Privacy Policy
Last updated: 23 December 2025
The Art Loft CIC (“we”, “us”, “our”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use and protect personal data when you interact with us, including through our website, booking systems, classes and events.
1. Who We Are
The Art Loft CIC
Website: www.theartloft.uk
Email: contact@theartloft.uk
We are the data controller responsible for your personal data.
2. What Personal Data We Collect
We may collect and process the following information:
Parents / Guardians
-
Name
-
Email address
-
Phone number
-
Billing information
-
Emergency contact details
Children
-
Child’s name
-
Age / date of birth
-
Medical information, allergies, SEN or additional needs (only where relevant and provided by you)
Website & Booking Data
-
Booking and attendance records
-
Communication history
-
Website usage data (via cookies – see Section 10)
3. How We Collect Data
We collect data when you:
-
book a class, workshop or party
-
complete a form on our website
-
contact us by email or phone
-
give consent for photography or media
-
attend sessions at The Art Loft
4. How We Use Your Data
We use personal data to:
-
manage bookings, payments and attendance
-
communicate important information about classes and events
-
ensure safeguarding, health and safety
-
respond to enquiries
-
improve our services
-
share marketing communications only where consent has been given
We do not sell or rent your data to third parties.
5. Legal Basis for Processing
Under UK GDPR, we process data on the basis of:
-
Contract – to deliver booked services
-
Legal obligation – safeguarding and record keeping
-
Legitimate interest – running our studio safely and efficiently
-
Consent – photography, marketing communications
You may withdraw consent at any time.
6. Photography & Media
-
We may take photos or videos during sessions for marketing or documentation.
-
Images are only used with explicit parental consent.
-
Children’s names are never published alongside images.
-
Consent can be withdrawn at any time by emailing us.
7. Data Sharing
We only share personal data where necessary, such as:
-
secure booking and payment providers
-
IT and website service providers
-
legal or regulatory authorities where required
All third parties are required to handle data securely and lawfully.
8. Data Storage & Security
-
Data is stored securely using password-protected systems.
-
Access is limited to authorised staff only.
-
We take appropriate technical and organisational measures to prevent unauthorised access, loss or misuse.
9. How Long We Keep Data
-
Booking and attendance records are kept for operational and legal purposes.
-
Safeguarding-related data is retained only as long as necessary.
-
Marketing data is retained until consent is withdrawn.
10. Cookies & Website Analytics
Our website may use cookies to:
-
improve functionality
-
understand website usage
-
enhance user experience
You can manage or disable cookies through your browser settings.
11. Your Rights
Under UK GDPR, you have the right to:
-
access your personal data
-
request correction of inaccurate data
-
request deletion of data (where applicable)
-
restrict or object to processing
-
withdraw consent
-
lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise any of these rights, please contact us.
12. Children’s Data
We take children’s privacy extremely seriously.
-
We only collect data necessary to deliver our services safely.
-
All children’s data is provided by parents or guardians.
-
Data is handled with enhanced care and confidentiality.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Any changes will be posted on our website.
14. Contact Us
If you have any questions about this policy or how your data is handled, please contact: