Data Protection Policy
Sussex Forest Activities
Effective Date: 10/2025
Review Date: 10/2026
1. Purpose of this Policy
Sussex Forest Activities (“we”, “our”, “us”) is committed to protecting the privacy and security of the personal information of our clients, children, parents, carers, and staff. This Data Protection Policy explains how we collect, store, and use personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to all staff, volunteers, and contractors of Sussex Forest Activities who have access to personal information. It covers all personal data collected, stored, and processed by us in relation to children, parents/carers, and staff.
3. Legal Framework
This policy is based on the UK GDPR and the Data Protection Act 2018. Sussex Forest Activities is the Data Controller for the personal data we process. Our website and online data storage are managed via Wix.com, which acts as our Data Processor. Wix is GDPR-compliant and stores data securely in accordance with UK and EU data protection standards.
4. Data We Collect
We collect and process personal data that is necessary to provide childcare and Forest School services safely and effectively. This may include:
- Child’s name, date of birth, and medical information
- Parent/carer contact details
- Emergency contact information
- Attendance records
- Accident/incident reports
- Photographs (with consent)
We collect this data directly from parents/carers through registration forms and our website.
5. How We Store and Protect Data
- Digital Data: All digital data (such as registration forms and contact details) is stored securely on Wix.com, our website and data hosting provider. Wix implements appropriate technical and organisational measures to protect data against unauthorised access, loss, or misuse.
- Paper Records: Any paper records (e.g. attendance sheets, consent forms, or incident reports) are kept securely during use and destroyed promptly after use using a cross-cut shredder or secure disposal method.
- Access Control: Only authorised Sussex Forest Activities staff members have access to personal information on a need-to-know basis.
6. Sharing of Data
We treat all personal information as strictly confidential. Personal data will not be shared with anyone outside of Sussex Forest Activities unless:
- We have explicit written consent from the parent/carer
- We are required by law (e.g. safeguarding concerns, legal obligations)
- It is necessary for emergency medical treatment.
We do not sell or share personal data for marketing or any other commercial purpose.
7. Data Retention
Sussex Forest Activities only keeps personal data for as long as is necessary to fulfil the purposes for which it was collected and to comply with legal or regulatory requirements. After this period, personal data is securely deleted or destroyed.
8. Rights of Individuals
Under UK GDPR, parents/carers and staff have the following rights regarding their personal data:
- The right to access a copy of their data
- The right to request correction of inaccurate data
- The right to request deletion (“right to be forgotten”)
- The right to restrict processing
- The right to object to processing
- The right to data portability
To exercise these rights, please contact us at: admin@forestactivities.co.uk
9. Data Breaches
In the event of a data breach, Sussex Forest Activities will:
1. Take immediate steps to contain and assess the breach.
2. Notify affected individuals where appropriate.
3. Report serious breaches to the Information Commissioner’s Office (ICO)within 72 hours, in accordance with legal requirements.
10. Review and Updates
This policy will be reviewed annually, or sooner if there are changes in legislation or our data processing practices.
11. Contact Information
For questions, requests, or concerns about this policy or your data, please contact:
Data Protection Lead: Samantha Cross
Email: admin@forestactivities.co.uk
Phone: 07475 770949
Address: available on request
If you are not satisfied with our response, you may contact the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Telephone: 0303 123 1113
