Legal notice

Name of company

Out of School XP Ltd.


Registered office

Arches Barn

Cuerdale Lane






Contact details

Josie 07947 172 238

Melissa 07773 585 383

Nic 07949 571 178    





Regulatory authority



Privacy Notice


Out of School XP Ltd (T/A The Out of School Experience) is required to collect personal information for its employees, children, parents, other contacts, bill payers, other professionals and visitors. It is also necessary to process information so that children can be kept safe, be fully supported, and have their care and learning needs fully met; staff can be recruited and paid; activities organised; the business run efficiently and legal obligations to other bodies met. We intend to meet all the requirements of the Data Protection Act 1998 (the Act) and the General Data Protection Regulations 2018, and The Children Act 2006 (as defined by the EYFS Statutory Framework) when collecting, storing, and destroying personal data.


To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, The Out of School Experience must comply with the Data Protection Principles which are set out in the Data Protection Act 1998 and the General Data Protection Regulations 2018. In summary these state that personal data must be:


  • obtained and processed fairly and lawfully;
  • obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose; adequate, relevant, and not excessive for that purpose;
  • accurate and kept up to date;
  • not kept for longer than is necessary;
  • processed in accordance with the data subject's rights;
  • kept safe from unauthorised access, accidental loss, or destruction;
  • not be transferred to a country outside the European Economic Area unless that country has equivalent levels of protection for personal data.


As ever, we continue to take your privacy seriously, and in accordance with the General Data Protection Regulation, we will commit to the following:


We ask you for personal data about you and your child/ren in order to deliver a childcare service to you. We must have a legal basis for collecting this data. We will be processing your data under the following bases:

Legal Obligation


For other matters, where we require consent, we will provide a way for you to positively make a decision about the information that you make available and how this is shared.    


This information will be collected by each setting senior manager as part of the child’s registration/induction to the setting. We ask for some data verbally at our initial meeting or telephone contact and record it on paper forms/digitally. We ask for this information at regular intervals to ensure it is up to date. We will do this by asking you to update information via Parentzonne or if you prefer you can complete and return a data form. Jacqueline Midgley is the Designated Data Controller. In her absence, Melissa Palmer will perform the role.  


We are required to hold and use this personal data in order to comply with the statutory framework of England, Ofsted, the Department for Education and my Local Authority. This data will be used to:

  • support your child’s development
  • ensure security of the premises your child is cared for including a record of visitors and CCTV (premises with CCTV)
  • ensure your child is safe and happy
  • monitor and report on your child’s progress
  • share information about activities in our setting
  • support your child to feel settled and engaged and share information with them, you and staff to ensure this is done
  • contact named people in an emergency
  • share with other professionals in accordance with legislation
  • ensure a contract of service is delivered and maintained
  • ensure that this setting receives income for the service.


With your permission this data may be, or when necessary, shared with:

  • Other professionals supporting your child, for example health visitor, other settings your child may attend, school, other health or education professional
  • School professionals
  • My local authority for the purposes of funded services that they support
  • The local safeguarding children’s board or Social Services Referral and Assessment Team if I ever have any concerns about the safety of your child. (N.B. under certain circumstances consent for child protection referrals is not required)
  • Ofsted
  • HMRC and Other Government Organisations


Your Rights

The GDPR provides the following rights for individuals:


  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.


Withdrawal of Consent and Right to Object


Individuals have the right to object on grounds relating to his or her particular situation and can withdraw consent for us to hold the data at any time, however, the requirements of the Children’s Act 2006 and Safeguarding requirements will take precedence over GDPR.


If you want to see a copy of the information we hold and share about you then please contact the settings senior manager detailed above, who is the person within setting responsible for data


We are required by law to keep some information about your child for a period of time after a child has left the setting. We will keep a record of this and dispose securely at the correct time.


Please see our data protection policy (available at site) for further information on data sharing, safe storage and your rights to access your data.

If you require more information, please do not hesitate to contact us.

Melissa Palmer