Privacy Policy
Privacy Policy
Strong Roots / Strong Roots Group
Last Updated: May 2026
1. Introduction
Strong Roots is committed to protecting the privacy and personal information of children, parents, carers, schools, nurseries, staff, freelancers, volunteers and website users.
This Privacy Policy explains how we collect, use, store and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who We Are
Trading Name: Strong Roots / Strong Roots Group
Business Type: Sole Trader
Email: strongrootsgroup@gmail.com
Website: www.strong-roots-group.co.uk
For the purposes of data protection law, Strong Roots is the “data controller” of the personal information collected and processed.
3. The Information We Collect
Parents / Guardians
- Parent and child names
- Contact details including email, phone number and address
- Emergency contact details
- Medical, allergy and dietary information
- SEND or additional support information
- Booking and attendance records
- Payment information
- Consent preferences
- Photographs or videos where consent has been provided
Children
- Name and age/date of birth
- Medical or behavioural information necessary for safe participation
- Support needs and risk information
- Attendance records
Staff, Freelancers and Volunteers
- Contact details
- DBS and safeguarding information
- Qualifications and insurance information
- Payment and recruitment information
Schools, Nurseries and Organisations
- Contact names and details
- Booking and communication records
- Invoices and payment information
Website and Social Media Users
- Website usage information
- Cookies and analytics data
- Messages sent through forms or social media platforms
4. How We Collect Information
We collect information through:
- Booking systems such as ClassForKids
- Website forms and enquiries
- Emails, phone calls and messages
- Registration and consent forms
- Staff application forms
- Social media interactions
- Direct communication with parents, schools and settings
5. Children’s Privacy
Strong Roots provides activities for children and young people.
Personal information relating to children is only collected with the knowledge of a parent, guardian, school or responsible organisation and only where necessary to provide safe and appropriate services.
We are committed to handling children’s information carefully and responsibly.
6. Why We Use Personal Information
We use personal data to:
- Deliver holiday camps, workshops and activities
- Safeguard children and staff
- Manage bookings and attendance
- Communicate important information
- Process payments and invoices
- Manage staffing and recruitment
- Meet safeguarding, legal, insurance and health & safety obligations
- Improve our services
- Respond to enquiries
- Send relevant updates or marketing communications where appropriate
7. Legal Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
Contract
To provide booked services and activities.
Legal Obligation
To meet safeguarding, health and safety, tax and insurance requirements.
Legitimate Interests
To manage and improve our services and business operations.
Consent
For:
- Photography and video use
- Certain marketing communications
- Some medical or additional needs information where required
Consent can be withdrawn at any time.
8. Special Category Data
Some information we collect, including medical, allergy, SEND or safeguarding information, is considered sensitive personal data.
We only collect this where necessary to:
- Protect children’s health and wellbeing
- Provide appropriate support
- Meet safeguarding obligations
- Ensure safe participation in activities
This information is only shared with staff who need it to safely support the child.
9. Photography and Video
Strong Roots may take photographs or videos during activities for:
- Social media
- Website content
- Promotional materials
- Funding or council reports
We will only use identifiable images of children where consent has been provided by a parent or guardian.
Parents and guardians may withdraw consent at any time by contacting us.
10. Marketing Communications
We may occasionally send updates about camps, workshops or activities which may be relevant to you.
You can unsubscribe from marketing communications at any time by following the unsubscribe link or contacting us directly.
11. Who We Share Information With
We may share information with:
- Staff, freelancers and activity leaders working with the child
- Schools, nurseries or venue providers where appropriate
- Local authorities or HAF teams where required
- Booking and payment providers
- Professional advisers, insurers or accountants
- Safeguarding authorities where legally necessary
We do not sell personal information to third parties.
12. Third Party Providers
We use trusted third party providers to help operate our services, including:
- ClassForKids
- Stripe
- Google Workspace
- Meta Platforms (Facebook & Instagram)
These providers may process personal information on our behalf and are expected to comply with UK GDPR requirements.
13. International Data Transfers
Some third party providers may store or process information outside the UK.
Where this happens, appropriate safeguards are used to protect personal information in accordance with UK GDPR requirements.
14. Safeguarding and Legal Disclosure
In certain circumstances, Strong Roots may share information without consent where necessary to:
- Protect a child or vulnerable individual
- Comply with safeguarding obligations
- Prevent harm
- Meet legal or regulatory requirements
15. Recruitment Information
Information submitted as part of recruitment, volunteering or staff applications will only be used for:
- Recruitment purposes
- Safeguarding checks
- Legal and insurance compliance
- Operational staffing requirements
Staff, freelancers and volunteers will also receive a separate Staff & Freelancer Privacy Notice where appropriate.
16. Data Storage and Security
We take reasonable steps to protect personal information, including:
- Secure password protected systems
- Restricted access to sensitive information
- Secure cloud storage
- Appropriate confidentiality and safeguarding procedures
Only authorised individuals are permitted access to personal data where necessary.
17. Data Retention
We retain information for different periods depending on the type of data and legal requirements.
Examples may include:
- Financial records: up to 6 years
- Safeguarding or incident records: in line with safeguarding guidance
- Booking and attendance records: as reasonably required for operational and legal purposes
- Staff records: in line with employment and safeguarding obligations
When information is no longer required, it will be securely deleted or destroyed.
18. Data Breaches
Strong Roots has procedures in place to respond to suspected personal data breaches and will notify relevant authorities and affected individuals where legally required.
19. Cookies and Website Analytics
Our website may use cookies and analytics tools to:
- Improve website functionality
- Understand website traffic and usage
- Improve user experience
You can manage cookie settings through your browser preferences.
20. Your Rights
Under UK GDPR, individuals have the right to:
- Access their personal data
- Correct inaccurate information
- Request deletion of information
- Restrict or object to processing
- Withdraw consent
- Request transfer of their data where applicable
- Complain to the Information Commissioner’s Office (ICO)
21. Contact Us
If you have any questions about this policy or how personal information is handled, please contact:
Strong Roots
Email: strongrootsgroup@gmail.com
Website: www.strong-roots-group.co.uk
22. Complaints
If you are unhappy with how we handle personal information, you can contact the Information Commissioner’s Office (ICO).
23. Policy Updates
This policy may be updated from time to time to reflect operational or legal changes. The latest version will always be available on our website.