Policy

GDPR notice

Last updated: July 2026

The Foodie Explorers Club ("we", "us") is the data controller for the personal data described in this notice. We are committed to protecting the personal data of the parents and children who use our after-school cooking programme, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

The Foodie Explorers Club, by Chef Dairo Lopez. Contact: info@foodieexplores.com.

What personal data we process

  • Parent / carer: name, email, phone, billing information.
  • Child: name, year group, school, dietary and allergy information, relevant medical needs, emergency contact and named collector at pickup.
  • Booking & payment records processed via Stripe.
  • Technical data strictly needed to run the site (see our Cookie policy).

Allergy and medical information is special category data. We only process it where necessary to keep your child safe during the class.

Lawful bases

  • Contract (Article 6(1)(b)) — to fulfil your booking and provide the classes.
  • Legal obligation (Article 6(1)(c)) — safeguarding, tax and accounting records.
  • Legitimate interests (Article 6(1)(f)) — to keep our records accurate, prevent fraud, and manage waiting lists.
  • Explicit consent (Article 9(2)(a)) — for allergy, dietary and medical information about your child.

Who we share data with

  • The host school's designated safeguarding lead, where safeguarding requires it.
  • Chef Dairo Lopez and any DBS-checked assistant delivering the class your child attends.
  • Stripe — payment processing (privacy policy).
  • Our hosting and email delivery providers, acting as processors under written contracts.

We never sell your data or share it for marketing.

International transfers

Some of our processors (for example Stripe) may transfer data outside the UK. Where they do, they rely on UK-approved safeguards such as the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

How long we keep it

  • Booking, safeguarding and allergy records: 3 years after the end of the term.
  • Financial records: 6 years, to meet HMRC requirements.
  • Account data: until you close your account, then deleted within 30 days.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you or your child.
  • Ask us to correct inaccurate data.
  • Ask us to delete data (subject to legal retention obligations).
  • Restrict or object to certain processing.
  • Withdraw any consent you have given, at any time.
  • Request a copy of your data in a portable format.

To exercise any of these rights, email info@foodieexplores.com. We will respond within one month.

Children's data

We only process children's data with the consent of a parent or carer, and only for the purposes of delivering the class safely and communicating with you about your booking. We do not send marketing to children.

Data security

Data is stored on UK/EU cloud infrastructure with encryption in transit (HTTPS/TLS) and at rest. Access is restricted to Chef Dairo and authorised staff on a need-to-know basis.

Complaints

If you are unhappy with how we handle your data, please contact us first so we can put it right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.