Skip to the content

CU Trust Privacy Policy

CU Trust (charity no. 1118315) values the trust and confidence of all our stakeholders, which is why we want to make it very clear how and why we collect, secure and use any personal data we have access to. This policy has been written in plain English to make things as clear as possible. If you want a paper copy of this policy or have any other questions, you can ask for any additional information by emailing contactus@childrensuniversity.co.uk or phoning 0161 241 2402

Safeguarding

If you're looking for Children's University safeguarding information, this is available online by clicking here.

How we use personal information

In general terms, we collect and use personal information to:

  • provide our programmes, products or information you have requested
  • verify your identity where this is required
  • contact you by post, email or telephone about our activities or products that you have agreed to receive
  • understand your needs and how they may be met, including research and surveys
  • maintain our records, including gathering feedback or complaints
  • process donations or payments we have received from you
  • prevent and detect crime, fraud or corruption as required by law or regulation
  • further our charitable aims, including for fundraising activities
  • process your application for a job or volunteer role with us
  • monitor website use and personalise the way information is presented to you
  • help improve our work, services, activities, products or information (including our website) to make it as user friendly as possible

Further details can be found in the specific sections below.

 

1.0 Our partner organisations (local Children’s University)

CU Trust works with a range of partners to deliver our programme to children. These include schools, universities, colleges, local authorities, and other learning providers. Data protection, and specifically compliance with the General Data Protection Regulation (GDPR), plays a large part in the membership agreement that our partner organisations sign up to when establishing themselves as a Children’s University. These partners manage their relationship with local schools and the children and do so securely and following their own organisation’s GDPR policy. You can rest assured that CU Trust will only work with partners who are also GDPR compliant and treat personal data with the same respect, care and protection that we do.

1.1 What we collect and why

We do collect information about the staff and volunteers running Children’s University through our partner organisations. These are the people that help to coordinate our programme and support children to engage in learning during out-of-school hours. This information is professional contact details that are shared with us solely for the purpose of coordinating Children’s University activities and furthering our charitable aims. We use these details to communicate with those who manage Children’s Universities. Without storing and using this data, we would be unable to run Children’s University. We do make these contact details public on our website through individual listings of local Children’s Universities (see www.childrensuniversity.co.uk/inyourarea to search) so that interested parties can make contact with their local Children’s University and we do share these details with other Children’s University managers for the sole purpose of furthering our charitable aims.

1.2 How we store it, who we share it with, and our retention policy

This data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. It is also stored in our E-passport (see below point 4 for more details) through which it gets published online on www.childrensuniversity.co.uk

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. To this end, we may share this information with partner agencies that are involved in supporting the delivery of our programmes to enhance collaborative working and provide a better experience for child members – for example we will share contact details and make introductions to schools, parents, learning partners and other institutions who wish to communicate with the partners running Children’s University in their local area. We won’t, however, share these details with advertisers or organisations not involved or wanting to get involved with Children’s University.

We will store this personal information for the entire period that an organisation is partnered with us and may retain these details in accordance with legal requirements.

 

2.0 Children and young people participating in our programme

There are three main ways that children participate in our programme:

  1. They use a paper-based system using their Passport to Learning managed by their school and a local partner (see 1.0)
  2. They use Children’s University Online – our digital platform that’s accessed via childrensuniversity.co.uk this only launched in May 2019 (see 2.2.0)
  3. They use our ePassport system, an older online system that is run by F2uni (see 0)

These methods of participation dictate what data we keep and are detailed below. Aside from these, we do occasionally keep data on children for the purposes of case studies for promotional work, but this is purely done with school consent and is used by anonymising data.

Regardless of how a child is participating in Children’s University, their data may be used by one of our partner organisations (see section 1.0) who manages Children’s University in a particular area. As stated above, CU Trust will only work with and license the Children’s University model to organisations that are GDPR compliant. If you want to know who this may be in your area, contact contactus@childrensuniversity.co.uk

2.1.0 Children participating and not using one of our two digital platforms

Unless they are using one of our digital platforms (Children’s University Online or the ePassport) CU Trust does not generally keep the personal data of children or young people participating in Children’s University. We do occasionally keep data on children for the purposes of case studies for promotional work, but this is purely done with school consent and is used by anonymising data.

If a child is participating in Children’s University, their data may be kept by one of our partner organisations (see section 1.0) who manages Children’s University in a particular area. As stated above, CU Trust will only work with and license the Children’s University model to organisations that are GDPR compliant. If you want to know who this may be in your area, contact contactus@childrensuniversity.co.uk

2.1.1 What we collect and why

When we do collect information about the children for case studies, this information is kept securely and for the purposes of legitimately furthering the aims of CU Trust. Without storing and using this data, we would be unable to promote some of the success stories that come out in order to further the work of Children’s University. When we do collect it, it is with parental or school consent and is only used publicly in an anonymised form.

2.1.2 How we store it, who we share it with, and our retention policy

All of our data is kept securely in password-protected cloud storage and is accessible only by CU Trust management.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

We will store case study information for as long as published case studies remain in the public domain.

2.2.0 Children participating using Children’s University Online

Children’s University Online is Children’s University’s newest digital platform. It is a fun, safe and secure online space for participants to record what they’re doing. It is accessed by logging in via www.childrensuniversity.co.uk Children use this alongside their Passport to Learning, collecting stamps in their passports that can then be posted online where they'll unlock additional information about their activities.

2.2.1 What we collect and why

In order for children to use Children’s University Online, we need to collect information that is uploaded by, or with the permission of, each child’s school. In some cases this information is added by our local partners with the permission of parents. The information we collect and why is as follows:

Full name (First name and surname) – this information is needed in order for certificates to be created, schools to be able to monitor children’s progress, and children to log in.

Date of birth – this information is needed in order for CU Trust to be able to target age-appropriate activities at participants.

Gender – this information is to assist schools in ensuring that Children’s University participation reflects the gender split of the school. This information may also be used in order to target gender-appropriate activities at participants (e.g STEM for Girls programmes) and encourage inclusion for all.

School – this information is needed as all children are grouped into schools using Children’s University Online. In cases where children are not part of a school, this will be the name of a virtual school or virtual grouping managed by their local Children’s University partner.

Unique Pupil Reference Number – this is a unique reference that will enable schools to marry up children’s attainment through Children’s University Online with school records.

There may be future developments made to Children’s University Online that will add to these uses. Should there be significant change in how this information is used, this policy will be updated accordingly and users notified.

2.2.2 How we store it, who we share it with, and our retention policy

All of our data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. Children’s University Online was built and is maintained by Tech Dept Limited who have access to the site purely for maintenance and technical development purposes.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

We will store case study information for as long as published case studies remain in the public domain.

 

3.0 Use of our e-Passport system

CU Trust operates an E-passport with F2Uni Limited at https://epassport.f2uni.com  This E-passport is used by some local Children’s Universities as an electronic version of the Children’s University Passport to Learning and so some children have their data stored there. Similarly, this is where data about our learning partners and Children’s University managers is stored. All data shared in this system is covered by a joint privacy policy that can be read at https://epassport.f2uni.com/Content/privacy.htm

If you’re unsure as to whether your child’s details are stored in the E-Passport system, you are recommended to contact your local Children’s University. You can find their details by searching www.childrensuniversity/inyourarea 

Please note that this is an external site that will be running until the end of July 2019.

 

4.0 Learning destinations, activity providers and other partners

CU Trust works with national learning partners who run destinations and activities for children. These may be museums, retail destinations, public parks, or anywhere that children can take part in structured learning. All the learning partners that we work with have been validated as providing quality learning opportunities.

4.1 What we collect and why

We do collect information about the staff and volunteers running learning destinations and learning activities through our learning partner organisations. These are the people that help to boost our programme and offer opportunities and support children to engage in learning during out-of-school hours. This information is professional contact details that are shared with us solely for the purpose of promoting validated Children’s University activities. We use these details to put schools, children and parents in touch with opportunities in their area. Without storing and using this data, we would be unable to run Children’s University as we would have no activities for children. We do make these contact details public on our website through individual listings of local activities (see www.childrensuniversity.co.uk/inyourarea to search) so that interested parties can make contact with their local Children’s University.

4.2 How we store it, who we share it with, and our retention policy

This data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. Children’s University Online was built and is maintained by Tech Dept Limited who have access to the site purely for maintenance and technical development purposes.

Some of this information (predominantly those organisations involved in Children’s University prior to December 2018) is also stored in our E-passport (see above point 3 for more details) through which it gets accessed via the Children’s University App (available until end of July 2019). Prior to May 16th 2019, this information was also used to publish online on www.childrensuniversity.co.uk

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

We will store this personal information for a minimum of three years, at which point we will endeavour to ensure all information is correct and up to date.

 

5.0 Staff and Volunteers

CU Trust employs staff and occasionally works with volunteers.

5.1 What we collect and why

We do collect data on staff and volunteers. This information is purely for employment purposes and is in accordance with employment contracts and other applicable policies.

5.2 How we store it, who we share it with, and our retention policy

Our staff data is kept securely in password-protected cloud storage and is accessible only by CU Trust management.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

We will store this personal information for 10 years. After this, we will retain minimal records for the purposes of record keeping for references (name, period of employment).

 

6.0 Trustees

CU Trust is a registered charity (no. 1118315) and so we are governed by a Board of Trustees.

6.1 What we collect and why

We do collect data on Trustees. This information is purely for governance purposes and is in accordance with the law and Charity Commission requirements.

6.2 How we store it, who we share it with, and our retention policy

Our Trustee data is kept securely in password-protected cloud storage and is accessible only by CU Trust management.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

We will store this personal information for at least 10 years. After this, we will retain minimal records for the purposes of record keeping for references (name, period of trusteeship).

 

7.0 Recruitment

When someone applies for a volunteer or salaried post with CU Trust, we will only use the information given to us to process applications and to monitor recruitment statistics.

7.1 What we collect and why

We do collect personal information about applicants as part of standard recruitment procedure. We do this to verify the identity of applicants and to ensure that the candidates we select are qualified for the specific role they apply for.

7.2 How we store it, who we share it with, and our retention policy

Our recruitment data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. We keep statistical information about applicants to develop our recruitment processes, however no individual applicant would be identifiable from this information.

We will share applicants’ personal information with people and/or organisations that they have asked us to contact for the purposes of obtaining a reference. We may also undertake a vetting and barring check through the Disclosure and Barring Service.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

If a candidate is unsuccessful in their application, we may hold their personal information for a period of six months after we have finished recruiting for the post or volunteer role for which they applied. If a candidate becomes a volunteer or paid member of staff, their data will be processed in accordance with employment contracts and other applicable policies (see point 5.0)

 

8.0 Emailing Children’s University

When someone emails Children’s University, whether to contactus@childrensuniversity.co.uk or to a specific named member of staff, they are often sharing personal data.

8.1 What we collect and why

We only use this data for responding to inquiries and furthering the charitable aims of CU Trust. We do not store this information outside of our email system and we do not use this information for any other reasons other than to respond to inquiries and provide a good experience to those getting in touch. We don’t add details to any mailing lists or pass it on to any other companies.

8.2 How we store it, who we share it with, and our retention policy

Our email data is kept securely in password-protected cloud storage and is accessible only by CU Trust management. We will occasionally save email correspondence outside of our email programmes (as a PDF record of correspondence, for example), but it remains in secure password-protected cloud storage.

We do not share this information with other organisations or individuals for any other purposes other than furthering the work of Children’s University or responding to local issues with our delivery partner organisations. We will never sell, swap or rent data to any third party. We will not share details with other charities for marketing purposes. We will only share information with other organisations where we have permission to do so in accordance with this privacy policy, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.

If we receive any content that we believe to be inappropriate, offensive or in breach of any laws, we may use personal information to inform relevant third parties such as internet providers or law enforcement agencies.

We will store this personal information for up to 10 years. We may retain these details in accordance with legal requirements and as per our retention schedule to help ensure that we do not continue to contact you.

 

Working with third party service providers

We use service providers (such as accountants, payment processors, and software platform providers) to help us provide you with our services. Where we use third parties, we require them to adhere to data protection controls to protect personal information. We give relevant persons working for some of these service providers access to personal information, but only to the extent necessary for them to perform their services for us.

 

When confidentiality may be broken

CU Trust will treat data with complete confidentiality in accordance to the GDPR. Confidentiality may not apply to circumstances where:

  • We are legally required to disclose data.
  • There is a duty to the public to disclose.
  • Disclosure is required to protect an individual’s interest.
  • Disclosure is made at an individual’s request or with their consent.

 

Your rights

CU Trust fully endorses and adheres to providing and maintaining the 5 rights stipulated by GDPR. All individuals who are subject to personal data held by CU Trust are entitled to these rights:

  1. The right to be forgotten: An individual may, at any point, request that any and all data kept on them be deleted without undue delay. If you would like us to delete the data we have on you, you can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify how this will be done.
  2. The right to object: An individual may prohibit the use of certain data and reject an organisation or individual’s request to process their data. If you would like us to object to the data we have on you or the way it is processed, you can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify our approach to changes.
  3. The right to rectification: An individual may request that any incomplete or incorrect data kept on them be amended, corrected and rectified. If you would like to rectify the data we have on you, you can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402. We will aim to respond within 3 days to clarify how this will be done.
  4. The right to access: An individual may request access to any data kept on them and how this data is being processed. You have the right to request a copy of the personal information about you that we hold. You can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402 we will aim to respond within 3 days to clarify how this will be done.
  5. The right to portability: An individual can request that their data is transferred from one organisation or individual to another. You can do this by emailing odonnell@childrensuniversity.co.uk or phoning 0161 241 2402 we will aim to respond within 3 days to clarify how this will be done.

 

This policy

This policy was first written on May 21st, 2018 and updated on May 16th 2019. It was updated to coincide with the launch of a new Children’s University website and to include reference to Children’s University Online – the new digital platform available henceforth. It will be reviewed by the Trustees of CU Trust on a quarterly basis. Updates will be made public by sharing this policy on www.childrensuniversity.co.uk

 

The Information Commission Office

We seek to resolve directly all complaints about how we handle personal information, but you also have the right to lodge a complaint with the Information Commission Office by phoning 0303 123 1113 or visiting their website.