Early Years Fun, earlyyearsfun.co.uk (“we”) is owned by Anna (Star) Harford, working as a sole trader and who is committed to protecting and respecting your privacy, in accordance with General Data Protection Regulation. We commit to:
comply with both the law and good practice
respect individual’s rights
be open and honest with individuals whose data is held
register our details with the Information Commissioner’s Office (ICO)
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Anna (Star) Harford who can be contacted by email at firstname.lastname@example.org or by post at Star Harford, Apt 24574, Chynoweth House, Trevissome Park, Truro, TR4 8UN.
This policy only applies to the site http://earlyyearsfun.co.uk. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.
Information we may collect from you
We may collect and process the following data about you:
Information that you provide by filling in forms on our site http://earlyyearsfun.co.uk. This includes information provided at the time of contacting us via our contact form or email and at the time of making purchases. Your information will be stored to enable us to contact you regarding our boxes, available discounts, delivery, payment and orders. If you do not want us to store information you are able to opt out at any time by way of email to email@example.com or using the contact form on the website however this will also terminate your contract with us and we will no longer be able to send you boxes or process payments.
Information you give when subscribing to or commenting on our site http://earlyyearsfun.co.uk, your name and email address, will be stored by wordpress to send you notifications of new posts.
We may also ask you for information when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. This information is mostly tracked by google analytics and wordpress.
Data protection Principles
There are six data protection principles that are core to the General Data Protection Regulation. We will make every possible effort to comply with these principles at all times in our information-handling practices. The principles are:
Lawful, fair and transparent – Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used
Limited for its purpose – Data can only be collected for a specific purpose
Data minimisation – Any data collected must be necessary and not excessive for its purpose
Accurate – The data we hold must be accurate and kept up to date
Retention – We cannot store data longer than necessary
Integrity and confidentiality – The data we hold must be kept safe and secure
Key risks – The main risks are in two areas;
Information about individuals getting into the wrong hands, through poor security or inappropriate disclosure of information
Individuals being harmed through data being inaccurate or insufficient.
Anna Harford is the data controller for all personal data held by us and is responsible for:
Analysing and documenting the types of personal data we hold
Checking procedures to ensure they cover all the rights of the individual
Identifying the lawful basis for processing data
Ensuring consent procedures are lawful
Implementing and reviewing procedures to detect, report and investigate personal data breaches
Storing data in safe and secure ways
Assessing the risk that could be posed to individual rights and freedoms should data be compromised
IP addresses and cookies
WordPress, stripe or paypal may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
To estimate our audience size and usage pattern.
To store information about your preferences, and so allow us to customise our site according to your individual interests.
To speed up your searches.
To recognise you when you return to our site.
Http://earlyyearsfun.co.uk gives you the option to accept cookies when you open the site.
Data recording, security and storage
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it is obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this. We will retain personal data for no longer than is necessary.
All information you provide to us is stored on a secure device which is password protected. Any payment transactions will be encrypted.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it. Printed data will be shredded when it is no longer needed.
Data stored on CDs, memory sticks or portable hard drives will be encrypted or password protected and locked away securely when they are not being used. Cloud services used to store personal data will be assessed for compliance with GDPR Principles. Data will be regularly backed up. All servers containing sensitive data must be protected by security software. All possible technical measures will be put in place to keep data secure.
Accountability and Transparency
We will ensure accountability and transparency in all our use of personal data. We will keep written up-to-date records of all the data processing activities we do and ensure that they comply with each of the GDPR principles.
We will regularly review our data processing activities, and implement measure to ensure privacy by design including minimisation, transparency and continuously improving security and enhanced privacy procedures.
Uses made of the information
We use information held about you in the following ways:
To take payment and provide you with the service you are paying for including processing and delivering orders and subscriptions.
To provide you with information and services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
To carry out our obligations arising from any contracts entered into between you and us.
To keep you updated about new boxes and future discounts.
To notify you about changes to our service.
If you do not want us to use your data in this way, please email firstname.lastname@example.org
Disclosure of your information
We may disclose your personal information to third parties:
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Consent and your rights
You have the right to ask us not to process your personal data or to change your mind at any time about us holding your data by emailing email@example.com or writing to Star Harford, Apt 24574, Chynoweth House, Trevissome Park, Truro, TR4 8UN. Please be aware that doing so may end your subscription and make us unable to process future payments or make further deliveries.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or those of the sites that host us. Please check these policies before you submit any personal data to these websites.
We will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with and the possible consequences of them agreeing or refusing the proposed use of the data. We will seek explicit consent wherever possible. We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. We may hold details of consent in an encrypted, secure format online and may also maintain the consents in a spreadsheet. We will regularly review consents and seek to refresh them regularly or if anything changes.
We will comply with both data protection law and Privacy and Electronic Communications Regulations (PECR) when sending electronic marketing messages. PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means
Subject Access Requests
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice. We will provide an individual with a copy of the information requested within one months of receipt of the request. We will provide the data in a structured, commonly used and machine readable format. This would normally be a PDF file although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to. Once a subject access request has been made, we will not change or amend any of the data that has been requested.
Any subject access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive charge an additional fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.