Section 1: What information do we hold?

For bookings related to Camps and Workshops:

  • Customer Full Name (as given at point of booking)
  • Customer Email Address (as given at point of booking)
  • Customer Phone Number (mandatory)
  • Child’s Name (mandatory)
  • Child’s DOB/Age (mandatory)
  • Child’s School (optional)
  • Child’s Experience Level
  • Extra Medical Info
  • Course Booked/Previous Courses Attended

For bookings related to After School Clubs:

  • Child’s Name (as provided by host school)

1.1 Information we DO NOT hold:

  • Customer Credit Card Details (including street/billing address)
  • All payments  are processed through Stripe, a secure third party payment gateway services, encrypted using the latest technologies. You can learn more about security at Stripe here.
  • We do not have access to any of these details at any stage of customer transactions

We do not hold our customers’ IP addresses as a matter of course (as we have no use for this information); however some of the online platforms we use may record this data automatically.

Section 2: What is this information used for?

The personal data we hold on file is primarily to ensure the smooth running of our camps, workshops, and after school clubs. 

We use our customers’ names, email addresses and phone numbers in order to provide essential information relating to their booking; to contact them in case of any emergency or change of plans during a camp or class; and, in the case of email, for occasional marketing communications.  

We use the personal information of the children attending our camps, workshops, and after-school clubs to, for example,  determine how best to split classes by age and experience level. We also collect and analyse anonymised data on the ages, abilities, and progression through our Creative Coding levels of our students in order to develop our future courses and lesson plans. 

When our customers book a course, workshop, or camp with us, we add their email address to our mailing list, which we use sporadically to inform customers about upcoming camps, discounts, and  sometimes coding or education-related articles and blog posts we think they might be interested in. By making a booking, we infer a customer’s consent to be contacted in relation to their order, but customers can unsubscribe from all emails  at any time by clicking the appropriate  link in the email or contacting us at

Our customers’ personal data is NEVER:

  • Sold to third parties for marketing or any other purposes
  • Shared with other organisations
  • Shared with anyone outside of blue{shift}
  • Stored exclusively “offline” or outside of secure cloud-based services (including Google Drive, Dropbox, Shopify, and Stripe)

If customers have concerns about the way blue{shift} handles or retains their personal data (or that of their children aged under 13), they have the right to file a complaint with the ICO (Information Commissioner's Office).

Section 3: How do we communicate our privacy policy?

Our privacy policy is stored in the “More info” section of our Help Centre.

Links are provided to this privacy policy in the footer of our main website, and will be linked to whenever consent is requested (see Section 5). 

We will also communicate a summary of the main points to all current users and mailing list subscribers before GDPR comes into force in May 2018.

Section 4: How/when do we delete personal data?

At present, we do not delete any of our data after a set period of time (though we may clear records periodically for storage reasons). If a customer wishes for their or their child’s personal data to be removed from our databases, they can get in touch with us at and we commit to removing all data at no cost. 

We are also required under GDPR to provide, on request, the data we hold for a customer in a commonly used format which we will be happy to do free of charge.

Section 5: How do we seek, record, and manage consent (particularly parental consent)?

GDPR in the UK specifies that we are required to obtain parental  consent to process data related to children under the age of 13. Therefore, we  request consent to our Privacy Policy and our Terms and Conditions at the point of booking on every order.  We also request consent for permission to film or photograph children while attending our camps, courses, and workshops.

This consent is recorded in our database along with all other booking details.

Section 6: Who is our designated data protection officer?

As a  company of fewer than 75 people we are not required by law to have a designated data protection officer. Any data protection and information security issues are currently handled by our Business and Operations Manager.

Did this answer your question?