Children First Academy Trust School Facility Hire

Privacy Policy

Last updated: 15 April 2026
Next review date: April 2027

1. Who we are

This Privacy Policy explains how personal information is collected, used, and protected when community facilities are booked through this website.

Community bookings are administered by Kajima Community using the BookingsPlus booking system.

Data Controller
Kajima Community
12 Basset Court, Grange Park, Northampton, England, NN4 5EZ

Email: [email protected]
Telephone: 03330 110 476

2. The personal data we collect

Depending on the nature of an enquiry or booking, we may collect and process the following types of personal data.

Contact and account information

  • Name
  • Email address
  • Telephone number
  • Postal address

Booking and financial information

  • Booking details, dates, and pricing
  • Invoices and credit notes
  • Payments and refunds
  • Account balances

Compliance and safeguarding information (where applicable)

In limited circumstances, information may be required to support safeguarding and venue compliance. This may include:

  • Public Liability Insurance certificates
  • Coaching or First Aid certificates
  • Confirmation that appropriate safeguarding checks are in place

Where possible, compliance is confirmed through a Declaration of Assurance (DoA) rather than by collecting copies of Disclosure and Barring Service (DBS) certificates.

DBS certificates, which may contain information relating to criminal convictions, are not routinely collected or retained. Where such information is provided, it is handled with strict confidentiality and appropriate safeguards.

3. How we collect personal data

Personal data may be collected in the following ways.

Directly from users

  • When enquiries are submitted through this website or via BookingsPlus
  • When booking requests are made
  • When compliance or due‑diligence information is provided
  • When information or declarations are submitted via Microsoft Forms or Jotform

Indirectly from third parties

  • From schools, academy trusts, local authorities, or facilities management providers who pass on enquiry details
  • From organisations booking on behalf of group leaders (for example, sports clubs providing coach information)

4. How and why we use personal data

Personal data is used to:

  • Respond to booking enquiries
  • Process and manage community bookings
  • Carry out venue compliance, safeguarding, and due‑diligence checks
  • Ensure venues are used safely and appropriately
  • Support safeguarding, child protection, and health & safety requirements
  • Communicate with users about their bookings or accounts

Where consent has been given within a BookingsPlus account, we may also share information about relevant services or venues. Marketing preferences can be updated or withdrawn at any time.

5. Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), personal data is processed on the basis of legitimate interests.

These legitimate interests include:

  • Processing and administering venue enquiries and bookings
  • Ensuring premises are used safely and appropriately
  • Verifying that individuals supervising, teaching, or coaching are suitable to do so
  • Ensuring appropriate insurance cover is in place
  • Meeting safeguarding, child protection, and health & safety obligations

Where information relating to criminal convictions (such as DBS‑related information) is processed, this is done only where necessary for safeguarding purposes, in connection with venues used by children and/or vulnerable adults, and with suitable safeguards in place.

6. Who personal data is shared with

Personal data may be shared with:

  • The organisation operating the venue (including schools, academy trusts, local authorities, or facilities management providers)
  • Relevant on‑site staff to support safe venue operation
  • Third‑party service providers that supply systems used to manage bookings, forms, and communications

Personal data is not sold to third parties.

7. How we store and protect personal data

Personal data is stored securely using the following systems:

Email correspondence and related data may also be securely stored in Kajima Community’s Microsoft cloud environment to support business operations and continuity.

Access to personal data is restricted to authorised staff only, and appropriate technical and organisational measures are in place to protect personal information.

8. How long we keep personal data

  • Enquiry contact details are retained for up to 5 years
  • Dormant client account details, including associated documents, are retained for up to 5 years

Information provided solely for safeguarding or compliance purposes is retained only for as long as necessary and is not kept once it is no longer required.

Personal data is securely deleted through periodic automated clean‑up processes.

9. Your data protection rights

Under data protection law, individuals have the right to:

  • Access their personal data
  • Request rectification of inaccurate or incomplete data
  • Request erasure in certain circumstances
  • Request restriction of processing
  • Object to processing
  • Request data portability, where applicable

There is no charge for exercising these rights. Requests are normally responded to within one month.

Requests can be made by contacting:
Email: [email protected]
Telephone: 03330 110 476
Address: 12 Basset Court, Grange Park, Northampton, NN4 5EZ

10. How to complain

If there are concerns about how personal data is handled, a complaint can be raised with Kajima Community at:

Email: [email protected]

If concerns are not resolved, individuals may also complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113
Website: https://www.ico.org.uk