Section 1: What information do we hold?

For bookings related to Camps and Workshops:

  • Customer Full Name (as given at point of booking)

  • Customer Email Address (as given at point of booking)

  • Customer Phone Number (mandatory)

  • Child’s Name (mandatory)

  • Child’s DOB/Age (mandatory)

  • Child’s School (optional)

  • Child’s Experience Level

  • Extra Medical Info

  • Course Booked/Previous Courses Attended

For bookings related to After School Clubs:

  • Child’s Name (as provided by host school)

For bookings related to Online Learning:

  • Customer Full Name (as given at point of booking)

  • Customer Email Address (as given at point of booking)

  • Customer Phone Number (mandatory)

  • Child’s Name (mandatory)

  • Child’s DOB/Age (mandatory)

  • Child’s School (optional)

  • Child’s Experience Level

  • Course Booked

  • Location (for time-zone purposes)

1.1 Information we DO NOT hold:

  • Customer Credit Card Details (including street/billing address)

  • All payments  are processed through Stripe, a secure third party payment gateway services, encrypted using the latest technologies. You can learn more about security at Stripe here.

  • We do not have access to any of these details at any stage of customer transactions

We do not hold our customers’ IP addresses as a matter of course (as we have no use for this information); however some of the online platforms we use may record this data automatically.

Recordings of Online Classes

As of June 2020 we will be recording all online classes for the use of students who are late to classes, or have to miss classes due to any other reason.

Recordings are taken via Zoom and then uploaded by the class teacher to the class 'Padlet'. Each Padlet is only accessible by the students taking part in that specific class, the class teacher and the BlueShift team. The class teacher will then delete the video recording from their own computer, so that the only copy of the recording is on the Padlet. All members of the BlueShift team and teaching staff are DBS checked and safeguarding trained.

Recordings are deleted 7 days after a course ends, to give time for students to return to the recording if they would like to refresh their knowledge.

Section 2: What is this information used for?

The personal data we hold on file is primarily to ensure the smooth running of our camps, workshops, online learning services and after school clubs. 

We use our customers’ names, email addresses and phone numbers in order to provide essential information relating to their booking; to contact them in case of any emergency or change of plans during a camp or class; and, in the case of email, for occasional marketing communications.  

We use the personal information of the children attending our camps, workshops, and after-school clubs to, for example,  determine how best to split classes by age and experience level. We also collect and analyse anonymised data on the ages, abilities, and progression through our Creative Coding levels of our students in order to develop our future courses and lesson plans. 

When our customers book a course, workshop, or camp with us, we add their email address to our mailing list, which we use sporadically to inform customers about upcoming camps, discounts, and  sometimes coding or education-related articles and blog posts we think they might be interested in. By making a booking, we infer a customer’s consent to be contacted in relation to their order, but customers can unsubscribe from all emails  at any time by clicking the appropriate  link in the email or contacting us at

Our customers’ personal data is NEVER:

  • Sold to third parties for marketing or any other purposes

  • Shared with other organisations

  • Shared with anyone outside of blue{shift}

  • Stored exclusively “offline” or outside of secure cloud-based services (including Google Drive, Dropbox, Shopify, and Stripe)

If customers have concerns about the way blue{shift} handles or retains their personal data (or that of their children aged under 13), they have the right to file a complaint with the ICO (Information Commissioner's Office).

Section 3: How do we communicate our privacy policy?

Our privacy policy is stored in the “More info” section of our Help Centre.

Links are provided to this privacy policy in the footer of our main website, and will be linked to whenever consent is requested (see Section 5). 

We will also communicate a summary of the main points to all current users and mailing list subscribers before GDPR comes into force in May 2018.

Section 4: How/when do we delete personal data?

At present, we do not delete any of our customer data after a set period of time (though we may clear records periodically for storage reasons). If a customer wishes for their or their child’s personal data to be removed from our databases, they can get in touch with us at and we commit to removing all data at no cost. 

We are also required under GDPR to provide, on request, the data we hold for a customer in a commonly used format which we will be happy to do free of charge.

We delete recordings of online classes 7 days after a course ends.

GDPR in the UK specifies that we are required to obtain parental  consent to process data related to children under the age of 13. Therefore, we request consent to our Privacy Policy and our Terms and Conditions at the point of booking on every order. We also request consent for permission to film or photograph children while attending our camps, courses, and workshops.

This consent is recorded in our database along with all other booking details.

Section 6: Who is our designated data protection officer?

As a  company of fewer than 75 people we are not required by law to have a designated data protection officer. Any data protection and information security issues are currently handled by our Business and Operations Manager.

Did this answer your question?