Stable Relationships works hard to ensure that we comply with the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018 so that your data is always protected, and treated in a fair and lawful manner.

Our policy is in accordance with information found on the ICO website (



Who are we?
What is the purpose of this policy?
Why do we need to process your data?
What information do we actually process?
How do we collect data?
Who has access to your data and how do we share it?
How long do we keep your data for?
Keeping in touch
Your rights
Securing and maintaining data
Updates to the policy
Questions and Complaints

Who are we?

Stable Relationships is an organisation run by a sole trader (Debbie Woolfe). Stable Relationships is therefore the ‘data controller’ of information collected to enable us to run our courses and programmes successfully, and in line with best practice, and quality, in all areas of our business proceedings. As such Stable Relationships has a duty to abide by data protection law including both the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018.

What is the purpose of this policy?

This policy is intended to provide information about how Stable Relationships will use (or ‘process’) personal data about individuals including: its current, past and prospective clients/students; and their key adults (the people who give us their information), eg schools, carers.

This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Everyone who works with us, or has an interest in our organisation, is encouraged to read this Privacy Notice and understand our obligations.

This policy applies in addition to Stable Relationship’s other relevant terms and conditions and policies. Anyone who works with us should also be aware of and comply more broadly with this policy and our other policies and procedures.

Why do we need to process your data?

In order to run our courses, programmes, and activities for children and young people, schools, teachers, and key adults, Stable Relationships needs to process a wide range of personal data about individuals as part of its daily operations.

We need to carry out some of this activity to fulfil our legal rights, duties or obligations, and some to ensure we provide as appropriate and high quality service as we possibly can, to meet the needs of our students/clients.

The table below shows our uses of personal data in accordance with the legal bases as outlined in the GDPR: Applicable Legal Basis

We need data to: Legal Reason we need the data Is it special Category data?
Book onto a course, programme or training session(s) (adults and children/young people Contract and Legitimate Interests No
Safeguard welfare, provide appropriate care, and deliver the most appropriate activities for anyone using our service Legitimate Interests No
Consider Health and SEN details Legitimate Interests Yes
Ensure appropriate emergency and security procedures are in place Legitimate Interests No
Carry out and co-operate with complaints or investigation procedures Legitimate Interests No
Enable relevant authorities to monitor Stable Relationships and intervene or assist with incidents as appropriate Legitimate Interests No
Provide information about our services Legitimate Interests No
Use photographic images of individuals in publications, website or social media in line with our existing policies regarding this Legitimate Interests No
Use other professional services as needed eg to gain professional advice and insurance for business Legitimate Interests No
Manage the effectiveness of our website Legitimate Interests No

What information do we actually process?

This may include:

– Contact details and personal information
– Bank details and other financial information (of external service providers eg gardener)
– Operational information
– Images of individuals (in accordance with our Policies and Procedures)

How do we collect data?

Stable Relationships receives the majority of personal data from the individual directly (including, in the case of children and young people, from a key adult or school).

Who has access to your data and how do we share it?

For the vast majority of the time, the information you give us, is held by us, and not shared with anyone outside of Stable Relationships.

Very occasionally, we may need to share personal information with third parties, such as:

  • Professional advisers (e.g. lawyers, insurers, and accountants);
  • Government authorities (e.g. HMRC, police or the local authority);
  • Appropriate regulatory bodies [e.g. Ofsted, ICO).

This will usually only happen as a result of a specific request from the relevant authority, or as a result of us needing to gain advice following a specific isolated incident. The information sharing under these circumstances will be in accordance with General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018.

We may collect your IP address and use cookies unless you configure your web browser not to accept them. At the time of writing the cookies used on the website are from Google Analytics.

How long do we keep your data for?

Stable Relationships will keep personal data from anyone who has booked onto a course, or programme for 7 years, in line with our insurance policy. After this time data will be shredded (if paper) or deleted (if electronic copy), and disposed of in a secure manner.

We will keep any other personal data indefinitely or until someone chooses to unsubscribe

If you have any specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact us, but bear in mind that we may have lawful and necessary reasons to hold onto some forms of data, even following such a request.

Keeping in touch

Stable Relationships will use the contact details of individuals, who have previously worked with us, to keep them updated about our services according to our ‘legitimate interests.’ Individuals have a right not to receive these messages and can inform us at any time of their wishes. 

Your rights

Individuals have various rights to access and to understanding personal data about them, held by Stable Relationships. However, this is subject to certain exemptions and limitations. Individuals can exercise the following rights:

– To be informed about how it is used
– To request access to it
– To request that it is rectified
– To request erasure if there is no compelling reason for its continued processing
– To request that its processing is restricted
– To data portability
– To object to it being processed.

Any individual wishing to exercise their rights should put their request in writing to Debbie Woolfe (Manager of Stable Relationships). She will endeavour to respond to any such reasonable written requests as soon as is sensibly practicable and in any event within one month.

If the request for information is manifestly excessive or similar to previous requests, Stable Relationships may ask you to reconsider.

All information requests will be considered on a case by case basis.

We will sometimes have reasons to refuse specific requests such as when it falls within certain legal bases that we need to comply with. In this situation we will respond fully in writing, to the person who has made the request, detailing why we are unable to grant their request, in a timely manner.

The rights under Data Protection Law belong to the individual to whom the data relates. However, as we work predominantly with children and young people, we will often rely on key adult/school/social worker/carer notice to find out about the ways we processes personal data relating to any child or young person who we have worked with.

In cases where we are able to share information with the data subject (or key adult) this will be done either, in writing, or through a formal meeting.

All individuals are required to respect the personal data and privacy of others, and to comply with our Policies and Procedures.

Securing and maintaining data

Stable Relationships will endeavour to ensure that all personal data held in relation to an individual is as up to date and as accurate as possible.

Individuals must please notify us of any significant changes to important information held about them.

Stable Relationships takes appropriate technical and organisational steps to ensure the security of personal data about individuals. These include:

  • Computer-Strong passwords, firewall installed & kept up to date, antivirus installed & kept up to date.
  • Phones-Strong passwords; short lock out period (if not being used).
  • Paper Documents-Stored and locked up
  • Best Practice-Not to click on links unless they are a trusted source, not to open documents / attachments unless they are a trusted source, not to ignore warning boxes when surfing, being aware someone is trying to catch your data; turning or logging off from computers and phones when not in use, minimising windows and applications open at one time.

Updates to the policy

Stable Relationships will update this Privacy Policy from time to time, as we do with all our policies. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.

Questions and Complaints

If an individual wishes to complain about any aspect of our service, including our privacy policy or privacy procedures, please follow Stable Relationships complaint procedure (section 5 of our policies and procedures). Policies and Procedures – Updated May 18

You can also make a referral to, or lodge a complaint with the Information Commissioner’s Office (ICO), if your complaints relates to privacy, although the ICO recommends that steps are taken to resolve the matter with us before involving them, as the regulator.

Data Breach Policy

Although we work hard to keep your data secure there is always a risk when collecting and retaining personal data. As a result we need a policy to say what we will do in the unlikely event
that we have a data breach. This policy explains what we will do if that occurs.

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes
breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data
breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for
example, when it has been encrypted by ransomware, or accidentally lost or destroyed.

If we know a breach has happened we will:

  • -Investigate how the breach happened and what actions we can take immediately to minimise current and ongoing risk, and prevent the situation from becoming more serious.
  • -Assess the likelihood and severity of risk to the individual rights and freedoms of the people who would be impacted by the breach

If there is a likely risk to those involved we will:

  • – Notify the ICO within 72 hours by calling (0303 123 1113) and giving them:
    • – A description of the event, including the number of people involved
    • – The number of personal data records concerned
    • – A description of the possible consequences of the breach
    • – A description of the measures taken to deal with the breach
  • -Notify the individual(s) concerned ASAP, by contacting them via phone or email and giving them:
    • – A description of the event, including the number of people involved
    • – The number of personal data records concerned
    • – A description of the possible consequences of the breach
    • – A description of the measures taken to deal with the breach

Following the notification of the necessary parties, and any initial actions to prevent the breach getting worse, we will:

  • -Record the incident and include the following information:
    • – The time and date of the breach
    • – A description of the event
    • – A description of how the event happened
    • – A description of any actions taken to remedy the situation and prevent it from getting any worse
    • -A description of any future actions that will be taken to prevent another incident occurring
  • – Update policies and procedures, as a result of the breach, and associated learning, as needed
  • -Inform any relevant parties of the updates and actions taken to prevent another similar incident from happening


Our website ( uses cookies – these are small text files that are placed on your device to help this website to provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser.

Our website sets “first party” cookies through its use of Google Analytics. We use Google Analytics to provide us with non-personal site analytics, which in turn help us improve this website. Google Analytics tracking uses cookies in order to provide meaningful reports about web site visitors’ but they do not collect personal data about you. Google Analytics sets or updates cookies only to collect data required for the reports. Additionally, Google Analytics only uses first-party cookies. This means that all cookies set by

Google Analytics cannot be altered or retrieved by any service on any domain other than