Privacy Policy

Sensory People: Privacy Notice

At Sensory People, we take your privacy and the security of your child’s information very seriously. This notice explains how we collect, store, use, and protect your personal data in full compliance with the Data Protection Act 2018, the UK GDPR, and the Data Protection and Digital Information framework.

1. Who We Are

Sensory People is a registered charity. For the purposes of data protection laws, we are the “Data Controller” of your personal information. If you have any questions about this notice or how we handle your data, you can contact our Senior Responsible Individual (SRI):

  • Contact: Marion Rogerson
  • Address: 9 Rathmore Close, Stourbridge, DY8 2RS
  • Email: info@sensory-people.co.uk
  • Tel: 07879 431371

2. The Information We Collect

We only collect personal data that we genuinely need to run our therapeutic services safely and effectively. This includes:

  • Contact Details: Parent/guardian name, address, email address, phone number, and child’s emergency contact details.
  • Service & Attendance Details: Session bookings, eligibility checks, and feedback.
  • Special Category (Health) Data: Speech and language therapy assessments, sensory integration profiles, physical or behavioural medical needs, and daily clinical session notes.

3. How We Use Your Information

We use your personal data strictly to:

  • Deliver, evaluate and tailor daily one-to-one sensory integration and speech therapy sessions for your child.
  • Support, manage and coordinate our vital workforce of volunteers and independent contractors.
  • Comply with our strict legal, safeguarding and financial obligations.

4. Our Legal Basis for Processing

Under UK data laws, we must have a valid legal reason to hold your data.

  • For General Data: We rely on Legitimate Interests to safely administer the charity, schedule sessions, and manage our workforce.
  • For Special Category Health Data: We process your child’s clinical information relying strictly on your Explicit Consent (obtained in writing before therapy begins) and Social Protection Law to fulfil our statutory safeguarding duties.

You have the right to withdraw consent for data processing at any time. Please note that withdrawing consent will result in the immediate termination of services if the data is operationally necessary to deliver therapy safely.

5. Keeping Your Data Safe & Who We Share It With

We take data security very seriously. Physical papers (such as signed consent forms or handwritten session notes) are stored in locked, fireproof cabinets within our dedicated sensory space. Digital files are encrypted and held on password-secured cloud systems.

  • Workforce Sharing: Your information is only shared on a strict “need-to-know” basis with our trustees, volunteers, and the independent professional therapists delivering your child’s sessions.
  • Contractor Compliance: All independent contractors are legally bound by a formal Data Processing Agreement (DPA). They are strictly prohibited from storing your data permanently on personal devices, and any temporary data used for session planning must be deleted within 24 hours of upload to our secure central system.
  • No Commercial Sharing: We never sell your data or share it with unauthorised third parties.

6. How Long We Keep Your Data

We only retain records for as long as operationally, contractually, or legally necessary:

  • Children’s & Safeguarding Records: In line with national safeguarding standards, all clinical notes, therapy logs, and assessments concerning children are securely kept until the individual reaches 25 years of age.
  • Workforce & Governance Records: General records for trustees, volunteers, and independent contractors are kept for a maximum of 6 years after their relationship with the charity ends.
  • Other Operational Data: General administrative data is deleted after 3 years unless funding bodies request a longer retention period.

When data is no longer needed, physical copies are securely shredded on-site and electronic files are permanently deleted from all systems and backups.

7. Your Legal Rights

You have specific statutory rights regarding your and your child’s personal information. You can ask us to:

  • Provide a copy of the data we hold about you or your child (Subject Access Request).
  • Correct any mistakes or outdated information.
  • Delete your information from our systems (where legally permitted and not overridden by safeguarding retention laws).
  • Stop or restrict how we use your data.

To exercise any of these rights, please contact our Chairperson or our Senior Responsible Individual (SRI). We will verify your parental responsibility/identity using proportionate means and respond in writing within one calendar month.

8. How to Complain

If you are unhappy with how we have handled your data, please let us know so we can fix it. You can raise a concern directly with our Senior Responsible Individual (SRI) using the contact details in Section 1.

If you remain unsatisfied with our response, you have the legal right to lodge a complaint directly with the UK’s independent data regulator, the Information Commissioner’s Office (ICO), by visiting ico.org.uk.

Next