Skip to the content
24-hour Referral Line: 0800 304 7244
24-hour Referral Line: 0800 304 7244

Privacy Notices

Privacy policy

Privacy notices for the Witherslack Group

This notice is intended to provide information about how The Witherslack Group will use (or "process") personal data about individuals including:

This Privacy Policy applies alongside any other information our sites’ (Schools and/or Children’s Homes) may provide about a particular use of personal data, for example when collecting data via an online or paper form or when signing in as visitors. Recruitment and job applicant privacy notices are available on the Networx site where the data is manged (our recruitment partner). A staff privacy notice and young person privacy notice (including a child friendly version) is available on the Witherslack group Intranet.

This Privacy Policy also applies in addition to our sites’ (Schools and/or Children’s Homes) other relevant terms and conditions and policies, including:

  • Data Retention Policy
  • Child Protection and Safeguarding Policies
  • Health and Safety Policy
  • Data Protection policy including, Bring Your Own Device (BYOD)
  • Cookie Policy (see on-line cookie policy on Witherslack Group website)
  • Safeguarding, pastoral, or health and safety policies, including as to how concerns or incidents are recorded; and
  • IT policies, including its E-Safety Policy, Acceptable Use Policies.

Contact/Web Privacy Notice – How we use your information

This document is split into the following headings-

Who are we 

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office (ICO)  in England Company No: Z3410582.  For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional, and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use your information

We lawfully process your information in accordance with current Data Protection legislation (UK) General Data Protection regulation (GDPR) Article 6 (1) (a) (c) (f ). This means We may process your personal data with your consent, as required in law, as part of a contract or for Our legitimate business interests. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best services and products in the most secure way. Our aims when doing this are.

  • to ensure that content from Our site is presented in the most effective manner for you and for your computer,
  • to provide you with information about Our services or offers that you request from Us or which we feel may interest you, where you have consented to be contacted for such purposes,
  • to contact you regarding your opinions on Our services which may be used for marketing, research and analysis, where you have consented to be contacted for such purposes,
  • to help Us identify you when you contact or visit Us,
  • for general administration purposes,
  • to help Us improve the quality of Our products and services,
  • to help Us detect and prevent fraud and money laundering,
  • to carry out analysis and customer profiling,
  • when you communicate with us for customer service or other purposes (e.g., by emails, faxes, phone calls, tweets, etc.), we retain such information and our responses to you in the records of your account,
  • to collect Payment for services delivered.

When We process your personal data for Our legitimate business interests, We always ensure that We consider and balance any potential impact on you and your rights under data protection laws.

If you have any concerns about the processing described above, you have the right to object to this processing. For more information on your rights please see the Your Rights section below.

Categories of Personal information that we collect, hold and share include

For the above purposes We will only ever collect the information We need – including data that will be useful to help improve Our services.

If you access our site or complete our forms from that submission, or submit data to advertisements on 3rd party platforms e.g. Facebook (which you consented to share with WG) we may collect and process the following data about you.

  • First Name
  • Surname
  • Address
  • Email
  • Post code
  • School
  • Mobile number
  • Telephone number
  • Cookies (not linked to the above data)
  • IP addresses

If you submit information in relation to a placement from that submission, we may collect and process the following data about you;

  • Your name
  • Phone number
  • Post code
  • Relationship to young person enquiried about - eg. professional, parent, carer or guardian.
  • Information you request in relation to needs e.g. ADHD, autism Social Emotional and mental health, Speech language and communication, learning difficulties, no diagnosis.
  • Whether the young person enquired about has an EHCP.
  • If you are a professional – type of placement enquired about. 
  • If you are a professional – your area of interest e.g. ADHD, Autism etc. 

Collecting your information

We may collect and process the following data about you:

Personal information as listed above;

  • on our web site (, when making contact, signing up for a newsletter or completing the placement referral/question section,
  • When interacting with our advertisements on third party platforms whereby you have consented to share the information with us.

This will also include information volunteered by you when you;

  • subscribe to receive one of our e-communications,
  • order a brochure,
  • enquire about a specific service, school or home,
  • request information via telephone,
  • request a call back,
  • respond to a campaign,
  • enter a competition or promotion,
  • submit a question to Us or provide Us with feedback,
  • Booking a service/event.
  • Respond to an advertisement or campaign on a third party site.

We also process data from details of your visits to Our site including but not limited to:

  • IP addresses (the location of the computer on the internet)
  • Pages accessed and
  • Files downloaded
  • Cookies

In the main this is statistical data about Our users’ browsing actions and patterns and does not identify any individual. It simply allows Us to monitor and improve Our service. This is also the case when obtaining that detail from advertisements on third party sites.

This helps Us to achieve the aims listed at the start of this notice and to determine:

  • How many people use Our sites
  • How many people visit on a regular basis, and
  • How popular Our pages are.

Our site uses cookies to distinguish you from other users of Our site. This helps Us to provide you with a good experience when you browse our site and allows Us to improve Our site.

For detailed information on the cookies We use and the purpose for which We use them please see our Cookie Policy available as a link from all of our website pages. When you first land on any Witherslack group web page you are requested to consent to explained cookies. There is more information in our cookie policy available via the link at the foot of our web pages. If you want to further disable cookies you can also refer to your own browser guides for help.

In order to comply with Current Data Protection Legislation including the (UK) General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in or thereafter opt-out to having your contact details used as set out above, at the time your details are submitted.

For example, when you request information, you can tell Us when you provide your details if you do not want to receive any other information from Us or Our partners, or you can let Us know how best to get in touch with you with information that may be of interest.

If you do not wish Us to use your data as set out above, or to pass your details on to third parties for marketing purposes, please leave the relevant boxes, situated on the form which We used to collect your data, blank/unticked.

At any time if you no longer wish to receive marketing emails or other promotional materials from Us, you may opt-out of receiving these communications at any time by one of the following methods;

  • by replying to the email address listed on the web page,
  • by opting out on the marketing message,
  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR,
  • by calling the data protection officer on 015395 66081,
  • by e-mailing the data protection officer at 

Storing your information

The majority of information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the UK or European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Further information can be obtained on request from our Data Protection Officer who is contactable by emailing  

We will take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.

Unfortunately, the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To further mitigate this risk all emails from the Witherslack Group, containing personal data, are sent encrypted.

We will keep your information only for as long as we need it to provide you with the services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need information, we will always dispose of it securely, using specialist companies if necessary to do this work for us. We maintain a retention schedule which is reviewed annually.

We will hold your records securely until;

  • Emails remaining on our email server will automatically be deleted after 3 months except for senior staff accounts which will be retained for 12 months. Any emails containing information (which is required for a longer period) relating to young people or staff will be transferred to the appropriate file and retained in accordance with our statutory requirements,
  • contact details submitted through the web site will be reviewed within two years. You will be contacted for you to consider extending this for a further two years,
  • any notes relevant to identified young people or staff will be transferred to their file and retained in accordance with legislation (see Retention Schedule).

Third-party service providers will also store information, however there are strict conditions as to security, retention and sharing which enable us to control personal information held by them. This is to ensure your preferences with us are replicated with the third-party service providers. They will hold your information for our purposes only. 

Who do we share your information with  

There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless we are legally required to do so.

We may also disclose your personal information to third parties, if we are under a duty to disclose or share your personal data for legal or regulatory purposes, in relation to existing or future legal proceedings, for the prevention of fraud/loss or to protect the rights, property, safety of our Group, our customers or others.

We have robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether we release data to third parties are subject to a strict approval process and based on our detailed assessment of;

  • who is requesting the data,
  • the purpose for which it is required,
  • the level and sensitivity of data requested, and
  • the arrangements in place to store and handle the data,
  • arrangements for return/destruction,
  • ability to facilitate a subject access request.

Below is a table of the third-party service providers and business partners to whom we may disclose your data. 

Why we share your information

Just like most other organisations, We work with third-party service providers which provide important functions on our behalf allowing us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, for any of the purposes set out above, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent or unless the law and our policies allow us to do so.

Below are the authorities under which we share your data and with whom we share.

Who we share with

Why we share

What is shared


To arrange for payment for events etc. Payment made through Eventbrite link on the web (links to Stripe).

You provide contact details (name address and telephone no)  primary needs, opinions event attendance and banking details. In turn Eventbrite share your E-mail contact with Us.

Department of Education

Information in relation to referrals or enquiries may be shared.

Contact details of parents/young peoples and carers as well as attainment information for young peoples.

Local Authorities

Information in relation to referrals or enquiries may be shared.

Contact details of parents/young peoples and carers as well as previous family circumstances.


Manage internet interactions central control of marketing.

Contact details (name address and telephone no) , email address IP address, interaction with web. 


Payment processor.

Bank details.

Survey monkey


Logon details email address (see cookies).

Go to Webinar

Provision of Webinar events.

Logon details (see cookies).


Web optimisation.

Location, IP address, sites visited journey in WG site (see cookies).

Your Rights

Under data protection legislation, parents and young people have the right to request access to information about them that we hold. You can do this free of charge and the information will be considered and provided within a month of your request. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations – please see further below), or information which is subject to legal privilege (for example legal advice given to or sought by us, or documents prepared in connection with a legal action).

Young people can make subject access requests for their own personal data, provided that, in our reasonable opinion, they have sufficient maturity to understand the request they are making. A young person of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be the child’s. For more mature young people, the parent making the request may need to evidence their child's authority for the specific request.

WG believe that Young People aged 13 and above are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. Slightly younger children may however be sufficiently mature to have a say in this decision, depending on the child and the circumstances.

All information requests from, on behalf of, or concerning young people – whether made under subject access or simply as an incidental request – will therefore be considered on a case-by-case basis.

You also have the right to:

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress
  • Prevent processing for the purpose of direct marketing
  • Object to decisions being taken by automated means
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • Claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer;

  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR,
  • by calling the data protection officer on 015395 66081,
  • by E-mailing the data protection officer on, or
  • by speaking to any member of staff. 

Queries and Complaints 

If you believe that we have not complied with this policy or acted otherwise than in accordance with Data Protection Legislation, you should notify The Data Protection Officer on

You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office