privacy policy

Effective Date: 13/08/2025
Last Updated:15/08/2025

At ILOVEUKE CIC, we are committed to protecting your personal data and your child’s personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).


1. Who We AreILOVEUKE CIC
Address: 7 Elm Terrace, Wymondham, Norfolk, NR18 0QD
Email: [email protected]
Phone: 07762 303662
If you have questions about this policy or wish to exercise your GDPR rights, please contact our Data Protection Officer at the details above.


2. What Data We CollectWhen you complete our online booking form, we may collect:
Parent/Guardian Information:

• Full name
  
  
  
• Email address
  
  
  
• Phone number
  
  
  

Child Information:

• Full name
  
  
  
• Medical information, allergies, or special requirements (if provided)
  
  
  
• Emergency contact details
  
  
  

Other:

• Left/Right handed
• Photo permission
• Preferred Pronoun

3. Why We Collect Your Data
We collect and process your data for:

• Providing services – To process and confirm your booking
  
  
  
• Child safety and wellbeing – To ensure appropriate care and meet medical/dietary needs
  
  
  
• Legal compliance – To meet safeguarding, health & safety, and register-keeping requirements
  
  
  
• Communication – To send booking confirmations, updates, or respond to enquiries
  
  
  
• Marketing (with consent) – To send information about future services or events
  

4. Lawful Basis for Processing

Under GDPR, our lawful bases are:

• Contract – Processing necessary to deliver the service you have booked
  
  
  
• Legal obligation – Compliance with child safeguarding and safety laws
  
  
  
• Consent – For marketing communications or optional data (e.g., photographs)
  
  
  
• Vital interests – Sharing necessary medical information with emergency services
  
  

5. How We Store and Protect Data
We take data security seriously:

• Data stored on password-protected systems
  
  
  
• Limited access for authorised staff only
  
  
  
• Encryption where possible
  
  
  
• Paper forms (if used) stored securely and shredded when no longer needed

6. Data Retention
We keep personal data only for as long as necessary:

• Booking records: 2 years after last booking
  
  
  
• Medical/emergency information: Deleted immediately after the booking/event unless required for legal reasons
  
  
  
• Accident/incident records: Retained for 3 years to meet legal requirements
  
  
  
• Marketing data: Until you withdraw consent
  

7. Who We Share Data With
We do not sell your data. We may share data with:

• Payment processors (for handling transactions)
  
  
  
• IT/booking system providers (for secure form storage)
  
  
  
• Emergency services (if required for safety)
  
  
  

All third-party providers are GDPR-compliant and bound by Data Processing Agreements.


8. Your GDPR Rights
You have the right to:

• Access the personal data we hold about you and your child
  
  
  
• Request corrections to inaccurate data
  
  
  
• Request deletion of personal data (unless we must retain it for legal reasons)
  
  
  
• Withdraw consent for marketing
  
  
  
• Restrict or object to certain processing
  
  
  
• Request a copy of your data in a portable format
  
  
  

You can exercise these rights by contacting us at [email protected]


9. Children’s Data
We require parental/guardian consent for all personal data collected about children. We do not knowingly collect data from children without parental permission.


10. Data Breach Procedure
If a personal data breach occurs that risks your rights and freedoms:

• We will notify the Information Commissioner’s Office within 72 hours (if required)
  
  
  
• We will inform affected individuals promptly if the breach is serious
  
  
  

11. Changes to This PolicyWe may update this Privacy Policy from time to time.
​The latest version will always be available on our website.