Business Name: Kiddibops
Data Controller & Data Protection Officer: Rachel Pollard
Contact details: Email:
The purpose of this policy is to explain to you how we control, process, handle and protect your personal information given to us when you registered at one of our classes or when you have contacted us via our website, via email or through social media, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to inform us so that we can delete your information.
Policy key definitions:
"I", "our", "us", or "we" refer to the business, Kiddibops.
"you", "the user" refer to the person(s) using our service.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and process any personal information about you electronically using the following lawful bases:
Lawful basis: Legitimate interests
The reason we use this basis: Our reasons for contacting you will be for your own interest, including but not limited to, informing you of a cancellation of a class or a change in our class timetable, or to inform you of upcoming events that may be of interest. We believe that our communication to you will not be intrusive and you have the option to opt out at any point.
What data do we process?
We keep a record of, Childs name as you provided it via our website, email, text or on our class register, Parents/Guardians name as you provided it via our website, email, text or on our class register, mobile phone number or landline number as you provided it via our website , email, text or on our class register, your email address as you provided it via our website, email, text or on our class register.
How we collect data:
Data is generally collected via our website booking/contact form, on the register at our public classes or workshops, and if you enquire about our classes via email or through messaging via text or social media direct messaging e.g Facebook Messenger.
How is the data stored?
Data is stored digitally in an encrypted file on a password protected laptop. Files on the laptop are backed up securely to a separate encrypted storage device.
Data is stored non-digitally on files stored in a secure office.
How we use your data:
In the event of a class being cancelled, our preferred method of contact to inform our customers is by email and text message. If a mobile phone number is not given we may call a landline number. We send out a updates via email or text when necessary to keep you informed of our new classes and changes to current classes. You can opt out of this at any time. All communication is direct from Kiddibops and not sent via third party marketing companies.
Data retention period:
We will hold your data for no more than 5 years from the date of registration after which time any registration forms will be destroyed (shredded). If you choose to opt out from our correspondence before then, all data will be deleted and hard copies destroyed within 1 month of the request being sent.
Any data that we currently hold that is older than 5 years will be deleted as of 25th May 2018. If consent has been given in the last 5 years, we will continue to process your data as per the guidelines in this policy. You have the option to opt out at any point by sending us an email or text message requesting so.
Sharing your information:
We will not share your information with third parties under any circumstances.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Our website, www.kiddibops.co.uk, is operated by ourselves at Kiddibops. We do not collect any data from visitors to our website. If you fill out the booking/contact form via the website, by pressing 'send' you are opting in to receive communication by us about our classes. Your details will never be used for any other purposes and you can opt out at any point. If you do not wish to opt in, please contact us via the phone number provided on the website instead.
Third Party Links
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Your information is stored digitally in the following ways:
In an encrypted file on a password protected laptop
Files on laptop are securely backed up on a separate encrypted storage device
Your information is stored non-digitally in the following ways:
In a file that is locked in a secure office at Kiddibops headquarters.