Holiday Activities and Food Programme HAF Registration System

Privacy Notice for Parents and Carers

Why do we collect and use this information?

Hampshire County Council collects personal information from you as the parent or carer of a participant on a Holiday Activities with Food (HAF) scheme. This allows the County Council to fulfil Department for Education requirements for the HAF Programme to provide healthy food and enriching activities to eligible children during the Easter, summer and Christmas school holidays.

We collect information about you and your child or children (including personal data) to manage access to, and delivery of, the HAF Programme. We will collect and use the personal data that we need to in order for you to book and access a place for your child or children on a HAF scheme.

We also hold this personal data securely and use it to:

  • verify your personal data against the eligibility requirements of the scheme;
  • Provide you with a unique HAF code to allow you access to all Hampshire County Council HAF schemes;
  • contact you about future provision or other support information;
  • review attendance data from the scheme to assess the uptake from the public;
  • provide statistical information to schools;
  • provide information to the Department for Education as the funding organisation for the HAF programme;
  • evaluate and improve the service you receive from the scheme including the provision of feedback opportunities;
  • ensure compliance with our obligations under the accuracy principle of the General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your scheme are up to date.

The categories of information that we collect, hold and share

We collect different types of Personal Data and Special Category Data depending on the activity being undertaken.

For the purposes of administering a HAF Registration we process the following personal information:

  • your name;
  • the name of your child or children’s name and date of birth;
  • your home postal address;
  • the school your child attends or attended;
  • your contact information, e.g. phone number or email address;
  • whether your child accesses free school meals or any other relevant data relevant to whether you meet the eligibility requirements for the programme.

The lawful basis on which we use this information

We collect and use the information you provide, ensuring that we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(e) Public task – where the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;

This article under the UK GDPR and the DPA2018 is supported by the following specific legislation:

  • The Localism Act (2011)

Storing and Securing Data

Any personal information held about you will be maintained as a record in the County Council’s Document Management System (DMS) and will be held in line with the appropriate retention policy and as required by the Department of Education for audit purposes.

Correspondence and communications received (such as emails from the HAF scheme owner or manager) will be stored within the County Council’s DMS.  No paper files are held. The information held within the County Council’s DMS will be kept in line with our retention schedule and then deleted as appropriate. The County Council’s DMS is hosted by the County Council in secure UK based data centres, which are on site.

The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:

  • prevented from being accidentally or deliberately compromised;
  • accessed, altered, disclosed or deleted only by those authorised to do so;
  • accurate and complete in relation to why we are processing it;
  • continually accessible and usable with daily backups; and
  • protected by levels of security ‘appropriate’ to the risks presented by our processing.

The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Who do we share information with?

We do not share information with anyone unless there is a lawful basis that allows us to do so. The information shared under a lawful basis will be necessary, relevant and proportional to the task being undertaken and will only be processed in line with the purposes stated above.

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information please contact the Children’s Services Department’s Subject Access Request (SAR) Team.  

You also have the right to:

  • prevent processing for the purpose of direct marketing unless we have your consent
  • object to decisions being taken by solely automated means
  • ask to have your personal information deleted
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations 

Further information

The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.

You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.

You can contact the County Council’s Data Protection Officer by email [email protected].

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.