Business Name: Rainbow Rhyme
Data Controller & Data Protection Officer: Sarah Masters
Contact details: E: firstname.lastname@example.org M: 07917 607008
The purpose of this policy is to explain to you how we control, process, handle and protect your personal information given to us when you registered at our classes, for one of our workshops or when you have contacted us via email or through social media, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to inform us so that we can delete your information.
Policy key definitions:
"I", "our", "us", or "we" refer to the business, Rainbow Rhyme
"you", "the user" refer to the person(s) using our service.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and process any personal information about you electronically using the following lawful bases:
Lawful basis: Legitimate interests
The reason we use this basis: Our reasons for contacting you will be for your own interest, including but not limited to, informing you of a cancellation of a class or a change in our class timetable, or to inform you of upcoming events that may be of interest. We believe that our communication to you will not be intrusive and you have the option to opt out at any point.
What data do we process?
We keep a record of, Childs first name only, Parents/Guardians Full Name, mobile phone number or landline number and email address and how you heard about Rainbow Rhyme
How we collect data:
Data is generally collected on the registration form at our public classes or if you book onto one of our workshops. If you contact Rainbow Rhyme to enquire about any of our services, we will respond accordingly but no data will be retained unless consent is given.
How is the data stored?
Data is stored digitally in an encrypted file on a password protected laptop and on a password protected mobile phone. Contacts on the phone are backed up securely to a google account (see https://www.google.com/about/datacenters/inside/data-security/) and files on the laptop are backed up securely to Microsofts OneDrive
How we use your data:
In the event of a class being cancelled, our preferred method of contact to inform our customers is by text message. If a mobile phone number is not given we may call a landline number or send an email.
We may send occasional text messages to inform of any additional classes or workshops that are running that may be of interest to you.
We send out a newsletter via email no more than once per half term to keep you informed of our upcoming events and current classes.
You can opt out of this at any time.
We may occasionally ask for feedback about the services we offer using a site such as Survey Monkey.
All communication is direct from Rainbow Rhyme and not sent via third party marketing companies.
Data retention period:
We will hold your data for no more than 5 years from the date of registration after which time it will be deleted from our records and any paper copies destroyed (shredded). If you choose to opt out from our correspondence before then, all data will be deleted and hard copies destroyed within 1 month of the request being sent
After 5 years if you wish to continue to hear from us, you can let us know by getting in touch via email.
Any data that we currently hold that is older than 5 years will be deleted as of 25th May 2018.
Consent If consent has been given in the last 5 years, we will continue to process your data as per the guidelines in this policy. You have the option to opt out at any point by sending us an email or text message requesting so.
Sharing your information:
We will not share your information with third parties under any circumstances.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Our website, www.rainbowrhyme.co.uk, is operated by ourselves at Rainbow Rhyme. We do not collect any data from visitors to our website. If you contact us via the website, we will have access to your email address which we use to respond but we do not keep any data unless consent is given.
Third Party Links
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Your information is stored digitally in the following ways:
In an encrypted Microsoft Excel file on a password protected laptop
Files on laptop are securely backed up on the Microsoft OneDrive
On a password protected mobile phone
Contacts on mobile phone is backed up to Google