Children's Privacy
ICO Children's Code compliance, student protections, and parental rights.
For Students: Your Privacy in Plain English
What we collect: Your name, date of birth, year group, the volunteering hours you log, your reflections, and any badges or certificates you earn. Your school may also share your SEND status, free school meals status, or ethnicity with us, but only if your school decides to.
Why: To track your volunteering, give you certificates, and help your school show that students are getting great opportunities.
Who sees it: You, your school staff, and the charity you volunteer with. Nobody else, unless the law says we must.
Your portable record: The volunteering hours and badges you earn stay with you. Even after you leave school, you can keep your Vinspired profile until you turn 30 and use it for UCAS, job applications, or Unifrog.
Your rights: You can ask to see your data, fix it, delete it, or get a copy. Your parent or guardian can do this too. Email us at [email protected].
ICO Children's Code Compliance
Vinspired complies with all 15 standards of the ICO's Age Appropriate Design Code for all processing where we act as a controller and the service is likely to be accessed by children.
Children's best interests are a primary consideration
We collect only what is necessary
Clear, age-appropriate language
We never use data against children's wellbeing
All settings start at the most private option
We never collect location data
We never profile children
We never push for more data
What We Collect from Students
| Data | Purpose |
|---|---|
| Name, date of birth, year group | Account creation, age verification |
| Volunteering hours, activity records | Tracking, certificates, Ofsted evidence |
| Skills self-assessments, reflections | Personal development, portable credentials |
| SEND status, FSM, ethnicity (if school instructs) | Equity analytics only |
Special Category and Sensitive Data
Special Category Data (Article 9): SEND status and ethnicity. Only processed if the school specifically instructs us. The school must identify the lawful basis.
Sensitive (enhanced protections): FSM eligibility and Young Carer status. Same access controls as Special Category Data.
In Vinspired, these are managed through Context Tags marked as sensitive. Sensitive tags are encrypted at the application level and visible only to authorised organisation admins.
Portable Credentials
When a student's school stops using Vinspired, their volunteering record, certificates, and badges can remain as portable credentials, provided the student has consented.
The portable record is controlled by Vinspired (not the school) and retained until the student turns 30 or withdraws consent.
To request deletion, email [email protected]. Data will be deleted within 30 days.
Parents and Guardians
Under 13: Parental consent is required before we process data as a controller. Consent is obtained via a school-provided form.
Ages 13-17: Students may consent themselves where they have sufficient understanding. Parents retain the right to exercise data subject rights on their child's behalf.
Parents can request access, correction, or deletion at any time by emailing [email protected].
Have a question about this?
Contact our Data Protection Lead at [email protected]