Because your trust matters.
Date: October 2025
Review Date: October 2026
Coordinator: Head
Nominated Governor: Vicki May
Version: v10.25
Introduction
At The Haven, your privacy isn’t just a checkbox — it’s a promise.
We’re committed to handling your personal data with care, clarity and respect. This policy explains how we collect, use, and protect your data when you engage with The Haven — whether you’re a learner, a parent, a member of staff, or just visiting our website.
By using our services, you’re agreeing to the practices below. If anything feels unclear or you’d like to talk it through, we’re here. Just reach out.
Why We Collect Your Data
We collect and use personal data to:
● Provide and personalise your learning experience
● Communicate with you about courses and services
● Keep students safe and supported
● Comply with our legal duties (like safeguarding and tax law)
Our legal basis for processing data includes:
● Fulfilling a contract (e.g. providing tuition)
● Meeting legal obligations (e.g. safeguarding)
● Pursuing our legitimate interests (e.g. improving our services)
● Where needed, your clear and informed consent
What We Collect & How We Use It
Learners & Parents/Carers
When you enquire or enrol with Haven, we may collect:
● Personal details: Name, DOB, contact details, gender identity, school history
● Learning details: Subjects, goals, interests, SEN info, and preferred learning styles ● Referral source: How you found us
We use this to:
● Match you with the right courses, mentors and teachers
● Support wellbeing and tailor learning
● Keep in touch and share relevant updates
We keep this information securely for up to 6 years after your time with us ends, unless you ask us to delete it earlier (and unless law says we must keep it).
Staff & Mentors
If you work with The Haven, we may collect:
● Contact details, qualifications, DBS info, a short bio or photo (with consent)
● Bank details (for payment)
● References
We use this to:
● Ensure we’ve found the right fit for our students
● Manage contracts, training, and safeguarding
● Pay you on time
We retain staff records for up to 2 years after your contract ends, unless law requires otherwise.
Website Visitors
When you visit our website, we collect:
● Basic analytics (like which pages are visited) using tools like Google Analytics ● Cookie preferences (more on this below)
This data is anonymised and helps us improve your experience. Non-essential cookies (like for analytics) are only used with your consent.
Cookies & Tracking
We use cookies to:
● Keep the site running smoothly
● Remember your preferences
● Understand what’s helpful to visitors
Essential cookies are always on. Non-essential ones (like analytics) are only used if you say yes via the cookie banner. You can update your choices at any time.
[See our full Cookie Policy →]
Your Rights (and how to use them)
Under UK GDPR, you have rights over your data:
● Access – You can ask what data we hold about you.
● Correction – You can ask us to fix mistakes.
● Deletion – You can ask us to delete your data (“right to be forgotten”). ● Restriction – You can ask us to stop processing it temporarily.
● Objection – You can object to how we’re using your data.
● Portability – You can ask us to send your data elsewhere in a readable format.
To use any of these rights, just email our DPO (see below). We’ll respond within 30 days and may ask for ID to protect your data.
Data Retention
We only keep data as long as we genuinely need it. Here’s a quick guide: ● Student records – Up to 6 years after you leave
● Staff/tutor data – Up to 2 years post-engagement
● Billing info – 7 years (for tax compliance)
After that, your data is securely deleted or anonymised.
Who We Share Data With
We never sell your data. We may share limited personal info with:
● Tutors or educational partners (to provide learning)
● Legal bodies (if required by law)
● Payment processors and admin platforms (under strict agreements)
If data ever leaves the UK or EEA, we ensure it’s protected using GDPR-approved safeguards like Standard Contractual Clauses.
How We Keep Your Data Safe
We take data protection seriously, and use:
● Encrypted storage
● Secure logins and passwords
● Regular system updates
● GDPR training for all staff
● A “privacy by design” mindset in everything we do
Please note: while we do everything we can to protect data in our systems, we can’t fully guarantee security during internet transmission (e.g. via email). Once we receive it, it’s in safe hands.
What Happens If There’s a Breach?
If your data is ever compromised in a way that could impact your rights or freedoms:
● We’ll notify you promptly
● We’ll report the incident to the ICO within 72 hours
Marketing and Communication
We only send newsletters or marketing if you’ve opted in. You can unsubscribe anytime by clicking the link in our emails or emailing us directly.
We may use anonymised data to analyse trends or improve our services. Testimonials will only ever be shared publicly with your explicit permission.
Changes to This Policy
We’ll review this policy regularly and update it when needed. Any significant changes will be highlighted via email or website notices.
Contact Us
Questions? Concerns? Want to access or update your data?
Contact our Data Protection Officer (DPO): Cathy Wassell
The Haven Team
hello@autisticgirlsnetwork.org
Or visit the ICO (Information Commissioner’s Office) at www.ico.org.uk for independent advice or to lodge a complaint.