Data Protection Policy

ICO registration reference: ZA380221

At House of Fun we respect the privacy of the children attending our camps and the privacy of their parents or carers, as well as the privacy of our staff. Our aim is to ensure that all those using and working at House of Fun can do so with confidence that their personal data is being kept secure.

Our lead person for data protection is Mr Jake Motion. The lead person ensures that House of Fun follows best practice for data protection, liaises with statutory bodies when necessary, and responds to any subject access requests.



Within House of Fun we respect confidentiality in the following ways:

  • We will only ever share information with a parent about their own child

  • Information given by parents to House of Fun staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy)

  • Concerns or evidence relating to a child’s safety will be kept in a confidential file and will not be shared within House of Fun, except with the designated lead person for data protection and the Team Manager

  • Staff only discuss individual children for purposes of planning and group management

  • Staff are made aware of the importance of confidentiality during their induction process

  • Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions

  • All personal data is stored securely on a password protected computer and password protected phone

  • Students on work placements and volunteers are informed of our Data Protection policy and are required to respect it


Information that we keep

The items of personal data that we keep about individuals are documented on our personal data matrix. The personal data matrix is reviewed annually to ensure that any new data types are included.

Children and parents: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Our lawful basis for processing this data is fulfilment of our contract with the child’s parents. Our legal condition for processing any health-related information about a child is so that we can provide appropriate care to the child. Once a child leaves our care we retain only the data required by statutory legislation and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed of securely.

Staff: We keep information about employees in order to meet HMRC requirements, and to comply with all other areas of employment legislation. Our lawful basis for processing this data is to meet our legal obligations. Our legal condition for processing data relating to an employee’s health is to meet the obligations of employment law. We retain the information after a member of staff has left our employment for the recommended period of time, then it is deleted or destroyed as necessary.


Sharing information with third parties

We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (e.g. Police, HMRC, etc). If we decide to share information without parental consent, we will record this, clearly stating our reasons.

We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.

Some limited personal information is disclosed to authorised third parties we have engaged to process it (Data Processors), as part of the normal running of our business, for example in order to take online bookings, and to manage our payroll and accounts. Any such third parties comply with the strict data protection regulations of the GDPR.

The essential Data Processors currently used to run the business side of House of Fun are as follows:

  • Wix - provides our website platform, including the essential House of Fun booking form that ensures our holiday camps are safe and enjoyable for children. See Wix’s Privacy Notice here:  

  • Clubsbuddy - provides a bookings platform so we can track bookings, payments, schedule events and communicate with parents of children attending our holiday camps. See Clubsbuddy’s Privacy Notice here:  

  • Google Drive - provides an online document area that is essential to organise holiday camp details, staffing, operations and logistics for House of Fun holiday camps. See Google’s Privacy Notice here:

We use Instagram and Facebook to provide a platform to share all the great things going on at House of Fun with parents and House of Fun fans. See Instagram’s Privacy Notice here: See Facebook’s Privacy Notice here: If you have any concerns or worries about this, please contact Jake Motion, the House of Fun lead person for data protection.


Subject access requests
  • Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.

  • Staff and volunteers can ask to see any information that we keep about them.

  • We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.

  • If our information is found to be incorrect or out of date, we will update it promptly.

  • Parents /carers can ask us to delete data, but this may mean that we can no longer provide care to the child as we have a legal obligation to keep certain data. In addition, even after a child has left our care we have to keep some data for specific periods so will not be able to delete all data immediately.

  • Staff and volunteers can ask us to delete their data, but this may mean that we can no longer employ them as we have a legal obligation to keep certain data. In addition, even after a staff member has left our employment we have to keep some data for specific periods so will not be able to delete all data immediately.

  • If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).