Children in Entertainment and Employment privacy notice
We keep this privacy notice under regular review and was last updated in August 2021.
This notice explains what personal data (information) we hold about you, how we collect, how we use and may share information about you. We are required to give you this information under data protection law.
Who we are
Kent County Council (KCC) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Benjamin Watts.
The Children in Entertainment and Employment team operates the statutory processes that govern the approval and issuing of individual Performance Licences or Body of Persons Approvals and exemptions for Children in Entertainment and Child Employment Work Permits, and Chaperone Licences to support, safeguard and oversee these performances and activities. They also provide training for chaperones, and conduct Employment Visits and inspections during events to ensure compliance.
Personal information we collect and use
Information collected by us
In the course of providing individual or body of persons entertainment or employment licences, or work permits, we collect the following personal information when you provide it to us:
- personal information (such as name, address, contact details, date of birth and gender)
- information on school attended
- special category information (such as the child’s fitness, health and medical conditions) required to make an informed decision about licences for Performances
- reason why you require an entertainment or employment licence, and when and where the entertainment or employment will be taking place
- details of the organisation for whom you will be performing or working
In the course of providing chaperone licences we collect the following personal information when you provide it to us:
- personal information (such as name, address, contact details, date of birth and gender)
- names and contact details of personal references
- proof of ID to support the DBS process
- reason why you require a chaperone licence, and when and where you will be chaperoning
We also obtain personal information from other sources as follows:
- DBS checks for chaperone licences
- personal references for chaperone licences
How we use your personal information
We use your personal information to:
- process licence applications and assess suitability to become licenced
- issue licences or work permits
- provide training
- conduct inspections as part of our statutory duty to Inspect
- monitor the compliance of organisations working with children for entertainment or employment purposes, to safeguard children
- assess and evaluate our services
How long your personal data will be kept
We will hold your personal information securely and retain it in line with the retention periods shown below, after which the information is made inaccessible to system users or securely destroyed.
| Category | Retention period |
|---|---|
| Work permits | End of permit + 12 years |
| Entertainment licences granted | Date of birth + 25 years |
| Entertainment licences refused | Destroy once the licence has been refused |
| Investigation of Child Employment illegalities files | Last contact with employer + 12 years |
| Inspections of places of entertainment | Date of inspection + 6 years |
| Body of Persons Approvals (BOPAs) | End of certificate expiry date + 6 years |
| Notifications of childrens' details for inspection purposes and monitoring performances of child | Date of notification +1 year |
| Applications to be a chaperone (granted or refused) | Last contact + 10 years |
| Exemptions | Date of notification + 1 year |
Reasons we can collect and use your personal information
We collect and use your personal information to carry out tasks to comply with our legal obligations. We rely on the following legal bases under UK GDPR:
- Article (6)(1)(c) - Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
When we collect or share special category personal data, we rely upon the following legal bases under UK GDPR:
- Article 9(2)(g) - Reasons of substantial public interest. We rely on the ‘safeguarding of children and of individuals at risk’ and ‘equality of opportunity or treatment’ purposes condition from Schedule 1 of the Data Protection Act 2018 when relying on Article 9(2)(g) to process your special category data.
- Article 9(2)(f) - Legal claims or judicial acts: processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
These legal bases are underpinned by acts of legislation that dictate what actions can and should be taken by local authorities, including:
- The Children and Young Persons Act 1933 and 1963
- The Employment of Women, Young Persons and children Act 1920
- The Children (Performances and Activities Regulations (England) 2014
- The County of Kent Act 1981
- The Management of Health and Safety At Work 1992
- The Children Act 198 and The Education Act 1996.
Who we share your personal information with
- Chaperone information such as name, chaperone number and expiry date and Local Authority to which they are registered is shared with production companies and other Local Authorities
- Children’s Performance Licence information (including name, DOB, parents names and name of school and photo of child) is sent to the applicant of the licence, parent, school and the Local Authority where the performance is taking place
- We only share children’s information (name, DOB, postcode, LA where the child resides and district) as part of BOPAs if the child resides out of Kent and this is requested by their Local Authority
- Work permits are sent to the employer, parent and school only. This includes name, DOB, home address, school and year group
- Inspection reports are shared with the Local Authority where the child/children reside and the applicant responsible for the production only. Under a Performance Licence this will include name of child and DOB and Local Authority that issued the Performance Licence and details of chaperones (their name, Issuing authority and expiry date). Under a BOPA we do not share details of children just chaperones unless there are children who reside out of Kent performing and their Local Authority request the information.
We will share personal information with law enforcement or other authorities if required to do so by applicable law.
Your rights
Under UK GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioner's Office
- withdraw consent at any time (if applicable)
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you
- have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the Information Commissioner's' Office on individuals’ rights under UK GDPR.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who to contact
Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk, or write to: Data Protection Officer, Sessions House, Maidstone, Kent ME14 1XQ.
UK GDPR also gives you right to lodge a complaint with the Information Commissioner, who may be contacted via the Information Commissioner's website or call 03031 231113.