Last Updated: 1 April 2026 |
Effective Date: 1 April 2026
1. Introduction
Super Kiddies Ltd ("we", "us", "our") is committed to protecting the privacy and security of your
personal information. This Privacy Policy explains how we collect, use, store, and protect
personal data in accordance with the UK General Data Protection Regulation (UK
GDPR) and the Data Protection Act 2018.
As a childcare provider, we take the handling of children's personal data especially seriously.
This policy applies to all personal information we collect through our website (superkiddies.org.uk), booking
forms, and any other services we provide.
2. Who We Are
Super Kiddies Ltd is a childcare organisation providing wraparound care, holiday club, breakfast
club, twilight club, and after-school care to children aged 4β11 years. We operate from two
branches:
- Woodford Branch: Woodford Methodist Church Hall, Derby Rd, London E18 2PU
- South Tottenham Branch: St Ann's Church, St Ann's Rd, London N15 5JG
3. What Personal Data We Collect
We may collect the following categories of personal information:
3.1 Parent / Guardian Information
- Full name
- Email address
- Phone number
- Preferred visit date and time
- Programme of interest
- Any additional information you choose to provide in the message field
3.2 Children's Information
- Child's age (provided voluntarily when booking a visit)
- Additional needs or special requirements (if disclosed)
3.3 Technical Information
- IP address (for security purposes)
- Browser type and version
- Pages visited on our website
4. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To process and manage your visit booking enquiry
- To contact you regarding your booking or our services
- To send you relevant information about our programmes (only with your consent)
- To administer our website and ensure its security
- To comply with our legal and regulatory obligations as a childcare provider
- To respond to your enquiries and requests
5. Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases for processing your personal data:
- Consent: You have given clear consent by ticking the consent checkbox on
our booking form. You can withdraw consent at any time.
- Legitimate Interests: For managing our business operations and responding
to enquiries, where your interests do not override ours.
- Legal Obligation: Where we are required to process data to comply with UK
law, including safeguarding obligations for children.
- Contractual Necessity: Where processing is necessary to fulfil a service
you have requested.
6. Children's Data β Special Protections π‘οΈ
We understand the sensitivity of children's personal data. We implement the following special
protections:
- We only collect children's data that is strictly necessary for providing our childcare
services.
- We require verifiable parental or guardian consent before collecting or processing any data
relating to children.
- Children's data is never shared with third parties for marketing purposes.
- We apply enhanced security measures to protect all children's records.
- We comply fully with our safeguarding obligations under UK law and Ofsted requirements.
7. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share your information in the following
limited circumstances:
- Service Providers: Trusted third-party providers who assist us in operating
our website and delivering our services (e.g., hosting providers, email services), who are
bound by confidentiality agreements.
- Payment processors: We use Stripe to process payments securely. Their
privacy policy applies to the payment data you provide. We never store or see your full card
details. Please refer to Stripe's Privacy Policy.
- Legal Requirements: Where we are required to disclose information by law,
court order, or to protect the safety of a child.
- Safeguarding Authorities: Where we have a legal duty to report concerns to
child protection agencies or authorities.
International Data Transfers: Some of our service providers may process data
outside the UK. In such cases, we ensure appropriate safeguards are in place.
We will never share your personal data with third parties for their marketing purposes.
8. How Long We Keep Your Data
We retain personal data only for as long as necessary:
- Booking enquiry data: Up to 12 months after your last contact with us.
- Active childcare records: For the duration of enrolment and up to 3 years
after the child's last attendance, in accordance with Ofsted guidance.
- Financial records: Up to 7 years, as required by HMRC regulations.
- Marketing consents: Until you withdraw consent.
After the relevant retention period, your data will be securely deleted or anonymised.
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- π Right of Access: Request a copy of the personal data we hold about you.
- βοΈ Right to Rectification: Request correction of inaccurate or incomplete
data.
- ποΈ Right to Erasure: Request deletion of your data ("Right to be
Forgotten"), subject to legal obligations.
- β Right to Restrict Processing: Request that we limit how we use your data.
- π¦ Right to Data Portability: Receive your data in a structured,
machine-readable format.
- β Right to Object: Object to processing based on legitimate interests or
for direct marketing.
- β©οΈ Right to Withdraw Consent: Withdraw consent at any time, without
affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at info@superkiddies.org.uk. We will respond within 30
days.
10. Data Security
We implement appropriate technical and organisational security measures to protect your personal
data against unauthorised access, loss, destruction, or alteration. These include:
- SSL/TLS encryption for all data transmitted via our website
- Secure server environments with restricted access controls
- Regular security reviews and updates
- Staff training on data protection and confidentiality
- Strict access controls β only authorised staff can access personal data
In the event of a data breach that affects your rights and freedoms, we will notify the
Information Commissioner's Office (ICO) within 72 hours and inform you promptly where required
by law.
11. Cookies
Our website uses cookies to improve your browsing experience. These may include:
- Essential cookies: Required for the website to function correctly.
- Session cookies: Maintain your login session if you have an account.
You can control cookie settings through your browser. Disabling certain cookies may affect the
functionality of our website.
12. Third-Party Links
Our website may contain links to third-party websites (e.g., Google Maps, Facebook, Instagram).
We are not responsible for the privacy practices of these sites and encourage you to read their
privacy policies before providing any personal information.
13. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a
complaint with the Information Commissioner's Office (ICO), the UK supervisory
authority for data protection:
We would appreciate the opportunity to resolve any concerns directly before you contact the ICO.
Please reach out to us first at info@superkiddies.org.uk.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal
requirements. We will notify you of significant changes by updating the "Last Updated" date at
the top of this page. We encourage you to review this policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data
practices, please contact us: