Jigsaw Trust is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and regards privacy as central to all its data processing.

This Notice sets out the basis on which any personal data is collected from you, or that you provide to us, how it is handled and stored to meet data protection obligations and standards and conditions under which we may disclose it to others.

Information in this Privacy Notice is displayed under the following headlines:

1. Who we are and Contact details
2. Personal data we collect
3. How personal data is collected
4. How we use any personal data collected
5. Disclosure of personal data
6. Data security
7. Data retention
8. Transferring data outside the EEA
9. Your legal rights


Jigsaw Trust is a registered UK charity and oversees and runs different divisions and legal entities. This Privacy Notice is issued on behalf of those different divisions and legal entitles and any mention of ‘Jigsaw’, ‘we’, ‘us’ or ‘our’ in this Notice, refers to the relevant division or legal entity responsible for processing your data (ie. data controller) within Jigsaw Trust.

Jigsaw Trust
UK Registered Charity Number: 1075464
Registered Company Number: 3734127
Registered Address for all divisions/legal entities: 19-20 Bourne Court, Southend Road, Woodford Green, Essex, IG8 8HD (0208 551 7200)

Jigsaw CABAS School
UK Registered Charity Number: 1075464

Jigsaw Trading (2013) Ltd, t/a Cafe on the Park
Registered Company Number: 08594365

UK Registered Charity Number: 1151727
Registered Company Number: 08278978

Data Protection Officer:
Judicium Consulting Ltd
72 Cannon Street, London, EC4N 6AE
Email:  [email protected]
Tel:      01483 277366


All personal data collected, used, recorded is done so in accordance with applicable data protection legislation and this Privacy Notice.

The data can be categorised as follows and may include, but not be limited to:

Personal dataeg. first name, last name, dob, age, email, telephone, marketing preferences, GiftAid/tax paying status, salary information, banking details
Financial dataeg. general business accounting, invoices, non-identifiable general transactions
Special Category Dataeg. medical information, safeguarding information, financial information relating to special category data
Technical and Usage dataeg. IP address, browsing patterns on our websites, Google Analytics
Other – Non-Personal dataeg. Summary for reports, statistical data, policies and anonymous teaching/learning resources

Please view our Data Protection Policy for further examples under Data Categories – click here to visit our Policies page.


We collect personal data in the following ways:

Inbound Direct Interactionsmaybe, but not limited to, you corresponding with us via email, on the telephone, by post, completing contact forms on the websites, completing forms (hard copy), etc
CCTVJigsawPlus site operates CCTV for safety and security
Trusted Third Partiesincluding but not limited to Local Education Authorities
TechnicalGoogle Analytics and other Cookies are used on the websites – data is collected in a way that does not directly identify anyone. See our separate Cookie Policy. You can also view information on Cookies and how to disable them on your browser at: https://allaboutcookies.org or https://aboutcookies.org


Personal data may be used to ensure we respond effectively and appropriately to your contact. It may, where you have given consent, be used to update you on Jigsaw news, developments and activities.

To provide a positive user experience on our websitesTechnical & Usage data
Other non-personal data
Understand how visitors arrive at our websites and what information is being viewed to keep our websites relevant and up to dateLegitimate Interest
General MarketingPersonal dataKeep interested parties up to date with the latest news, events, activities across, and relating to, the TrustConsent
PublicityPersonal dataTo provide publicity and exposure for an activity or event you are taking part in to the benefit of the charity and to enable us to promote and run successful ongoing eventsConsent
FundraisingPersonal data
Financial data
To process donations; to process prize draws; to process entrants to events; to efficiently raise money for the charity; to acknowledge and thank donors/participantsLegitimate Interest; Performance of a task in the public interest
Admissions process for Jigsaw CABAS School and JigsawPlusSpecial Category data
Personal data
Financial data
To process admissions related enquiries for Jigsaw CABAS School and JigsawPlus; to determine type of placement or care packageConsent; Legitimate interest pursued by controller; Protect vital interests of data subject
To support and educate pupils at Jigsaw CABAS School and Adult Learners at JigsawPlusSpecial Category data
Personal data
Financial data
To effectively educate and care (including any necessary therapy provision) for pupils and adult learners whilst at Jigsaw; to process necessary educational payments; to record and report required essential medical information and feedbackConsent; Legitimate interest pursued by controller; Performance of a task in the public interest; Compliance with legal obligation; Necessary in connection with Social Protection law; Protect vital interests of data subject
RecruitmentPersonal data
Special Category data
Financial data
To effectively recruit employees suitable to the vacancies available; to understand any necessary adjustments that may be required; comply with HR legislationConsent; Explicit consent; Necessary in connection with employment law; Compliance with legal obligation
Employees (including volunteers)Personal data
Special Category data
Financial data
To effectively manage the internal human resource/personnel process of employees; to run payroll; to meet our legal obligationsConsent; Necessary in connection with employment and Social Protection law; Compliance with legal obligation; Legitimate interest pursued by controller
FinancePersonal data
Financial data
Special Category data
To process all financial transactions between individuals, employees and Jigsaw; to effectively financially manage and run a business; production of legally required financial reportingCompliance with legal obligation; Consent
ITPersonal data
Special Category data
Technical & Usage data
To ensure the security and efficacy of the organisations IT infrastructureLegitimate interest pursued by the controller; Protect vital interests of data subject
Governance of the Charity/OrganisationPersonal data
Special Category data
Financial data
To oversee and govern the organisation in line with legal & Charity Commission compliance and best practiceCompliance with legal obligation; Necessary in connection with employment and Social Protection law


We may disclose personal data to trusted third parties when required to do so to process a request or through legal obligation or requirement; otherwise, we do not sell, swap or otherwise distribute personal data.

Sharing of Pupil Data– we share pupil information with the Department for Education on a statutory basis. Completion of the school level annual school census (SLASC) by registered independent schools is a statutory requirement under the Education (Independent Educational Provision in England) (Provision of Information) Regulations 2010.   We are also required to share personal data with Local Authorities under The Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the data collection requirements placed on us by the Department for Education go to https://www.gov.uk/education/data-collection-and-censuses-for-schools

Sharing of Adult Learner Data– we share adult learner information with relevant Local Authorities and the NHS on a statutory basis.

Third Party Providers – occasionally, we employ other companies and individuals to perform necessary business functions on our behalf, including, digital/technical agencies and support providers, hosting providers, payroll services, digital educational and communication platforms, social networks, fundraising event services and general businesses consultancy services. They may have access to personal information needed to perform their requested function but will not be allowed to use it for other purposes and any processing must be done in accordance with this Privacy Notice, our Data Protection Policy and General Data Protection Regulations in force.

Further information can be found in our Data Protection Policy – click here to visit our Policies page.


We take the security of personal data very seriously and have policies and controls (both technical and organisational) in place to ensure personal data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by those who are authorised.   

Please be aware transmission of data over the internet is inherently insecure and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping any passwords and user details confidential. We will never ask you for your password.


We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including the satisfying of any legal obligations/statutory regulations, reporting or accounting requirements and/or best practice.  A full Retention Schedule is available upon request via [email protected]


Data may be transferred to countries outside the European Economic Area (EEA) to meet the requirements of staff training and development or to utilise the most appropriate digital education and communication platforms or data management software.


Under data protection legislation, everyone has the right to request access to information about himself or herself that we hold. This is called a subject access request.

Subject access requests from individuals should be made by email, addressed to the Privacy Co-ordinator (see contact details below) who can supply you with a standard request form. We will always verify the identity of anyone making a subject access request before providing any information. A response to any formal request for information will be provided within 30 days of receipt of written request.   If providing the information requested by the data subject would disclose personal data about another individual then the information will be redacted or withheld as may be necessary or appropriate to protect that person’s rights.

All individuals who are the subject of personal data held by us are entitled to:

  • Ask what information we hold about you and why
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed how we are meeting our data protection obligations
  • In certain circumstances, request rectification, restriction or deletion of your personal data

If you have a concern about the way we are collecting or using personal data, we request that you raise your concern with us in the first instance.  Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

To make a request for information from us, please contact:

Data Protection Officer:  [email protected]


Any individual who suspects that a personal data breach has occurred must immediately notify the Data Protection Officer above providing a description of what has occurred.  If a breach is potentially high risk to data subjects rights and freedoms the Trust must notify the data subject affected.

We may change this Privacy Notice from time to time so please check this occasionally to ensure you are happy with any changes.

DATE OF LAST REVISION: 30 September 2021