and Early years Ofsted requirements

Ofsted-registered clubs are required to keep records of complaints, child details, attendance, contact information, accidents and medication. However there is some difference between the Early Years and Childcare Registers:

  • Clubs and Holiday Provisions on the Early Years Register must keep records pertaining to individual children and complaints for a ‘reasonable period of time after a child has left the provision’ but no specific retention period is given. It is up to providers to decide how long to keep records. (It is worth noting that until 2012, the Statutory Framework for the Early Years Foundation Stagestated that both types of records should be kept for three years.)

We therefore recommend that Ofsted-registered out of school clubs keep the types of records listed above for at least three years after a child has left your care.

Retention of other records

As well as the Ofsted requirements to retain child records and complaints, there are numerous other types of information that all businesses need to retain. These are outlined briefly below.

  • Records of any death, injury, disease or dangerous occurrence that was reportable to the HSE under RIDDOR, must be kept for 3 years. (statutory requirement)
  • Staff accident records must be kept for three years. (statutory requirement)
  • Accident or medical records as specified by COSHH regulations must be kept for 40 years. (statutory requirement)
  •  Personnel files and training records should be kept for six years after the end of employment. (recommendation)
  • Wage records/Staff invoices must be kept for six years. (statutory requirement)
  • Records of SMP, SSP, income tax and NI must be kept for three years after the end of the tax year to which they relate. (statutory requirement)
  • Accounts must be kept for six years from the end of the financial year to which they apply for private companies. (statutory requirement)
  • Minutes must be kept for ten years for companies and six years for charities. (statutory requirement)