top of page

GDPR AND PRIVACY POLICY

The Dear Academy is committed to protecting the privacy and personal data of all children, families, and staff. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, use, store, and share personal data. 

​

Purpose of Data Collection 

We collect personal data to support the effective delivery of our services, including:

  • Enrolment and administration

  • Emergency contacts and medical information

  • Learning and developmental records

  • Safeguarding and child protection

  • Communication with parents and carers 

​

Types of Data We Collect 

We may collect the following categories of personal information:

  • Child’s name, date of birth, address, and medical history

  • Parent/guardian names, contact details, and emergency contacts

  • Educational and developmental records

  • Safeguarding concerns or intervention records (where necessary)

  • Attendance and incident logs 

​

Lawful Basis for Processing 

We collect and process data on the following lawful bases under Article 6 and 9 of the UK GDPR:

  • Consent (e.g., for photography or optional activities)

  • Legal obligation (e.g., safeguarding, health and safety)

  • Vital interests (e.g., emergency care)

  • Legitimate interests (e.g., effective delivery of our service) 

​

Data Storage and Security 

We take appropriate technical and organisational measures to secure data, including:

  • Password-protected digital records

  • Limited access based on role

  • Secure storage for paper records

  • Regular review and deletion of outdated data 

​

Data Sharing 

We only share personal data when necessary and in accordance with the law. This may include sharing with:

  • Emergency services

  • Safeguarding partners and local authorities

  • Educational or health professionals (with consent where appropriate) We do not sell or distribute personal information to third parties for marketing purposes. 

​

Your Rights 

Under GDPR, individuals have the right to:

  • Access the data we hold about them or their child

  • Request correction of inaccurate data

  • Request erasure of data (under specific conditions)

  • Object to processing or request data portability Requests can be made in writing to: elizabeth@thedearacademy.com 

​

Data Retention 

We retain records only for as long as necessary in line with legal requirements and guidance. For example, safeguarding records are retained in accordance with statutory guidance. 

​

Data Breach Procedure 

In the event of a data breach, we will assess the risk and report it to the Information Commissioner’s Office (ICO) within 72 hours if required. Affected individuals will be informed without undue delay. 

​

Policy Review 

This policy will be reviewed annually or when significant changes in data protection law occur. Amendments will be communicated to all stakeholders. 

​

May 2025 

bottom of page