
Teens Know All Academy CIC
Privacy Policy
Last updated: 01/07/2026 Version 1.0
1. Who we are
Teens Know All Academy CIC ("we", "us", "our") is a Community Interest Company registered in England and Wales, company number 17315262, with registered office at Portland House, Belmont Business Park, Durham, DH1 1TW.
We deliver confidence-building, communication, and life-skills workshops for teenagers, and work with schools, local authorities, fostering services, community organisations, charities, and funders across the North East of England.
We are the data controller for the personal information described in this policy. If you have any questions, you can contact us at [email protected] or 07469486884
2. What this policy covers
This policy explains how we collect, use, store, and protect personal information when you:
● Visit our website or landing pages
● Submit an enquiry or contact form (as a school, local authority, community organisation, funder, parent, or young person)
● Book or take part in one of our workshops or programmes
● Correspond with us by email, phone, or in person
This policy applies to personal information relating to adults (such as staff, commissioners, and parents/carers) and to children and young people who take part in our sessions. Where different rules apply to children's data, this is set out in Section 8.
3. Information we collect
3.1 Information you give us directly
● Name, job title, and organisation (for professional contacts such as schools, local authorities, charities, and funders)
● Contact details, including email address, phone number, and postal address
● Details you provide about the young people or group you would like us to work with (for example, approximate age range, group size, or specific needs relevant to session planning)
● Information provided by parents or carers when booking or consenting to a young person's participation
● Information provided directly by young people where they contact us themselves (for example, through our teen resources pages)
● Any other information you choose to include in an enquiry or message to us
3.2 Information we collect automatically
● Technical information such as IP address, browser type, and device information when you visit our website
● Usage information, such as which pages are viewed and how visitors navigate our site, collected through analytics and form tools
3.3 Information we collect during workshop delivery
● Attendance records
● Feedback and evaluation forms completed by participants, carers, or commissioning staff
● Photographs or video, but only where separate, specific consent has been given (see Section 9)
We do not seek to collect special category data (such as health information) unless it is specifically and voluntarily shared with us by a parent, carer, or commissioning organisation because it is relevant to safely delivering a session (for example, a relevant access requirement). Where this happens, we treat that information with additional care as described in Section 8.
4. How we use your information
We use personal information for the following purposes:
● To respond to enquiries and discuss potential bookings or partnerships
● To plan, schedule, and safely deliver workshops and programmes
● To manage contracts, invoicing, and commissioning arrangements with organisations
● To maintain accurate attendance and safeguarding records
● To evaluate and improve our workshops, including reporting outcomes to commissioners or funders
● To meet our legal, safeguarding, and regulatory obligations
● To send relevant updates about our services, where you have agreed to receive these
5. Our legal basis for processing
Under UK GDPR, we rely on the following legal bases depending on the situation:
● Contract: where processing is necessary to deliver a workshop or service you or your organisation has booked
● Legitimate interests: for responding to enquiries, improving our services, and maintaining business records, in a way that does not override your rights and interests
● Consent: for photography/video, marketing communications, and any special category data shared voluntarily, all of which can be withdrawn at any time
● Legal obligation: where we are required to keep or share information for safeguarding, tax, or other legal reasons
● Vital interests: in rare circumstances, where necessary to protect someone's immediate safety
6. Sharing your information
We do not sell personal information. We may share information in the following limited circumstances:
● With commissioning organisations (such as a school, local authority, or fostering service) where this is necessary to deliver, evidence, or report on a workshop or programme
● With third-party service providers who support our operations, such as our website, form, and email platforms, and accounting software, under appropriate data processing agreements
● With relevant authorities where there is a safeguarding concern, in line with our Safeguarding Policy and legal obligations, including local authority children's services, the Local Authority Designated Officer (LADO), or the police where necessary
● With professional advisers such as our accountant, insurer, or legal adviser, where necessary
● Where required by law, regulation, or a valid request from a public authority
We currently use IONOS to host our main website, and Sales Funnels (salesfunnels.io) to host our landing pages and process enquiry form submissions. Some service providers we use may store or process data outside the UK/EEA; where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision.
7. How long we keep information
We keep personal information only for as long as necessary for the purposes it was collected, and to meet our legal obligations. As a general guide:
● Enquiry and contact form data: retained for up to 24 months if no further engagement occurs, then deleted or anonymised
● Booking, attendance, and safeguarding records relating to workshops with children and young people: retained in line with safeguarding best practice, typically until the young person's 25th birthday, or longer where a safeguarding concern has been recorded
● Financial and contractual records: retained for a minimum of 6 years to meet HMRC requirements
● Marketing consent records: retained until consent is withdrawn
These periods may be adjusted where a longer retention period is required by law, by a commissioning organisation's own policy, or in connection with a specific safeguarding matter.
8. Children's information
We take particular care with information relating to children and young people, including looked-after children and care leavers.
● Where possible, we collect information about a young person through a parent, carer, or the commissioning/referring organisation (such as a school or local authority), rather than directly from the child
● We only collect the minimum information needed to plan and safely deliver a session
● We do not use children's personal information for marketing purposes
● Where a young person contacts us directly (for example, through our resources pages), we handle this sensitively, do not require unnecessary personal details, and signpost to appropriate support where relevant
● Any safeguarding-related information is handled in line with our Safeguarding Policy, shared only with those who need it, and stored securely with restricted access
9. Photographs, video, and case studies
We sometimes take photographs or video during workshops for evaluation, funder reporting, or promotional purposes. We only do this where:
● Specific, separate consent has been obtained from the young person (where appropriate to their age and understanding) and/or their parent, carer, or the commissioning organisation on their behalf
● The purpose of use has been clearly explained at the point consent is requested
● Consent can be withdrawn at any time, and images will be removed from future use (though we cannot always recall material already shared with a third party such as a funder report that has been published)
We do not use identifiable images or case studies of looked-after children, care leavers, or other vulnerable young people without explicit, informed consent from an appropriate adult, and we take extra care to protect identity where a young person's care status could put them at risk if disclosed.
10. Keeping information secure
We use appropriate technical and organisational measures to protect personal information, including:
● Secure, password-protected systems and access controls
● Limiting access to personal information to those who need it to do their job
● Using reputable third-party platforms with their own security and data protection commitments
● Secure storage and disposal of any paper records
No method of transmission or storage is completely secure, but we take reasonable steps to protect your information and to respond promptly to any suspected data breach, including notifying the Information Commissioner's Office (ICO) and affected individuals where required by law.
11. Your rights
Under UK GDPR, you have the right to:
● Access the personal information we hold about you
● Ask us to correct inaccurate or incomplete information
● Ask us to delete your information, in certain circumstances
● Ask us to restrict how we use your information
● Object to certain types of processing, including direct marketing
● Request that we transfer your information to another organisation, where technically feasible
● Withdraw consent at any time, where we are relying on consent
To exercise any of these rights, please contact us at [email protected]. We will respond within one month, as required by law. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ico.org.uk).
12. Cookies
Our website and landing pages use cookies to help them function correctly. Our website hosting platform (IONOS) and our landing page and form platform (Sales Funnels) may automatically set cookies to enable core functionality, remember your progress through a form, and provide us with basic visitor analytics. We do not currently use additional third-party advertising or analytics cookies such as Google Analytics or Meta Pixel. If this changes in the future, we will update this policy and, where required, request your consent before non-essential cookies are set.
13. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this policy shows when it was last updated. We encourage you to review it periodically.
14. Contact us
If you have any questions about this policy or how we handle your information, please contact:
● Teens Know All Academy CIC
● Email: [email protected]
● Phone: 7469486884
● Address: Portland House, Belmont Business Park, Durham, DH1 1TW
● Data Protection contact: Cosmina C Muresan, Founder
Teens Know All Academy CIC
Safeguarding and Child Protection Policy
Last updated: 02/07/2026 | Review date: 02/07/2027 | Version: 1.0
1. Policy statement
Teens Know All Academy CIC is committed to safeguarding and promoting the welfare of all children and young people we work with. We believe every child and young person has the right to be protected from harm, regardless of age, gender, ethnicity, disability, sexuality, religion, or background, and regardless of whether that harm is caused intentionally or not.
This commitment applies with particular care to looked-after children, care leavers, and other young people who may be more vulnerable due to their circumstances. Safeguarding is everyone's responsibility, and this policy applies to all staff, freelance facilitators, volunteers, and trustees/directors working on behalf of the organisation.
2. Scope and legal framework
This policy has been written with reference to:
● The Children Act 1989 and Children Act 2004
● Working Together to Safeguard Children (latest statutory guidance)
● Keeping Children Safe in Education (where sessions are delivered on school premises)
● The Care Planning, Placement and Case Review (England) Regulations 2010, in relation to looked-after children
● UK GDPR and Data Protection Act 2018, in relation to safeguarding information
● Guidance published by the [relevant local safeguarding partnership, e.g. Newcastle/Gateshead Safeguarding Children Partnership], and other local safeguarding partnerships in areas where we deliver sessions
This policy applies wherever we deliver sessions: in schools, local authority or charity premises, community venues, or our own venues, and covers in-person and any online contact with young people.
3. Roles and responsibilities
3.1 Designated Safeguarding Lead (DSL)
Our Designated Safeguarding Lead is: Cosmina C Muresan, Founder/Director.
Contact: 07469486884 / [email protected]
Our Deputy Designated Safeguarding Lead is: to be appointed
As a sole founder currently delivering all sessions, Cosmina C Muresan is the organisation's Designated Safeguarding Lead. The organisation has a second director, Adela Bunea, who does not currently deliver sessions or attend schools or workshops, and has not yet completed safeguarding training. A Deputy Designated Safeguarding Lead will be appointed once a second individual has completed appropriate safeguarding training, this may be Adela Bunea, once trained, or another individual as the organisation grows, for example a future employee or regular freelance facilitator.
The DSL is responsible for: acting as the first point of contact for any safeguarding concern, deciding on and taking any necessary action, liaising with local authority children's services and the Local Authority Designated Officer (LADO) where needed, keeping accurate safeguarding records, and ensuring this policy is reviewed and understood by everyone delivering sessions.
In the event that the DSL is unavailable, or a concern relates to the DSL directly, safeguarding concerns should be reported to the host organisation's own safeguarding lead (for example, the school's Designated Safeguarding Lead, or the local authority's or fostering service's social worker or duty team), and, where appropriate, to the NSPCC Whistleblowing Advice Line.
3.2 All staff, facilitators, and volunteers
Everyone delivering sessions on behalf of the organisation is responsible for:
● Understanding and following this policy
● Treating any safeguarding concern seriously and reporting it promptly to the DSL
● Behaving in line with our Code of Conduct at all times when working with young people
● Completing safeguarding training before working unsupervised with young people, and refreshing this at least every three years
4. Safer recruitment
Before anyone delivers sessions with young people on our behalf, we ensure:
● An enhanced DBS check (including, where appropriate, a check against the Barred List) has been completed and is satisfactory
● At least two references have been obtained and checked, including from a previous role involving work with children where applicable
● Identity has been verified
● The individual has read and signed this policy and our Code of Conduct
● Appropriate induction and safeguarding training has been completed before any unsupervised contact with young people
We keep a single central record of recruitment checks for anyone working with children on our behalf, and repeat DBS checks at intervals in line with current guidance.
5. Code of conduct
Anyone working with young people on our behalf must:
● Treat all young people with dignity, respect, and fairness
● Avoid being alone with a single young person wherever possible; where this cannot be avoided, ensure it happens in a visible, open location and is reported to the session lead
● Never use physical punishment, and only use physical contact where necessary to prevent injury, and in line with reasonable, proportionate practice
● Never form an inappropriate personal relationship with a young person, including through social media or personal contact details
● Not share personal contact details (personal phone number, personal social media) with young people; all contact should go through the organisation or the commissioning body (e.g. school, local authority, carer)
● Be mindful of the additional vulnerability of looked-after children and care leavers, including sensitivity around family, placement, and care history, and never ask a young person to disclose or discuss this in front of peers
● Challenge and report any behaviour by colleagues that does not meet these standards
● Follow any additional site-specific safeguarding rules set by a host school, local authority, or venue
6. Recognising abuse and neglect
Staff and facilitators should be aware of the four main categories of abuse recognised in statutory guidance:
● Physical abuse: including hitting, shaking, or causing physical harm
● Emotional abuse: including persistent lack of love or affection, humiliation, or exposure to conflict or fear
● Sexual abuse: including any involvement of a child in sexual activity, contact or non-contact, including online
● Neglect: including failure to meet a child's basic physical, emotional, educational, or medical needs
Facilitators should also be alert to signs of exploitation (including criminal or sexual exploitation), radicalisation, and the specific risks that can affect looked-after children and care leavers, such as missing episodes, placement instability, or exploitation linked to reduced family oversight.
7. Responding to a disclosure or concern
If a young person discloses something to you, or you notice something that concerns you, you should:
● Stay calm and listen carefully, without showing shock or disbelief
● Reassure the young person that they were right to tell you, without promising complete confidentiality
● Not ask leading questions or investigate the concern yourself
● Not promise to keep the disclosure secret; explain gently that you need to tell someone who can help
● Write down what was said as soon as possible afterwards, using the young person's own words where you can, noting the date, time, and who was present
● Report the concern to the DSL immediately, and always on the same day
The DSL will decide on next steps, which may include contacting the young person's school or social worker (if they are looked-after), the local authority's Multi-Agency Safeguarding Hub (MASH/MACH), or, in an emergency, the police. If a child is in immediate danger, call 999 without delay.
8. Working with looked-after children and care leavers
Given our work with local authorities and fostering services, we take the following additional steps for looked-after children and care leavers:
● Wherever possible, we liaise with the young person's social worker, Personal Adviser, or the commissioning organisation before a session, to understand any relevant background needed to keep the session safe and appropriate
● We do not require young people to disclose their care status to the group, and we design session content so it does not single out or identify care-experienced young people
● We are mindful that some young people may have experienced multiple placements, professionals, or services, and we aim to be a consistent, low-pressure presence rather than another authority figure
● Any safeguarding concern relating to a looked-after child is reported to the DSL immediately and, in addition to standard reporting routes, we will inform the young person's social worker or the commissioning local authority as appropriate
9. Information sharing and confidentiality
We will only share safeguarding information with those who need to know it, in line with data protection law and safeguarding guidance. Confidentiality will never be promised to a young person in a way that would prevent us from acting on a safeguarding concern. Safeguarding records are stored securely, separately from general administrative records, with access limited to the DSL and deputy DSL.
10. Online safety and use of technology
Where any part of our delivery takes place online, or involves the use of technology (e.g. shared digital materials), we will:
● Use appropriate, secure platforms, and avoid personal social media accounts for any contact with young people
● Follow any host organisation's own online safety and acceptable use policies
● Ensure an appropriate adult from the host organisation is present or contactable during any online session
● Only take or use photographs/video in line with our Privacy Policy and with appropriate consent
11. Whistleblowing
Anyone working with us who has a concern about the conduct of a colleague, or about how a safeguarding matter has been handled, should raise this with the DSL. If the concern relates to the DSL, it should be raised with the organisation's founder/director directly, or externally with the NSPCC Whistleblowing Advice Line or the relevant local authority. No one will be penalised for raising a genuine safeguarding concern in good faith.
12. Training
All staff and facilitators complete safeguarding training appropriate to their role before working with young people, and refresh this training at least every three years, or sooner if guidance changes significantly. The DSL completes additional, more detailed designated safeguarding lead training and refreshes this at least every two years.
13. Record keeping and review
We keep a written record of all safeguarding concerns, actions taken, and outcomes, stored securely and retained in line with our Privacy Policy. This policy is reviewed at least annually, or sooner following any significant safeguarding incident or change in statutory guidance, and is approved by the organisation's director(s).
14. Key contacts
● Designated Safeguarding Lead: Cosmina C Muresan, 07469486884
● NSPCC Helpline: 0808 800 5000
● Childline (for young people): 0800 1111
● Local Authority Designated Officer (LADO) and Multi-Agency Safeguarding Hub (MASH/MACH) contact details vary by local authority area. Current contact details for the relevant local authority are confirmed and recorded internally at the point of booking with each commissioning organisation, and are available from the Designated Safeguarding Lead on request.
● In an emergency, or if a child is in immediate danger: 999
15. Approval
This policy was approved by: Cosmina C Muresan, founder and director and Adela Bunea director, on 02/07/2026.
Next review due: 02/07/2027.