This privacy notice is in place to inform our customers and staff how we, Segsbury Ltd trading as DJ’s Play Jungle and DJ’s Play Park, may collect, use and protect their personal data.
Who are we?: Segsbury Ltd acts as the data controller for the purpose of Data Protection Law. Registered Address: 75 The Park St Albans Herts AL1 4RX.
When do we collect personal data? GDPR includes 7 rights for individuals :
1) The right to be informed
The term ‘personal data’ is any information relating to an identified or identifiable living individual. Segsbury Ltd is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses and payment card details. We need to know children’s full names, addresses, date of birth, along with any dietary requirements and occasionally photographs. We are using data to provide a service of Play facility and Parties. Segsbury Ltd is required to hold data on its Staff; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers and bank details. We are committed to being honest and respectful in collecting and using your personal data. We may collect personal data when you:
• enquire or book one of our parties/memberships
• subscribe to our Free Wifi
• enter a competition or customer feedback form
• sign up to our e-newsletter
• visit us and/or speak to a member of staff
• complete an accident report
2) The right of access
At any point an individual can make a request relating to their data and Segsbury Ltd will need to provide a response (within 1 month).
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Segsbury Ltd has a legal duty to keep children’s and parents details for a reasonable time, Segsbury Ltd can retain these records for up to 3 years. Staff records can be kept for 6 years before they need to be erased. This data is archived in a locked cabinet and shredded after the legal retention period.
4) The right to restrict processing Parents, visitors and staff can object to Segsbury Ltd processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) The right to data portability Segsbury Ltd requires data to be transferred from one IT system to another; such as from Segsbury Ltd to the Online Party Booking system. This will be done in a secure manner.
6) The right to object Customers, parents and staff can object to their data being used for certain activities like marketing. Customers will be asked to opt in for the newsletter.
7) The right not to be subject to automated decision-making including profiling. Automated decisions and profiling are used for marketing-based organisations. Segsbury Ltd does not use personal data for such purposes. Storage and use of personal information All paper copies of parent, children’s and staff records are kept in a locked filing cabinet at the registered office of Segsbury Ltd. They are then processed onto a password protected PC, so that they are accessible to the staff via the Cloud software in the case of an emergency. Party form documents include data such as children’s names, date of birth and address. These records are shredded after the relevant retention period. Segsbury Ltd collects a large amount of personal data including; names and email addresses of those on the Newsletter list. These records are kept on Mailchimp software.
GDPR means that Segsbury Ltd must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
————————————————————————————————————– This policy was written with professional advice, by Segsbury Ltd.
Policy review date: May 2018 This notice We will update this notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable. Questions If you have any comments or question concerning this notice, please contact Info@DJsPlay.co.uk
Last Updated: 6 Mar 2018
Introduction and Aim
DJ’s soft play and party venue knows that you take your privacy seriously. We do, too. We will not misuse, sell, or exploit any information provided to us and we do all we possibly can including physical, electronic, and managerial procedures to ensure your data stays safe. The majority of the information you give us is for the express purpose of keeping all customers safe inside the centre or sending you information of interest about DJ’s Play.
Reasons/Purposes For Processing Information
GDPR legislation states six lawful bases for processing personal information. These are the only justifications for doing so. They are:
- necessary to enter into or to perform a contract,
- necessary for compliance with a legal obligation,
- necessary to protect ‘vital interests’
- necessary for the public interest,
- necessary for a legitimate interest,
- with the consent of the data subject.
In line with this, DJ’s Play will store or process data for a number of reasons including:
- Financial obligations for customers, staff and suppliers (points 1 and 2)
- Photos, names, dates of birth to allow the business to run smoothly and to help ensure child safety so that the correct children leave with the correct adults (points 4 and 5)
- Contractual obligations including staff, customer and supplier contracts to ensure we are legally compliant (point 1 above)
- To inform customers, with their consent, of special offers and events that are taking place at DJ’s Play (point 6 above)
- CCTV images for the prevention and detection of crime and to protect the children who come to DJ’s Play (point 4 above)
- The following legitimate purposes: accounting, billing and audit, and administrative and legal purposes, statistical and marketing analysis, customer surveys and to help us in any future dealings with you, for example by identifying your requirements and preferences (point 5 and point 2 above)
Specifically, the information collected at reception or online is as follows:
• Telephone Number (for adults only)
• D.O.B(for children only)
Other than the email address, this information is for the security of all customers within the building so that if required they can be identified as well as enabling the business to run efficiently. The email address will only be used to communicate an event you have booked, special offers or events that DJ’s Play believes you would legitimately be interested in. You will be asked at the time whether you wish to be contacted via email and for what purpose.
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data.
- The right of access to the personal data we hold about you.
- The right to rectification if any personal data we hold about you is inaccurate or incomplete.
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you. We only hold your personal data for a limited time, normally 3 years after inactive use, unless dictated differently by law such as staff or financial records.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation).
- The right to object to us using your personal data for particular purposes.
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal data, please contact us using the details provided at the foot of this policy and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau.
We take very strong precautions to protect your data from loss, misuse, unauthorised access or disclosure, alteration, or destruction and as part of this DJ’s Play has conducted a full risk assessment of all the data it processes to ensure their CUSTOMERS, STAFF and SUPPLIERS data all remains as safe as possible. If your data is involved in a data breach for any reason, in particular any data that could identify customers, staff or suppliers personally you will be informed in line with the data breach guidelines as dictated by the Information Commissioner Office see www.ico.org.uk For any data breach we will inform the ICO within 72 hours of being aware of any breach and follow our procedures after that, in line with the ICO guidance.