Privacy Policy

SAFEGUARDING POLICY STATEMENT

LAST REVIEWED MARCH 2025

NEXT REVIEWED MARCH 2026

The purpose and scope of this policy statement

The purpose of this policy statement is:

  • to protect children and young people who receive Unlimited school of Arts services from harm. This includes the children of adults who use our services

• to provide staff and volunteers, as well as children and young people and their families, with the overarching principles that guide our approach to child protection.

This policy applies to anyone working on behalf of Unlimited school of Arts, including the principal, paid staff, volunteers, sessional workers, agency staff and students.

Legal framework

This policy has been drawn up in accordance with safeguarding legislation and guidance in Wales, including the Social Services and Well-being (Wales) Act 2014 and Working Together to Safeguard People

Supporting documents

This policy statement should be read alongside our organisational policies, procedures, guidance and other related documents.

• Health and safety

• Terms and Conditions

• Covid-19 Risk Assessment 

We believe that:

• Children and young people should never experience abuse of any kind

• We have a responsibility to promote the welfare of all children and young

people, to keep them safe and to practise in a way that protects them.


We recognise that:

• the welfare of children is paramount in all the work we do and in all the decisions we take all children, regardless of age, disability, gender reassignment, race, religion or belief, sex, or sexual orientation have an equal right to protection from all types of harm or abuse

• some children are additionally vulnerable because of the impact of previous experiences, their level of dependency, communication needs or other issues

• working in partnership with children, young people, their parents, carers and

other agencies is essential in promoting young people’s welfare.


We will seek to keep children and young people safe by:

• valuing, listening to and respecting them

• appointing a nominated child protection lead for children and young people.

• adopting child protection and safeguarding best practice through our policies,

procedures and code of conduct for staff and volunteers

• developing and implementing an effective online safety policy and related

procedures

• providing effective management for staff and volunteers through supervision,

support, training and quality assurance measures so that all staff and volunteers know about and follow our policies, procedures and behaviour codes confidently and competently

• recruiting and selecting staff and volunteers safely, ensuring all necessary checks are made

• recording, storing and using information professionally and securely, in line with data protection legislation and guidance [more information about this is available from the Information Commissioner’s Office: ico.org.uk/for- organisations]

  • sharing information about safeguarding and good practice with children and their families via leaflets, posters, group work and one-to-one discussions
  • making sure that children, young people and their families know where to go for help if they have a concern.

• using our procedures to manage any allegations against staff and volunteers appropriately

• creating and maintaining an anti-bullying environment and ensuring that we have a policy and procedure to help us deal effectively with any bullying that does arise

• ensuring that we have effective complaints and whistleblowing measures in place

• ensuring that we provide a safe physical environment for our children, young people, staff and volunteers, by applying health and safety measures in accordance with the law and regulatory guidance.

  • building a safeguarding culture where staff and volunteers, children, young people and their families, treat each other with respect and are comfortable about sharing concerns.


Contact details

Nominated child protection lead - (The Nominated Child Protection Lead is responsible for receiving safeguarding concerns, making referrals where necessary, and liaising with relevant agencies)


Name: Eva Chelsea Free

Email: Unlimitedschoolofarts@outlook.com

If the Nominated Child Protection Lead is unavailable, concerns should be reported to the NSPCC Helpline or local safeguarding services. 

NSPCC Helpline 0808 800 5000



Data Protection & Privacy Policy

Unlimited School of Arts

Effective from: March 2025

Last reviewed: March 2025

Next review: March 2026


1. Purpose of this Policy

Unlimited School of Arts is committed to protecting the privacy and personal data of children, parents, staff, and all individuals we work with. This policy explains: - what personal data we collect - how and why we use it - how it is stored and protected - how long it is retained - the rights of individuals under UK GDPR

This policy combines our Privacy Notice (for parents and families) and our Data Protection Policy (for internal practice).


2. Who We Are

Unlimited School of Arts is the Data Controller for the personal data we collect.

Data Protection Lead: Eva Chelsea Free

Email: Unlimitedschoolofarts@outlook.com

We operate in Wales and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


3. Who This Policy Applies To

This policy applies to: - children and young people attending our classes - parents and carers - staff, assistants, volunteers, and contractors - anyone who contacts or engages with Unlimited School of Arts

For children, data protection rights are exercised by a parent or person with parental responsibility.


4. Lawful Bases for Processing Data

We process personal data under one or more of the following lawful bases: - Consent – e.g. photos/videos, marketing communications - Contract – e.g. class enrolment and bookings - Legal obligation – e.g. safeguarding and health & safety requirements - Legitimate interests – e.g. running classes safely and effectively


5. Personal Data We Collect

We may collect and process the following information:

Children

  • Name and date of birth
  • Medical information, allergies, or SEN needs (where provided)
  • Attendance records
  • Assessment or progress notes (where relevant)

Parents / Carers

  • Names and contact details
  • Emergency contact information
  • Payment and billing details

Other Data

  • Photographs or videos (with consent)
  • Communications via email, WhatsApp, or booking systems


6. How We Collect Data

Personal data is collected through: - registration and enrolment forms - ClassForKids booking and management system - direct communication with parents/carers - consent forms where required. 


7. How We Store and Protect Data

We take appropriate security measures to protect personal data, including: - password-protected digital systems - secure cloud-based platforms (e.g. ClassForKids) - restricted staff access - locked storage for any physical records

All staff and assistants are expected to handle data responsibly and in line with this policy.


8. Data Retention

We only keep personal data for as long as necessary:

  • Student records: up to 7 years after a child leaves
  • Financial records: 6 years (legal requirement)
  • Enquiries not resulting in enrolment: 12 months
  • Informal class activities or notes: not retained

Paper records are securely disposed of using confidential shredding.


9. Data Sharing

We only share personal data where necessary and appropriate, including: - where required by law - for safeguarding purposes - with emergency services - with trusted service providers (e.g. ClassForKids)

We never sell personal data to third parties.


10. Photography and Video

Photos and videos are only taken and used: - with parental consent - for legitimate purposes such as performances, promotion, or social media

Consent can be withdrawn at any time.


11. Individual Rights Under UK GDPR

Individuals (or parents on behalf of children) have the right to: - access personal data - correct inaccurate data - request deletion where appropriate - object to processing - withdraw consent at any time

Requests should be made in writing to the Data Protection Lead.

Individuals also have the right to raise concerns with the Information Commissioner’s Office (ICO).


12. Data Breaches

In the event of a data breach, we will: - assess the risk promptly - notify the ICO within 72 hours where required - take steps to prevent recurrence

All incidents are recorded internally.


13. Complaints and Concerns

Any concerns about how personal data is handled should be raised in line with our Complaints Procedure.

Safeguarding concerns should be reported immediately in accordance with our Safeguarding Policy.


14. Review of This Policy

This policy is reviewed annually or sooner if required by changes in legislation or practice.


Unlimited School of Arts