Visit Header

Privacy & Cookies


The following Privacy Policy advises how Hampstead School of Art collects, uses and protects information provided by you, over the phone or via this website. This policy is in effect from 27 April 2018 and will be updated accordingly should any changes take effect. Please refer to this page for any future changes to the policies.

What we collect from you
Hampstead School of Art is dedicated to protecting any information you give us in line with Data Protection, this will include:

Your name 
Any medical condition you have declared 
Your contact information including phone number and/or email address
Your home address and postcode
Your art course you have registered with.

The art school does not collect information not relevant to your learning or enrolment.

What happens with your information once we have it
Any information you give us on registration is used to provide the best possible service and ensure that your experience with us here at Hampstead School of Art is efficient. We aim to:
Maintain accurate records.
Keep you informed with information relevant to you, via email or over the phone. (E.g. If your class is to be displaced to another date due to falling on a Bank holiday or we need to update your child’s registration form)
We will occasionally send you newsletters via email regarding special events or new classes, you have the option to opt out of this. Upon enrolment we will ask if you wish to receive such correspondence from us, in line with the Data Protection Policy.

How the information is collected
Information is collected when you first enrol with the art school, this is entered you into our database. You can call on 020 7794 1439 or email us at at any time should you wish to update any contact details or other information you deem important for us to know, such as a health condition. 

These are small pieces of data that ask permission of you, the user, to be stored onto the computer by a web browser. Cookies remember information about the user such as their details which aids them in creating a swift log in process and previously viewed pages on the website. 
Cookies help us to tailor our website to your needs. Should you wish to disable cookies, you can adjust your browser settings accordingly.

First Party Cookies
While using our website, the following cookies may be placed on your computer:

Cookie names:
These cookies are for Google Analytics.

We use Google Analytics to help us understand how our website is used by visitors. We evaluate and report, and use this information to make improvements to the website.
Google Analytics is a service provided by Google, Inc. Google Analytics is widely used across the web and all data is anonymised meaning the cookies carry no personally identifiable information.

For more information on Google Analytics cookies please see:

Cookie name:

We use Craft CMS to power our website. Craft cookies are used to track a user's recent activity, last visit and general site movements. Like the Google Analytics cookies, these contain no personally identifiable information.
Cookie Name:
We use stripe to take payments. Stripe is an industry standard for taking payments. 
Find out more about their cookies and how they deal with you data here:
Declining First Party cookies will have an impact on the performance of our site; 

Third Party Cookies
In addition to the above cookies, the following sites may set their own cookies whilst browsing our site.


These cookies will generally only be set if you are signed in to (or have been signed into) a matching account and are generally linked to the use of the Social Media buttons on our site and many others throughout the web.  The use of these cookies is likely to have been detailed in each of these sites' Terms and Conditions or Privacy Policies. Please see links below for further details:

Facebook Privacy Policy
Twitter Privacy Policy

Declining Third Party cookies will have little to no impact on the performance of our site; 

Although we believe that cookies pose little threat to your privacy, we understand that you may still want to turn them off. Whilst we would encourage you to keep our first party cookies enabled (so that we can make your on-site experience better), the following links provide guidance on how to manage cookie permissions through your browser's settings. This includes instructions on how to delete existing cookies and block them from being set in the future:

Firefox: Enable and disable cookies that websites use to track your preferences

Safari: Managing Cookies

Google Chrome: Manage cookies

Opera: Security & Privacy in Opera

Internet Explorer: How to manage cookies in Internet Explorer 9,
How to delete cookie files in Internet Explorer
More information about cookies, including how to block them or delete them, can be found at

Our school Data Protection Policy is detailed below and is available in hard copy form from the art school office.


General Data Protection Regulation

Our Commitment:

HSoA is committed to the protection of all personal and sensitive data for which it holds responsibility as the Data Controller and the handling of such data in line with the data protection principles and the Data Protection Act (DPA).

Changes to data protection legislation (GDPR May 2018) shall be monitored and implemented in order to remain compliant with all requirements.

The legal bases for processing data are as follows –

(a) Consent: the member of staff/student/parent has given clear consent for the school to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for the member of staff’s employment contract or student placement contract.

(c) Legal obligation: the processing is necessary for the school to comply with the law (not including contractual obligations)

The members of staff responsible for data protection are mainly Isabel Langtry(Principal) and Anat Sherman (School Administrator/office manager). However all staff must treat all student information in a confidential manner and follow the guidelines as set out in this document.

The school is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them through Educare online training service.

The requirements of this policy are mandatory for all staff employed by the school and any third party contracted to provide services within the school.

Changes to the type of data processing activities being undertaken shall be notified to the ICO and details amended in the register.

Breaches of personal or sensitive data shall be notified within 72 hours to the individual(s) concerned and the ICO.

Personal and Sensitive Data:

All data within the school’s control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates.

The definitions of personal and sensitive data shall be as those published by the ICO for guidance: definitions/

The principles of the Data Protection Act shall be applied to all data processed:

  • ensure that data is fairly and lawfully processed
  • process data only for limited purposes
  • ensure that all data processed is adequate, relevant and not excessive
  • ensure that data processed is accurate
  • not keep data longer than is necessary
  • process the data in accordance with the data subject's rights
  • ensure that data is secure
  • ensure that data is not transferred to other countries without adequate protection.

Fair Processing / Privacy Notice:

We shall be transparent about the intended processing of data and communicate these intentions via notification to staff, parents and pupils prior to the processing of individual’s data.

Notifications shall be in accordance with ICO guidance and, where relevant, be written in a form understandable by those defined as ‘Children’ under the legislation. transparency-and-control/

There may be circumstances where the school is required either by law or in the best interests of our students or staff to pass information onto external authorities, for example local authorities, Ofsted, or the department of health. These authorities are up to date with data protection law and have their own policies relating to the protection of any data that they receive or collect.

The intention to share data relating to individuals to an organisation outside of our school shall be clearly defined within notifications and details of the basis for sharing given. Data will be shared with external parties in circumstances where it is a legal requirement to provide such information.

Any proposed change to the processing of individual’s data shall first be notified to them. Under no circumstances will the school disclose information or data:

  • that would cause serious harm to the child or anyone else’s physical or mental health or condition
  • indicating that the child is or has been subject to child abuse or may be at risk of it, where the disclosure would not be in the best interests of the child
  • recorded by the pupil in an examination that would allow another person to be identified or identifies another person as the source, unless the person is an employee of the school or a local authority or has given consent, or it is reasonable in the circumstances to disclose the information without consent. The exemption from disclosure does not apply if the information can be edited so that the person’s name or identifying details are removed
  • in the form of a reference given to another school or any other place of education and training, the child’s potential employer, or any national body concerned with student admissions.

Data Security:

In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.

Risk and impact assessments shall be conducted in accordance with guidance given by the ICO: impact-assessments-code-published/

Security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and reporting of their performance.

The security arrangements of any organisation with which data is shared shall also be considered and where required these organisations shall provide evidence of the competence in the security of shared data.

Data Access Requests (Subject Access Requests):

All individuals whose data is held by us, has a legal right to request access to such data or information about what is held. We shall respond to such requests within one month and they should be made in writing to:

Isabel Langtry Principal Hampstead School of Art


No charge will be applied to process the request.

Personal data about pupils will not be disclosed to third parties without the consent of the child’s parent or carer, unless it is obliged by law or in the best interest of the child. Data may be disclosed to the following third parties without consent:

• Other schools If a pupil transfers from HSoA to another school, their academic records and other data that relates to their health and welfare will be forwarded onto the new school. This will support a smooth transition from one school to the next and ensure that the child is provided for as is necessary. It will aid continuation which should ensure that there is minimal impact on the child’s academic progress as a result of the move.

  • Examination authorities This may be for registration purposes, to allow the pupils at our school to sit examinations set by external exam bodies.
  • Health authorities As obliged under health legislation, the school may pass on information regarding the health of children in the school to monitor and avoid the spread of contagious diseases in the interest of public health.
  • Police and courts If a situation arises where a criminal investigation is being carried out we may have to forward information on to the police to aid their investigation. We will pass information onto courts as and when it is ordered.
  • Social workers and support agencies In order to protect or maintain the welfare of our pupils, and in cases of child abuse, it may be necessary to pass personal data on to social workers or support agencies.
  • Educational division Schools may be required to pass data on in order to help the government to monitor the national educational system and enforce laws relating to education.
  • Right to be Forgotten: Where any personal data is no longer required for its original purpose, an individual can demand that the processing is stopped and all their personal data is erased by the school including any data held by contracted processors.

Photographs and Video:

Images of staff and pupils may be captured at appropriate times and as part of educational activities for use in school only.

Unless prior consent from parents/pupils/staff has been given, the school shall not utilise such images for publication or communication to external sources.

It is the school’s policy that external parties (including parents) may not capture images of staff or pupils during such activities without prior consent.

Location of information and data:

Hard copy data, records, and personal information are stored out of sight and in a locked cupboard. The only exception to this is medical information that may require immediate access during the school day. This will be stored with the school medical coordinator. Sensitive or personal information and data should not be removed from the school site, however the school acknowledges that some staff may need to transport data between the school and their home in order to access it for work in the evenings and at weekends. This may also apply in cases where staff have offsite meetings, or are on school visits with pupils.

The following guidelines are in place for staff in order to reduce the risk of personal data being compromised:

  • Paper copies of data or personal information should not be taken off the school site. If these are misplaced they are easily accessed. If there is no way to avoid taking a paper copy of data off the school site, the information should not be on view in public places, or left unattended under any circumstances.
  • Unwanted paper copies of data, sensitive information or pupil files should be shredded. This also applies to handwritten notes if the notes reference any other staff member or pupil by name.
  • Care must be taken to ensure that printouts of any personal or sensitive information are not left in printer trays or photocopiers.
  • If information is being viewed on a PC, staff must ensure that the window and documents are properly shut down before leaving the computer unattended. Sensitive information should not be viewed on public computers.
  • If it is necessary to transport data away from the school, it should be downloaded onto a USB stick. The data should not be transferred from this stick onto any home or public computers. Work should be edited from the USB, and saved onto the USB only.
  • USB sticks that staff use must be password protected.

These guidelines are clearly communicated to all school staff, and any person who is found to be intentionally breaching this conduct will be disciplined in line with the seriousness of their misconduct.

Data Disposal:

The school recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk.

All data held in any form of media (paper, tape, electronic) shall only be passed to a disposal partner with demonstrable competence in providing secure disposal services.

All data shall be destroyed or eradicated to agreed levels meeting recognised national standards, with confirmation at completion of the disposal process.

Disposal of IT assets holding data shall be in compliance with ICO guidance: organisations/documents/1570/it_asset_disposal_for_organisations.pdf

The school uses Shred-it to dispose of sensitive data that is no longer required.

HSoA Safeguarding (Child Protection) Policy

HSoA is committed to building a ‘culture of safety’ in which the children in our are protected from abuse, harm and radicalisation.

HSoA will respond promptly and appropriately to all incidents or concerns regarding the safety of a child that may occur. The child protection procedures comply with all relevant legislation and with guidance issued by Camden Safeguarding Children Board (CSCB).

There is a Child Protection Officer (CPO) available at all times while children’s art classes are on.

These are twice a week for 2 hours each and on Saturdays and Sundays during term time.

The CPO coordinates child protection issues and liaises with external agencies where relevant.

The Art School’s designated CPO is Anat Sherman and Isabel Langtry

Child abuse and neglect

Child abuse is any form of physical, emotional or sexual mistreatment or lack of care that leads to injury or harm. An individual may abuse or neglect a child directly, or by failing to protect them from harm. Some forms of child abuse and neglect are listed below.

  • ·  Emotional abuse is the persistent emotional maltreatment of a child so as to cause severe and persistent adverse effects on the child’s emotional development. It may involve making the child feel that they are worthless, unloved, or inadequate. Some level of emotional abuse is involved in all types of maltreatment of a child, though it may occur alone.
  • ·  Physical abuse can involve hitting, shaking, throwing, poisoning, burning, drowning, suffocating or otherwise causing physical harm to a child. Physical harm may be also caused when a parent or carer feigns the symptoms of, or deliberately causes, ill health to a child.
  • ·  Sexual abuse involves forcing or enticing a child to take part in sexual activities, whether or not the child is aware of what is happening. This can involve physical contact, or non-contact activities such as showing children sexual activities or encouraging them to behave in sexually inappropriate ways.
  • ·  Neglect is the persistent failure to meet a child’s basic physical and emotional needs. It can involve a failure to provide adequate food, clothing and shelter, to protect a child from physical and emotional harm, to ensure adequate supervision or to allow access to medical treatment.

Signs of child abuse and neglect

Signs of possible abuse and neglect may include:

    • ·  significant changes in a child's behaviour
    • ·  deterioration in a child’ s general well-being
    • ·  unexplained bruising or marks
    • ·  comments made by a child which give cause for concern
    • ·  reasons to suspect neglect or abuse outside the setting, eg in the child’s home, or that a girl may have been subjected to (or is at risk of) female genital mutilation and/or
    • ·  inappropriate behaviour displayed by a member of staff, or any other person. For example, inappropriate sexual comments, excessive one-to-one attention beyond the requirements of their role, or inappropriate sharing of images.

If abuse is suspected or disclosed

When a child makes a disclosure to a member of staff, that member of staff will:

      • ·  reassure the child that they were not to blame and were right to speak out
      • ·  listen to the child but not question them
      • ·  give reassurance that the staff member will take action
      • ·  record the incident as soon as possible (see Logging an incident below).

If a member of staff witnesses or suspects abuse, they will record the matter straightaway using the Logging a concern form. If a third party expresses concern that a child is being abused, we will -

encourage them to contact Social Care directly. If they will not do so, we will explain that HSoA is obliged to and the incident will be logged accordingly.

Peer-on-peer abuse

Children are vulnerable to abuse by their peers. Peer-on-peer abuse is taken seriously by staff and will be subject to the same child protection procedures as other forms of abuse. Staff are aware of the potential uses of information technology for bullying and abusive behaviour between young people.

Staff will not dismiss abusive behaviour as normal between young people. The presence of one or more of the following in relationships between children should always trigger concern about the possibility of peer-on-peer abuse:

  • ·  Sexual activity (in primary school-aged children) of any kind, including sexting
  • ·  One of the children is significantly more dominant than the other (eg much older)
  • ·  One of the children is significantly more vulnerable than the other (eg in terms of disability, confidence, physical strength)
  • ·  There has been some use of threats, bribes or coercion to ensure compliance or secrecy. If peer-on-peer abuse is suspected or disclosed We will follow the same procedures as set out above for responding to child abuse.

Extremism and radicalisation

All childcare settings have a legal duty to protect children from the risk of radicalisation and being drawn into extremism. There are many reasons why a child might be vulnerable to radicalisation, eg:

  • ·  feeling alienated or alone
  • ·  seeking a sense of identity or individuality
  • ·  suffering from mental health issues such as depression
  • ·  desire for adventure or wanting to be part of a larger cause
  • ·  associating with others who hold extremist beliefs

Signs of radicalisation

Signs that a child might be at risk of radicalisation include:

  • ·  changes in behaviour, for example becoming withdrawn or aggressive
  • ·  claiming that terrorist attacks and violence are justified
  • ·  viewing violent extremist material online
  • ·  possessing or sharing violent extremist material

If a member of staff suspects that a child is at risk of becoming radicalised, they will record any relevant information or observations on a Logging a concern form, and refer the matter to the CPO.

Logging a concern

All information about the suspected abuse or disclosure, or concern about radicalisation, will be recorded on the Logging a concern form as soon as possible after the event. The record should include:

    • ·  date of the disclosure, or the incident, or the observation causing concern
    • ·  date and time at which the record was made
    • ·  name and date of birth of the child involved
    • ·  a factual report of what happened. If recording a disclosure, you must use the child’s own words
    • ·  name, signature and job title of the person making the record.

The record will be given to HsoA CPO who will decide on the appropriate course of action.

For concerns about child abuse, the CPO will contact Social Care. The CPO will follow up all referrals to Social Care in writing within 48 hours. If a member of staff thinks that the incident has not been dealt with properly, they may contact Social Care directly.

For minor concerns regarding radicalisation, the CPO will contact the Local Safeguarding Children Board (CSCB) or Local Authority Prevent Co-ordinator. For more serious concerns the CPO will contact the Police on the non-emergency number (101), or the anti-terrorist hotline on 0800 789 321. For urgent concerns the CPO will contact the Police using 999.

Allegations against staff

If anyone makes an allegation of child abuse against a member of staff:

  • ·  The allegation will be recorded on an Incident record form. Any witnesses to the incident should sign and date the entry to confirm it.
  • ·  The allegation must be reported to the Local Authority Designated Officer (LADO). The LADO will advise if other agencies (eg police) should be informed, and HSoA will act upon their advice. Any telephone reports to the LADO will be followed up in writing within 48 hours.
  • ·  Following advice from the LADO, it may be necessary to suspend the member of staff pending full investigation of the allegation.
  • ·  If appropriate HSoA will make a referral to the Disclosure and Barring Service.

Promoting awareness among staff

HSoA promotes awareness of child abuse and the risk of radicalisation through its staff training. HSoA ensures that:

    • ·  the designated CPO has relevant experience and receives appropriate training in safeguarding and the Prevent Duty, and is aware of the Channel Programme and how to access it
    • ·  designated person training is refreshed every three years
    •  ·  safe recruitment practices are followed for all new staff
    • ·  all staff have a copy of this Safeguarding (Child Protection) policy, understand its contents and are vigilant to signs of abuse, neglect or radicalisation
    • ·  all staff are aware of their statutory duties with regard to the disclosure or discovery of child abuse, and concerns about radicalisation
    • ·  all staff receive basic safeguarding training, and safeguarding is a permanent agenda item at all staff meetings
    • ·  relevant staff receive basic training in the Prevent Duty
    • ·  staff are familiar with the Safeguarding File which is kept in the art school office
    • ·  HSoA procedures are in line with the guidance in ‘Working Together to Safeguard Children

(2015)’ and staff are familiar with ‘What To Do If You’re Worried A Child Is Being Abused (2015)’.

Use of mobile phones and cameras

Photographs will only be taken of children with their parents’ permission, except with the express permission of the manager. Neither staff nor children nor visitors may use their mobile phones to take photographs at the Art School.

Contact numbers

Camden Childrens Services:  020 7974 3317 (out of hours: 020 7974 4444). 

Police: 101 (non-emergency) or 999 (emergency) Anti-terrorist hotline: 0800 789 321 NSPCC: 0808 800 500


This policy was adopted by HSoA  

Date: August 2017

To be reviewed: August 2020

Signed: Isabel h Langtry