GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place.  This being approved by the EU Parliament in 2016 and came into effect on 25th May 2018.

GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals.

Bendy Tots have updated their GDPR and have all the right laws in place to protect each individual

This includes the protection of personal data for children, parents, and staff.

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

GDPR includes 7 rights for individuals:


1) The right to be informed

Bendy Tots collect all parents and students details on registration. We need to know parents/guardian’s names, addresses, telephone numbers, email addresses, as well as emergency contact details. We need to know children’s’ full names, addresses, date of birth and Education school, along with any medical and SEN requirements. This information is kept fully confidential. 

Bendy Tots hold the right to pass any of your data on to our Governed bodies, Acrobatics Arts as well as Bendy Tots GDPR rules and your data is safe.

We sometimes are requested to provide this data to Poole Council & other performing council areas in the event of safeguarding and this information is sent to the Local Authority via a secure electronic file transfer system. However in this case Bendy Tots will contact all individuals personally to make sure that this information has been granted.

As an employer Bendy Tots are required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to Due Diligence Checking for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record. Bendy Tots also hold the right to dismiss any member of staff who do not abide by these laws.


2) The right of access

At any point an individual can make a request relating to their data and Bendy Tots will need to provide a response (within 1 month). Bendy Tots can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.


3) The right to erasure

As an individual you are in your right to request the deletion of your data where there is no compelling reason for its continued use.

Bendy Tots have a legal duty to keep children’s and parents details for a reasonable time.  

Bendy Tots retains these records for 3-4 years after leaving the school.

Children's accident and injury records are retained for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Staff records must be kept for 6 years after the member of leaves employment, before they can be erased. This data is archived securely onsite and shredded after the legal retention period.


4) The right to restrict processing

Parents and staff can object to Bendy Tots processing any of their data. This means that records can be stored but must not be used in any way.


5) The right to data portability

Bendy Tots requires data to be transferred from one IT system to another; such as from Bendy Tots DSP to the Local Authority.  These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR. All systems are password protected.


6) The right to object

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.


7) The right not to be subject to automated decision-making including profiling.

Automated decisions and profiling are used for marketing based organisations. Bendy Tots does not use personal data for such purposes.


Storage and use of personal information

To ensure all personal information is maintained in the most secure manner. All of  Bendy Tots office computers/phones are password protected.

On occasion paper documents of personal data may be required, such as first aid forms etc.  These hard copies will be kept in a locked Bendy Tots office and can only be accessed by the teacher and administrative manager.

Bendy Tots stores personal data held visually in photographs or video clips or as sound recordings.  No names are stored with images in photo albums, displays, on the website or on Bendy Tots UK social media sites.  Images/videos are only shared where parents have provided consent. Please go to Photography privacy here for more information




GDPR means Bendy Tots:

* Manage and process personal data properly

* Protect the individual’s rights to privacy

* Provide an individual with access to all personal information held on them

If you wish to see Bendy Tots UK full Data GDPR please ask a member of the administrative team.