top of page

GDPR and Data Protection Policy
The Shades of the Life Oxford Digital Design and Visual Art Studio
Bright Future Innovators Camp & Mystery Missions Camp
Last Reviewed: 10. 05. 2025.
Data Protection Officer: Gyongyi Domokos (CEO)

 

1. Purpose

This policy outlines how The Shades of the Life Oxford Digital Design and Visual Art Studio (SOL) collects, uses, stores, shares, and disposes of personal data, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. Scope

This policy applies to all personal data processed by SOL in relation to children, parents/guardians, staff, volunteers, and third parties involved in our programmes.

 

3. Lawful Basis for Processing Data

We collect and process personal data under the following lawful bases:

  • Consent (e.g. media permissions)

  • Contractual obligation (e.g. registration forms)

  • Legal obligation (e.g. safeguarding records)

  • Legitimate interest (e.g. internal communication)

 

4. What Data We Collect

  • Children: Name, date of birth, medical information, dietary needs, emergency contacts, school, attendance records

  • Parents/Guardians: Name, contact details, consent forms

  • Staff/Volunteers: Name, DBS details, training records, emergency contact

  • Media: Photos/videos with prior consent

 

5. How We Use Personal Data

  • To safeguard and support the welfare of children

  • For registration, communication, and camp operations

  • To fulfil legal and regulatory obligations

  • To evaluate and improve our services

 

6. Data Storage and Security

  • Digital data is stored on secure, password-protected systems.

  • Paper records are kept in locked storage with access only to authorised personnel.

  • Access to sensitive data is limited to staff who need it for their role.

  • We do not store data on personal devices unless encrypted and authorised.

 

7. Sharing of Data

We do not share personal data with third parties unless:

  • It is legally required (e.g. in safeguarding cases)

  • Explicit consent has been obtained

  • It is necessary for external auditing, inspection, or HAF programme requirements

 

8. Retention Periods

  • Children’s records: Retained for 3 years after the child’s last attendance

  • Accident reports: Retained for 3 years (or until the child turns 21 if the injury was serious)

  • Staff records: Retained for 6 years after employment ends

 

9. Your Rights

All data subjects have the right to:

  • Be informed of how data is used

  • Access their personal data

  • Rectify inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict or object to processing

  • Lodge a complaint with the ICO

Requests can be made to the Data Protection Officer (see contact below).

 

10. Data Breaches

Any breach of data security must be reported to the Data Protection Officer immediately. The breach will be investigated, documented, and reported to the Information Commissioner’s Office (ICO) within 72 hours if necessary.

 

11. Staff Responsibilities

All staff and volunteers must:

  • Complete data protection training before camp starts

  • Handle data responsibly and securely

  • Report any concerns or breaches immediately

 

12. Review

This policy is reviewed annually or following a significant change in data protection legislation.

 

Contact:
Gyongyi Domokos
CEO & Data Protection Officer

gyongyidomokos@theshadesofthelife.com I +44/(0)7380410465

​

bottom of page