This privacy notice describes how Push-a-Bye Baby Ltd ('we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information in compliance with the General Data Protection Regulations.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
1. PERSONAL INFORMATION WE USE
We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us via email or through our website and when you complete your health questionnaire form).
Note that we may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.
1.1 Information we collect directly from you
The categories of information that we collect directly from you are:
(a) personal details (e.g. name, date of birth);
(b) contact details (e.g. phone number, email address and postal address);
(c) health and medical information (e.g. medical history, details of births and post-partum health);
(d) fitness lifestyle / activities;
(e) payment information; and
(f) any other information that you choose to provide to us.
Before you disclose to us the personal information of another period (e.g. your partner’s details), you must obtain their consent to both the disclosure and the processing of that personal information in accordance with this privacy notice.
1.2 Information we collect from other sources
The categories of information that we collect about you from other sources are:
(a) information relating to any purchases you make of our services or any other transaction that you enter through or in relation to our website or bank transfers (including your payment details); and
(b) testimonials and other information that you post on an online review page in relation to our business.
All financial details are processed by our payment processors. All our website financial transactions are handled through our payment providers Stripe. Stripe Inc. is a covered entity of EU-U.S Privacy Shield (active status). Bank transfer payments are handled by HSBC Bank plc. You can review the providers’ privacy policies at http://stripe.com.us/privacy and http://www.business.hsbc.uk/en-gb/gb/generic/legal-page-site-terms-and-privacy-statement. We will share information with our payment service providers only to the extent necessary for the purposes of processing payments you make via our website or by bank transfer to our business account, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
1.3 Special categories of personal data
Some of the categories of information that we collect are special categories of personal data (also known as sensitive personal information). In particular, we may process personal information that relates to your health, such as your medical history and reports on medical diagnoses, injuries and treatment.
2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We use your personal information to:
(a) provide and personalise our services;
(b) deal with your enquiries and requests;
(c) send you non-marketing commercial communications;
(d) send you monthly newsletters containing important class information;
(e) comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;
(f) contact you with marketing and offers relating to products and services offered by us (provide that you have opted-in to receive such marketing communications);
(g) personalise the marketing messages we send you to make them more relevant and interesting; and
(h) send payment reminders to you and collect payments from you.
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
(a) to fulfil our contractual obligations to you, for example to provide the services, to ensure that invoices are paid correctly, and to ensure you are able to access our premises when required. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations;
(b) to comply with our legal obligations to you, or to a third party;
(c) to protect your vital interests where you are physically or legally incapable of giving consent (e.g. a medical emergency); and
(d) to meet our legitimate interests, for example to understand your reasons for using our services and to enable us to derive knowledge from that enable us send you targeted marketing communications and improve our service offerings. When we process personal information to meet our legitimate interests, we put in place safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, when we process sensitive personal information or in relation to our direct marketing activities). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.
3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
access your personal information;
rectify the information we hold about you;
erase your personal information;
restrict our use of your personal information;
object to our use of your personal information;
receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
lodge a complaint with your local data protection authority.
If you would like to discuss or exercise such rights, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
4. INFORMATION SHARING
We may share your personal information with third parties under the following circumstances:
(a) Service providers and business partners. We may share your personal information with our service providers and business partners that perform business operations for us (for example we may use other companies to take class bookings or to process secure payments).
(b) Law enforcement agency, court, regulator, government authority, doctor or medical practitioner (in the event of a medical emergency) or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, to ensure your own personal safety, or otherwise to protect our rights or the rights of any third party.
5. INFORMATION SECURITY AND STORAGE
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
Your information is stored on a password protected computer and is backed-up daily.
We will keep your personal information for as long as we have a relationship with you, and for a period of 7 years thereafter. We will only retain your personal information after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require your personal information to be retained.
6. INTERNATIONAL DATA TRANSFER
7. CONTACT US
If you have questions or concerns regarding the way in which your personal information has been used, please contact us at firstname.lastname@example.org.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of the United Kingdom using their website https://ico.org.uk.
8. CHANGES TO THE POLICY
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).