GDPR and privacy


The Safeguarding and Child Protection Association (Sacpa) is a United Kingdom-based association, serving and representing a broad range of stakeholders from within education, health, charity, voluntary, sport and local services.

We take our responsibility as a data controller seriously and are committed to using the personal data we hold in accordance with the law.

This privacy notice provides detailed information about how we process personal data. Please read it carefully and, if you have questions regarding your personal data or its use, please contact Sacpa via by telephone on +44 (0)203 963 2733, or by post at 60 St Martin’s Lane, Covent Garden, London, WC2N 4JS.


Sacpa processes personal data about prospective, current and past member and non-member organisations and individuals; staff and volunteers within these organisations; Sacpa staff; training providers/contractors; information about individuals provided to us by organisations and individuals connected to members organisations.

The personal data we process takes different forms – it may be factual information, expressions of opinion, images or other recorded information that identifies or relates to a living individual. Examples include:

  • Names, addresses, telephone numbers, email addresses and other contact details
  • Images, audio and video recordings
  • Financial information (bank details)
  • Courses, meetings or events attended.

As an employer, Sacpa needs to process criminal records information about individuals, particularly staff and contractors. We do so in accordance with applicable law, including with respect to safeguarding or employment, or by explicit consent.


Sacpa collects most of the personal data it processes directly from members (in some cases directly from staff members and volunteers). We also collect data from third parties (working references, professionals or authorities) or from publicly available resources.

Personal data held by Sacpa is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, include secure use of technology and devices and access to our online systems. We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.

Some of our systems are provided by third parties, such as Microsoft Office suite and cloud storage, the Sacpa website, Sacpa newsletter and mailings, and independent cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.

Sacpa does not share or sell personal data with other organisations outside of the BSA Group.


Sacpa processes personal data to support its function of championing excellence in safeguarding and child protection in the UK and internationally.

  • Names, email addresses, phone numbers and addresses of key contacts of member organisations for membership changes, updates and payments
  • Names, email addresses, phone numbers and addresses (where shared) of attendees of events and training (both current and previous) to provide information on similar training or events
  • Email addresses of contacts within member organisations for Sacpa newsletter (opt-out option for this is always available)
  • Staff administration (including recruitment and contractors) for payroll, pensions, sick leave, annual leave, review and appraisals of performance, grievance conduct, capability or disciplinary procedures, providing references
  • Use of images supplied by member organisations for the promotion of Sacpa on the Sacpa website, social media, print content and presentations
  • Contact details for organisations and associations that work in conjunction with Sacpa across all sectors relating to safeguarding and child protection
  • Names, email addresses, phone numbers, addresses where shared) and dietary requirements of individuals who have booked on to Sacpa training programmes and events in order to register, share information relating to the event(s), share resources, keep a record of attendance and cater to individual dietary/special needs
  • Names, email addresses, phone numbers, addresses where shared) of individuals who have booked on to Sacpa training programmes and events in order to update/share information on future events that may be of interest
  • Sharing of social media posts from member organisations through Sacpa networks (retweeting, sharing).

The processing set out above is carried out to fulfil our legal obligations (including staff employment contracts).


Sacpa retains personal data only for legitimate and lawful reasons and only for so long as necessary and/or required by law. Staff records are retained for seven years for purposes of providing references if requested.

Details of staff from membership organisations are updated yearly/as requested. Staff who have left their organisation/association are removed from our contact list when notified, unless they request to continue to receive information.


Under Data Protection Law, you have the right to access and understand the personal data held about you, and in some cases, to ask for it to be erased or amended, or for us to stop processing it; subject to certain exemptions and limitations.

You always have the right to withdraw consent, or otherwise object, to receiving generic communications. Please be aware however that Sacpa may have another lawful reason to process the personal data in question, even without your consent. This usually relates to staff records (time worked with Sacpa, HR purposes and reference requests).

If you would like to access or amend your personal data; would like it to be transferred to another person or organisation; or have some other objection to how your personal data is used, please make your request in writing to:

The Director, Sacpa, 60 St Martin’s Lane, Covent Garden, London, WC2N 4JS.

We will respond to any such written requests within a reasonable timeframe and within statutory time-limits, which is one month in the case of requests for access to information. We will be able to respond quickly to targeted requests for information. If the request is manifestly excessive or similar to previous requests, we may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows.

You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege. We are also not required to disclose any confidential reference given by Sacpa for the purposes of the education, training or employment of any individual.


Sacpa tries to ensure that all personal data is held in relation to an individual is as up to date and accurate as possible. Please notify of any changes to information such as contact details.


Our privacy notice should be read in conjunction with our other policies and terms and conditions which make reference to personal data.

Sacpa will update this Privacy Notice when required. Any substantial changes that affect how we process your personal data will be notified on our website, and to you directly as far as practicable.

If you feel we have not complied with this policy or have acted otherwise than in accordance with Data Protection Law, you should notify the Director. You can also make a referral to, or lodge a complaint, with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us before involving them.