Children's University Trust Privacy Policy
Children's University Trust (charity no. 1118315 and SC052423) values the trust and confidence of all our stakeholders, which is why we want to make it very clear how and why we collect, secure and use any personal data we have access to. This policy has been written in plain English to make things as clear as possible. If you want a paper copy of this policy or have any other questions, you can ask for any additional information by emailing contactus@childrensuniversity.co.uk or phoning 0161 241 2402. You can download a copy of this policy as a PDF by clicking here.
Safeguarding
If you're looking for Children's University safeguarding information, this is available online by clicking here.
How we use personal information
In general terms, we collect and use personal information to:
- provide our programmes, products or information you have requested
- verify your identity where this is required
- contact you by post, email or telephone about our activities or products that you have agreed to receive
- understand your needs and how they may be met, including research and surveys
- maintain our records, including gathering feedback or complaints
- process donations or payments we have received from you
- prevent and detect crime, fraud or corruption as required by law or regulation
- further our charitable aims, including for fundraising activities
- process your application for a job or volunteer role with us
- monitor website use and personalise the way information is presented to you
- help improve our work, services, activities, products or information (including our website) to make it as user friendly as possible
Further details can be found in the specific sections below.
1.0 Our partner organisations (local Children’s University)
Children's University Trust works with a range of partners to deliver our programme to children. These include schools, universities, colleges, local authorities, and other learning providers. Data protection, and specifically compliance with the General Data Protection Regulation (GDPR), plays a large part in the membership agreement that our partner organisations sign up to when establishing themselves as a Children’s University. These partners manage their relationship with local schools and the children and do so securely and following their own organisation’s GDPR policy. You can rest assured that Children's University Trust will only work with partners who are also GDPR compliant and treat personal data with the same respect, care and protection that we do.
1.1 What we collect and why
We do collect information about the staff and volunteers running Children’s University through our partner organisations. These are the people that help to coordinate our programme and support children to engage in learning during out-of-school hours. This information is professional contact details that are shared with us solely for the purpose of coordinating Children’s University activities and furthering our charitable aims. We use these details to communicate with those who manage Children’s Universities. Without storing and using this data, we would be unable to run Children’s University. We do make these contact details public on our website through individual listings of local Children’s Universities (see www.childrensuniversity.co.uk/inyourarea to search) so that interested parties can make contact with their local Children’s University and we do share these details with other Children’s University managers for the sole purpose of furthering our charitable aims.
1.2 How we store it, who we share it with, and our retention policy
This data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. To this end, we may share this information with partner agencies that are involved in supporting the delivery of our programmes to enhance collaborative working and provide a better experience for child members – for example we will share contact details and make introductions to schools, parents, learning partners and other institutions who wish to communicate with the partners running Children’s University in their local area. We won’t, however, share these details with advertisers or organisations not involved or wanting to get involved with Children’s University.
We will store this personal information for the entire period that an organisation is partnered with us and may retain these details in accordance with legal requirements.
2.0 Children and young people participating in our programme
There are two main ways that children participate in our programme.
- They attend a school that is part of the Children’s University network, working with one of our local partners. These children may:
- use only a paper-based system using their Passport to Learning managed by their school and a local partner (see 2.1.0), or;
- they use a paper Passport to Learning and also have online access to Children’s University Online (CUO), (operating both as CUO at childrensuniversity.co.uk and as The Etc Programme at www.myetc.co.uk ), as managed by their school and a local partner (see 2.2.0)
- They have an online-only subscription to Children’s University Online, managed by a parent/guardian (see 3.0).
These methods of participation dictate what data we keep and are detailed below. Aside from these, we do occasionally keep data on children for the purposes of case studies for promotional work, but this is purely done with school or parental consent and is used by anonymising data.
Regardless of how a child is participating in Children’s University, their data may be used by one of our partner organisations (see section 1.0) who manages Children’s University in a particular area. As stated above, Children’s University Trust will only work with and license the Children’s University model to organisations that are GDPR compliant. If you want to know who this may be in your area, contact contactus@childrensuniversity.co.uk
2.1.0 Children participating and not using our digital platform, CUO
Unless they are using our digital platform (Children’s University Online - operating both as CUO at www.childrensuniversity.co.uk and as The Etc Programme at www.myetc.co.uk ), Children’s University Trust does not generally keep the personal data of children or young people participating in Children’s University. We do occasionally keep data on children for the purposes of case studies for promotional work, but this is purely done with school consent and is used by anonymising data.
If a child is participating in Children’s University, their data may be kept by one of our partner organisations (see section 1.0) who manages Children’s University in a particular area. As stated above, Children’s University Trust will only work with and license the Children’s University model to organisations that are GDPR compliant. If you want to know who this may be in your area, contact contactus@childrensuniversity.co.uk
2.1.1 What we collect and why
When we do collect information about the children for case studies, this information is kept securely and for the purposes of legitimately furthering the aims of Children's University Trust. Without storing and using this data, we would be unable to promote some of the success stories that come out in order to further the work of Children’s University. When we do collect it, it is with parental or school consent and is only used publicly in an anonymised form.
2.1.2 How we store it, who we share it with, and our retention policy
All of our data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store case study information for as long as published case studies remain in the public domain.
2.2.0 Children participating using Children’s University Online (CUO)
Children’s University Online (CUO) is Children’s University’s digital platform (operating both as CUO at www.childrensuniversity.co.uk and as The Etc Programme at www.myetc.co.uk ). It is a fun, safe and secure online space for participants to record their engagement with learning beyond the classroom. It is accessed by logging in via www.childrensuniversity.co.uk Children use this alongside their Passport to Learning, collecting stamps in their passports that can then be posted online where they'll unlock additional information about their activities.
2.2.1 What we collect and why
In order for children to use Children’s University Online, we need to collect information that is uploaded by, or with the permission of, each child’s school. As this is for the children’s educational benefit as part of schools’ statutory requirement to provide for pupils’ wellbeing and enrichment, the legal basis for schools sharing this information is Legitimate Interest or Public Task. The information we collect and why is as follows:
Full name (First name and surname) – this information is needed in order for certificates to be created, schools to be able to monitor children’s progress, and children to log in.
Date of birth – this information is needed in order for Children’s University Trust to be able to target age-appropriate activities at participants.
Gender – this information is to assist schools in ensuring that Children’s University participation reflects the gender split of the school. This information may also be used in order to target gender-appropriate activities at participants (e.g STEM for Girls programmes) and encourage inclusion for all.
School – this information is needed as all children are grouped into schools using Children’s University Online. In cases where children are not part of a school, this will be the name of a virtual school or virtual grouping managed by their local Children’s University partner.
Unique Pupil Reference Number – this is a unique reference that will enable schools to marry up children’s attainment through Children’s University Online with school records.
There may be future developments made to Children’s University Online that will add to these uses. Should there be significant change in how this information is used, this policy will be updated accordingly and users notified.
2.2.2 How we store it, who we share it with, and our retention policy
All of our data is kept securely in password-protected cloud storage and is accessible only by Children’s University Trust management. Children’s University Online (operating both as CUO at www.childrensuniversity.co.uk and as The Etc Programme at www.myetc.co.uk ), was built and is maintained by Tech Dept Limited who have access to the site purely for maintenance and technical development purposes.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store case study information for as long as published case studies remain in the public domain.
3.0 Subscribers of Children’s University Online (CUO)
Children’s University Online (CUO) is Children’s University’s digital platform (operating both as CUO at www.childrensuniversity.co.uk and as The Etc Programme at www.myetc.co.uk ). It is a fun, safe and secure online space for participants to record their engagement with learning beyond the classroom. It is accessed by logging in via www.childrensuniversity.co.uk
Parents/Guardians can set up an account for themselves, and this then gives them the ability to create accounts for children. Parents/Guardians who set up accounts for themselves do so willingly sharing their details. As part of our terms and conditions on sign-up, Parents/Guardians can only set up an account for children for whom they are the holder of parental responsibility. They tick a box to indicate that this is the case.
All payment processing is via the payment platform Stripe. The Stripe privacy policy can be found here.
3.1 What we collect and why
In order to establish a Parent/Guardian account, we need to collect information so that we can contact parents. The information we collect and why is as follows:
Full name (First name and surname) – this information is needed in order to record a named contact who takes parental responsibility for any child subscribers.
Email address – this information is needed in order to contact a named contact who takes parental responsibility for any child subscribers.
In order for children to use Children’s University Online as a subscriber, we need to collect information that is uploaded by a parent/guardian who is the holder of parental responsibility. As such, the legal basis for sharing this information is consent. The information we collect and why is as follows:
Full name (First name and surname) – this information is needed in order for certificates to be created, and children to log in.
Date of birth – this information is needed in order for Children’s University Trust to be able to target age-appropriate activities at participants.
Gender – this information is for Children’s University to monitor that Children’s University participation reflects a fair gender split. This information may also be used in order to target gender-appropriate activities at participants (e.g STEM for Girls programmes) and encourage inclusion for all.
School – this information is needed in order for Children’s University to monitor participation across the country. As an organisation we use publicly available information about schools in order to look at our reach into different areas and demographics. By using school level data to do this (i.e. data that the Department for Education makes public here rather than personal individual child data) we can make general school level comparisons, rather than asking parents to share additional protected or sensitive data.
3.2 How we store it, who we share it with, and our retention policy
All of our data is kept securely in password-protected cloud storage and is accessible only by Children’s University Trust management. Children’s University Online was built and is maintained by Tech Dept Limited who have access to the site purely for maintenance and technical development purposes.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store case study information for as long as published case studies remain in the public domain.
4.0 Learning destinations, activity providers and other partners
Children's University Trust works with national learning partners who run destinations and activities for children. These may be museums, retail destinations, public parks, or anywhere that children can take part in structured learning. All the learning partners that we work with have been validated as providing quality learning opportunities.
4.1 What we collect and why
We do collect information about the staff and volunteers running learning destinations and learning activities through our learning partner organisations. These are the people that help to boost our programme and offer opportunities and support children to engage in learning during out-of-school hours. This information is professional contact details that are shared with us solely for the purpose of promoting validated Children’s University activities. We use these details to put schools, children and parents in touch with opportunities in their area. Without storing and using this data, we would be unable to run Children’s University as we would have no activities for children. We do make these contact details public on our website through individual listings of local activities (see www.childrensuniversity.co.uk/inyourarea to search) so that interested parties can make contact with their local Children’s University.
4.2 How we store it, who we share it with, and our retention policy
This data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. Children’s University Online was built and is maintained by Tech Dept Limited who have access to the site purely for maintenance and technical development purposes.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store this personal information for a minimum of three years, at which point we will endeavour to ensure all information is correct and up to date.
5.0 Staff and Volunteers
Children's University Trust employs staff and occasionally works with volunteers.
5.1 What we collect and why
We do collect data on staff and volunteers. This information is purely for employment purposes and is in accordance with employment contracts and other applicable policies.
5.2 How we store it, who we share it with, and our retention policy
Our staff data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store this personal information for 10 years. After this, we will retain minimal records for the purposes of record keeping for references (name, period of employment).
6.0 Trustees
Children's University Trust is a registered charity (no. 1118315) and so we are governed by a Board of Trustees.
6.1 What we collect and why
We do collect data on Trustees. This information is purely for governance purposes and is in accordance with the law and Charity Commission requirements.
6.2 How we store it, who we share it with, and our retention policy
Our Trustee data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
We will store this personal information for at least 10 years. After this, we will retain minimal records for the purposes of record keeping for references (name, period of trusteeship).
7.0 Recruitment
When someone applies for a volunteer or salaried post with Children's University Trust, we will only use the information given to us to process applications and to monitor recruitment statistics.
7.1 What we collect and why
We do collect personal information about applicants as part of standard recruitment procedure. We do this to verify the identity of applicants and to ensure that the candidates we select are qualified for the specific role they apply for.
7.2 How we store it, who we share it with, and our retention policy
Our recruitment data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management. We keep statistical information about applicants to develop our recruitment processes, however no individual applicant would be identifiable from this information.
We will share applicants’ personal information with people and/or organisations that they have asked us to contact for the purposes of obtaining a reference. We may also undertake a vetting and barring check through the Disclosure and Barring Service.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
If a candidate is unsuccessful in their application, we may hold their personal information for a period of six months after we have finished recruiting for the post or volunteer role for which they applied. If a candidate becomes a volunteer or paid member of staff, their data will be processed in accordance with employment contracts and other applicable policies (see point 5.0)
8.0 Emailing Children’s University
When someone emails Children’s University, whether to contactus@childrensuniversity.co.uk or to a specific named member of staff, they are often sharing personal data.
8.1 What we collect and why
We only use this data for responding to inquiries and furthering the charitable aims of Children's University Trust. We do not store this information outside of our email system and we do not use this information for any other reasons other than to respond to inquiries and provide a good experience to those getting in touch. We don’t add details to any mailing lists or pass it on to any other companies.
8.2 How we store it, who we share it with, and our retention policy
Our email data is kept securely in password-protected cloud storage and is accessible only by Children's University Trust management. We will occasionally save email correspondence outside of our email programmes (as a PDF record of correspondence, for example), but it remains in secure password-protected cloud storage.
We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University or responding to local issues with our delivery partner organisations. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
If we receive any content that we believe to be inappropriate, offensive or in breach of any laws, we may use personal information to inform relevant third parties such as internet providers or law enforcement agencies.
We will store this personal information for up to 10 years. We may retain these details in accordance with legal requirements and as per our retention schedule to help ensure that we do not continue to contact you.
Working with third party service providers
We use service providers (such as accountants, payment processors, and software platform providers) to help us provide you with our services. Where we use third parties, we require them to adhere to data protection controls to protect personal information. We give relevant persons working for some of these service providers access to personal information, but only to the extent necessary for them to perform their services for us.
When confidentiality may be broken
Children's University Trust will treat data with complete confidentiality in accordance to the GDPR. Confidentiality may not apply to circumstances where:
- We are legally required to disclose data.
- There is a duty to the public to disclose.
- Disclosure is required to protect an individual’s interest.
- Disclosure is made at an individual’s request or with their consent.
Your rights
CU Trust fully endorses and adheres to providing and maintaining the 5 rights stipulated by GDPR. All individuals who are subject to personal data held by Children's University Trust are entitled to these rights:
- The right to be forgotten: An individual may, at any point, request that any and all data kept on them be deleted without undue delay. If you would like us to delete the data we have on you, you can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify how this will be done.
- The right to object: An individual may prohibit the use of certain data and reject an organisation or individual’s request to process their data. If you would like us to object to the data we have on you or the way it is processed, you can do this by emailing helen.donnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify our approach to changes.
- The right to rectification: An individual may request that any incomplete or incorrect data kept on them be amended, corrected and rectified. If you would like to rectify the data we have on you, you can do this by emailing helen.odonnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify how this will be done.
- The right to access: An individual may request access to any data kept on them and how this data is being processed. You have the right to request a copy of the personal information about you that we hold. You can do this by emailing helen.odonnell@childrensuniversity.co.uk or phoning 0161 241 2402 we will aim to respond within 3 days to clarify how this will be done.
- The right to portability: An individual can request that their data is transferred from one organisation or individual to another. You can do this by emailing helen.odonnell@childrensuniversity.co.uk or phoning 0161 241 2402 we will aim to respond within 3 days to clarify how this will be done.
This policy
This policy was first written on May 21st, 2018 and most recently added to on February 7th 2023. It was updated to coincide with the launch of a new Children’s University website and to include reference to Children’s University Online and The Etc Programme – the new digital platform available henceforth. It will be reviewed by the Trustees of Children’s University Trust on an annual basis. Updates will be made public by sharing this policy on www.childrensuniversity.co.uk
The Information Commission Office
We seek to resolve directly all complaints about how we handle personal information, but you also have the right to lodge a complaint with the Information Commission Office by phoning 0303 123 1113 or visiting their website.