Find out about Devolution and Local Government Reorganisation

Feet First: Walking Training – privacy notice

Your personal information and Surrey County Council

Surrey County Council is committed to protecting your privacy when you use our services. Our corporate privacy notice explains in general how we use information about you and how we protect your privacy.

The Feet First: Walking Training Team uses the bespoke online booking and administration system Walking Training, which is developed by an external company Weblaunch Ltd The site is used when you register your child on a course and make a booking. Below we explain how we use your personal information.

What personal information we collect from you

As you complete a booking, we request the following information:

  • Your name
  • The name of the child for whom you are booking training for
  • Your email address
  • Information about your child’s class so they can be correctly allocated to the training
  • Information about the health of your child that you are booking on to the training that is relevant to the training
  • Any additional needs, such as SEND) that are relevant to the safe operation of the training.
  • If you are paying online at the point of booking, you will be asked to enter your bank card details after being transferred to Gov.UK Pay
  • Gender and ethnicity - a 'prefer not to say' option is included
  • Questions related to consent for physical contact between Instructors, such as ‘holding hands’ with a child necessitated for safe delivery of the training or removing a child from a dangerous situation whilst out on the road

Collection of your information

You enter your personal data to book on to your school’s allocated training.

Internet Protocol (IP) address, user agent, browser and operating system are collected automatically by the system and are viewable by system administrators.

The basis on which we collect the information

Your personal information enables us to contact you and provide the training requested.

The purposes for which your information is used

  • Name: to contact you prior to the training date with information about the training and to contact you after the training date to survey your opinion of the training.
  • Email: to contact you prior to the training date with information about the training and to contact you after the training date to survey your opinion of the training.
  • Phone number: to contact you prior to the training date with information about the training.
  • Data concerning the health and other needs of your child: to adjust the training where necessary and for the instructor to ensure any required medical aids are being carried.
  • Bank card details: to take payment for your training, or to refund you for the training.
  • Gender and ethnicity: to monitor equality of access to the service.
  • Free school meals eligibility: to discount the price of the training for children on free school meals.

Sharing of your information

The web developer has access to all information.

The consent details you entered when booking are viewable by the Walking Instructors for the course when logged in to the Walking Training online system. Instructors cannot see parental contact details or any payment or bank card details.

The consent details you entered when booking are viewable by the key contact at your child’s school who is administering the training, but only when they are logged in to the Walking Training.online system. The school contact cannot see any payment or bank card details but can see the parental contact details.

Payments are processed via Gov.UK Pay.

Where your information is stored

The personal information you share with us is stored in a database on a live server. A list of pages you visit are stored on a live server in separate log files.

No credit card, bank details or any other personal financial information are stored on our servers.

Retention of your personal information

  • Financial information (including name of person making the payment) is deleted 6 years after the order date in line with Surrey County Council Banking and credit control team privacy notice.
  • Parent name and email address is retained for 60 days after the date of training. This is to enable any follow-up, evaluation or correspondence with a parent to take place.
  • Medical and other additional needs information (not including SEND) is deleted one day after the last day of training.
  • SEND information is deleted 6 months after the last day of training. SEND information is kept longer than medical information to allow us to report aggregated, anonymised SEND data internally.
  • Child’s name is deleted 2 years after the last day of training. This is to enable us to supply a replacement certificate if requested within this period.

How information is protected against breaches

The servers are protected with two independent firewalls. All ports excepting those required for operation of a website are closed or access regulated by IP address.

All communications with the servers are encrypted to prevent man-in-the-middle attacks.

The hosting is cloud-based so there is no single physical presence, however data centres are protected by 24-hour security. The data centres are located in the UK.

How information is protected against losses

Data is backed up daily and stored securely off-site for 1 month. After one month data is destroyed.

Cloud-base hosting ensures there is no single point of hardware failure.

Did you find this information helpful?

Rating Did you find the information helpful?

We aren't able to reply to individual comments, so please don't include any personal details.