Privacy Policy
THE BREEZY CLUB LTD – PRIVACY POLICY (PRIVACY NOTICE)
Effective date: 13 January 2026
This Privacy Policy explains how The Breezy Club Ltd (“we”, “us”, “our”) collects, uses, stores and protects personal data about children, parents/carers, and website visitors, in line with the UK GDPR and the Data Protection Act 2018.
1) Who we are (Data Controller)
The Breezy Club Ltd is the “Data Controller” for the personal information we collect.
Contact details:
The Breezy Club Ltd
Address: 35 Grafton Way, London, W1T 5DB
Email: theteam@thebreezyclub.co.uk
Phone: 0203 355 6805
If you have any questions about this Privacy Policy or how we handle your information, please contact us using the details above.
2) What personal data we collect
We may collect and store the following types of personal information:
A) Parents / Carers
-
Name and contact details (email, phone number, address)
-
Emergency contact details
-
Relationship to child
-
Payment and booking information
-
Communications with us (emails, messages, calls)
-
Consents (e.g., photography consent, medical consent)
B) Children
-
Child’s name, date of birth and age
-
Medical information (allergies, medication, health needs)
-
Additional needs information (SEND/support requirements)
-
Dietary needs
-
Collection/drop-off permissions (authorised adults and passwords where used)
-
Behavioural support information (only where needed for safeguarding and care)
-
Attendance records and incident/accident records
C) Website / Booking Platform Data
-
Bookings, cancellations and attendance
-
IP address and device information (where collected by web services)
-
Basic analytics data (cookies where applicable)
3) How we collect your data
We collect personal data when you:
-
Register or book a place with us through ClassForKids.io
-
Complete forms (registration forms, feedback forms, consent forms)
-
Contact us via email, phone, or social media
-
Attend our club
-
Visit our website (cookies/analytics if enabled)
4) Why we use your data (and our lawful basis)
We only use personal data when we have a lawful reason under UK GDPR. Most commonly:
A) Contract (to deliver the service)
We use personal data to:
-
Manage bookings and registrations
-
Provide childcare and activities
-
Contact you about your booking, changes, or important updates
-
Process payments and issue receipts/invoices
B) Legal obligation
We may use and store personal data to:
-
Meet safeguarding obligations
-
Maintain accident/incident records
-
Comply with insurance and regulatory requirements
-
Respond to lawful requests from authorities
C) Vital interests (safety)
We may use medical and emergency data to:
-
Protect a child’s health and wellbeing
-
Respond to an emergency
D) Legitimate interests (running our club properly)
We may use data to:
-
Improve our services
-
Manage communications and customer support
-
Prevent fraud or misuse of our services
-
Maintain internal records, training, and service quality
E) Consent (where required)
We use consent for:
-
Photography/video use of children (marketing, social media, website)
-
Certain optional communications or promotions (if applicable)
You can withdraw consent at any time (see Section 9).
5) Special category data (health, medical, additional needs)
Some information we collect is “special category data” (e.g., allergies, medical conditions, SEND support needs). We only collect this where it is necessary to provide safe childcare and support.
This is processed for:
-
Health and social care purposes
-
Safeguarding and protection of children
-
Vital interests (in emergencies)
Access to this information is restricted to trained staff who need it to care for your child.
6) How we store and protect your information
We take data security seriously and use appropriate measures to protect personal information, including:
-
Secure digital storage and password-protected systems
-
Limiting access to staff who need the data
-
Staff training on safeguarding and data protection
-
Secure disposal of paper records where used
-
Safe handling of incident, accident, and medical records
We also work with trusted service providers who process personal data securely on our behalf (see Section 7).
7) Who we share personal data with
We do not sell personal data.
We may share personal data only when necessary, including:
A) Booking & payments provider
We use ClassForKids.io as our booking system. This means relevant booking/registration data is processed and stored through their platform to manage registrations, payments, and attendance.
B) Staff and contractors
Only staff who need information to care for children will have access to relevant details.
C) Safeguarding / legal authorities
We may share information with relevant agencies such as:
-
Social services
-
Police
-
NHS services
…where necessary for safeguarding, child protection, legal obligation, or immediate safety.
D) Insurers
We may share necessary information for accident/incident claims or safeguarding matters.
8) How long we keep your data (retention)
We keep personal data only as long as necessary for our operational, legal, and safeguarding obligations.
Typical retention periods include:
-
Registration and booking data: kept for a reasonable period for administration and financial records
-
Accident/incident records: kept longer where required for safeguarding and insurance purposes
-
Financial records: kept for legal/tax purposes
-
Photographs/videos: kept until consent is withdrawn or no longer needed for the purpose
If you request deletion, we will comply where possible, but some records must be retained for legal/safeguarding reasons.
9) Your rights under UK GDPR
You have rights including:
-
Right to be informed (this policy)
-
Right of access (request a copy of your data)
-
Right to rectification (fix inaccurate data)
-
Right to erasure (delete data, where applicable)
-
Right to restrict processing
-
Right to object
-
Right to data portability
-
Rights relating to automated decision-making (we do not use this in a way that affects your rights)
To exercise any of these rights, contact: theteam@thebreezyclub.co.uk.
10) Photography and video
We may take photos/videos during activities to celebrate the club and share updates.
We only use images for marketing (website/social media/printed materials) if:
-
You have provided consent, OR
-
The use is clearly within what you’ve agreed to
You can change or withdraw your consent at any time by emailing us.
11) Marketing communications
We may contact parents/carers with important service updates (these are not marketing).
If we send marketing messages (e.g., offers, early bird bookings, newsletters), we will only do so where permitted by law and you can opt-out anytime.
12) Cookies (website)
If our website uses cookies or analytics tools, we may collect basic usage information (e.g., page visits, device type).
Where required, cookies will only be used with your consent through a cookie banner/settings.
13) International data transfers
Our primary operations are UK based. Some service providers may store data outside the UK. Where this happens, we ensure appropriate safeguards are in place.
14) Complaints
If you are unhappy with how your data has been handled, please contact us first so we can resolve the issue.
You also have the right to complain to the Information Commissioner’s Office (ICO) (the UK data protection regulator).
15) Changes to this Privacy Policy
We may update this policy from time to time. The latest version will always be available via our website or on request.
If you want, I can also create:
-
a short “parent-friendly” privacy notice (1-page)
-
a Photography & Video Consent Form
-
a Data retention schedule table to match Ofsted-style documentation