Data Protection Policy

Data Privacy Summary

At JumpingCLAY we take our customers privacy very seriously. It is important that you know exactly what we do with your personal information that you provide to us, why we gather it and what it means for you.

This is in line with our obligations under the General Data Protection Regulation (GDPR), which comes into force on the 25th May 2018. From this date, the GDPR, together with the relevant local and national laws will replace the existing Data Protection Act and place enhanced accountability and transparency obligations on organisations when using your information.

The GDPR introduces changes which will provide you greater control over your personal information, including the right to object to processing your information that is carried out for our business purposes.

 

Who we are

JumpingCLAY is a network of independent instructors, or activity providers, running children’s educational clay activities throughout the UK & Ireland. Your information is held by Jumping Clay Limited (a UK based company) and members of the JumpingCLAY instructor and franchise network. Your local activity provider will be the person running the activities and providing our services in your local area. Each local activity provider will adhere to our Data Protection Policy. 

 

The Information we collect about you

We will hold:

  • data to identify you, including your contact details
  • data about your children, or students, attending our services as required to satisfy our statutory obligations. This will include:
  • the child’s personal details including names and date of birth;
  • your relationship to the child;
  • the school, or organisation, they attend;
  • any relevant medical needs and/or disabilities;
  • allergies and/or medication requirements;
  • relevant consents and permissions;
  • emergency contact details including the persons name and contact;
  • additional information provided by you as deemed necessary;
  • Subscription and attendance details at any of the services you use;
  • Payment details when purchasing our products or services.

Sometimes we may use your information even though you are not our customer. For example, your details may have been provided as an emergency contact for a child attending one of our services.

 

When we collect your information

We will collect your information:

  • when you give it to us;
  • when you use one of our products, services or request information through our website;
  • when provided by a third party.

 

How we use your information

We will use, and share, your data where:

  • you have agreed to and explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time);
  • use is necessary in relation to a service or a contract that you enter into (for example, to ensure the safety of your children at on of our activities), or when you have asked for something to be done so that you can enter into a contract with us (for example, you have asked for information in relation to you child’s next birthday party or a planned event);
  • use is necessary because we have to comply with a legal obligation (for example, complying with our statutory obligation under the local child protection law);
  • use is necessary to protect your children in our care;
  • use for our legitimate interests (which you may object to) such as managing our business including, conducting marketing activities, developing and launching new services and/or products, strategic planning and staff training.

We will only send you marketing communications if you have agreed to and opted into receiving them. We will never share your information with companies outside of our own for inclusion in their marketing activities.

 

Who we share your information with

When providing our services to you, we may share your information with:

  • your local activity provider;
  • our staff;
  • third parties with whom:
  • we need to share your information with to facilitate any contract or service you have opted into;
  • you have asked us to share your information;
  • service providers who provide us support or business services;
  • statutory and regulatory bodies including government and local law enforcement;
  • third parties in connection with any sale or purchase of our products or services;
  • healthcare professionals and medical consultants;

 

How long we hold your data

We will hold your personal information on our systems for as long as is necessary for the relevant activity and subject to legislation and regulatory rules. For example:

  • we will keep payment records you have made for at least 6 years;
  • we will keep subscription and booking records for at least 6 years;
  • we will keep enquiry information only for as long as reasonably required for the purpose of dealing with your enquiry;
  • we will keep the data about your children only when they are of a suitable age to attend any of our services or activities;
  • we will keep your contact details indefinitely when you consent to us using them for our marketing activities;
  • if you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request.

 

Keeping your data safe

At JumpingCLAY we take your privacy and protection of your personal data seriously. We will take all appropriate technical and organisational measures to ensure your personal data is held securely. We will:

  • never knowingly and recklessly expose your data to a third party;
  • ensure all of your data is SSL (Secure Sockets Layer) encrypted ‘in transit’, as required under the GDPR regulations. This is a technology that uses an encrypted connection between server and web browser ensuring all data submitted on our website is only visible to ourselves;
  • store your data on secure servers at a Tier 3 data centre controlling physical access. There is no access to the servers except through prescribed, controlled routes, and the centre is full locked down.

 

 

Your Rights

Under the GDPR regulations you have the rights to:

  • be informed about the collection and use of your personal data;
  • access your personal data, information and to verify the lawfulness of the processing;
  • rectify any inaccurate data held on yourself;
  • request your data is erased or removed from our system, known as ‘the right to be forgotten’;
  • request restricted processing of your data, we will continue to store your data;
  • object to your data being processed for direct marketing purpose, any legitimate interests and for scientific or historical purpose;

Any request under your rights must be completed and dealt with within one calendar month of your request.

 

How to contact us

If you wish wish to contact us to exercise any of your data rights, or have any questions regarding our Data Protection Policy, you can contact us at:

 

Updates

We will update our Data Protection Policy from time to time. Any updates will be made available and, where appropriate, notified to you.