Data Protection

Gosforth Park Out of School Club (OSC)

Data Protection and Record Keeping Policy


At Gosforth Park OSC we respect the privacy of children, their parents and carers as well as the privacy of our staff.

Our aim is to ensure that everyone using and working at GPOSC can do so with confidence that their personal data is being kept secure.

Our lead person for data protection is Jo Price. The lead person ensures that the club meets the requirements of the GDPR liaises with the statutory bodies when necessary and responds to any subject access requests.





Within the club we respect confidentiality in the following ways:


We will only ever share information with a parent about their own child.


Information given by parents to the club about their child will not be passed onto a third party without permission unless there is a safeguarding issue (as covered in our safeguarding policy)


Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the club, except with designated child protection managers.


Staff will only discuss individual children for the purpose of planning and group management.


Staff are made aware of the importance of confidentiality during their inductions


Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.


All personal data relating to staff is stored securely at the home of Margaret Higgins, director.


All personal data relating to parents and children is stored securely on the website and is only accessible via a password protected tablet, laptop, desktop or on a passcode locked phone. The website is also password protected.


Students on work placements and volunteers are informed of our data protection policy and are required to respect it.






Information that we keep



Children and parents

We only hold information necessary to provide a childcare service for each child. This includes registration and agreement information, medical information, parent contact information, attendance records, incident and accident records and so forth. Once a child leaves our care we retain only the data required by statutory legislation and industry best practice and for the prescribed periods of time. Electronic data that is no longer required are deleted.



We keep the information about employees in order to meet HMRC requirements, and to comply with all areas of employment legislation We retain information after a member of staff has left our employment for the recommended period of time, then it is deleted or destroyed.


Sharing information with a third party


We will only share child information with outside agencies on a need to know basis and with consent from parents. Except in cases relating to safeguarding children, criminal activities, or if required by legally authorized bodies (eg police HMRC etc)

If we decide to share information without parental consent, we will record this in the child’s file clearly stating our reasons.


We will only share information that is accurate and up to date. Our primary commitment is to the safety and well being of the children in our care.


Subject access requests


Parents/carers can ask to see the information and records relating to their child, and or any information we keep about themselves


Staff and volunteers can ask to see any information that we keep about them.


We will make the requested information available as soon as practicable, and will respond to the request within a month.


If our information is found to be incorrect or out of date we will update it promptly.


If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the information commissioner’s office (ICO)







We comply with the requirements of the General Data Protection Regulation (GDPR) regarding obtaining, storing and using personal data.