Privacy Policy

Jaegar HC acts as a Data Controller for the purposes of GDPR. To process your booking/enquiry we need to collect personal details about you and all the children on your booking. We will respect and protect your privacy at all times. This policy sets out how we will collect, use and store any personal data about you and your child(ren).

By creating an account with us, you are agreeing to us storing and processing this information as set out below. You are responsible for ensuring you have the agreement from all persons on your account and booking to pass on their details to us.

What is our legal basis for processing data?

Our lawful bases for processing data are as follows:

Contract – the processing of data is necessary to fulfil our service agreement with customers

When do we collect data?

When you register your details with us or make a booking we will need to collect certain personal details in order to process your booking and make the necessary arrangements for your child(ren) to attend activities.

Prior to attending an activity we will also need to collect more sensitive personal data, specifically relating to the children on your bookings, such as medical conditions, allergies and educational needs in order to ensure we can provide the appropriate care for your child. During activities you may need to complete forms which will require personal information relating to you or your child or if you contact us with a query/complaint.

We may also collect data from you in other ways that will request your name, address, email address and telephone number.

What data do we collect?

Account Holder details - Name, address, DOB, telephone numbers, email address, encrypted log in password, details of your interactions with us e.g. a query on your account/complaint, details of your visits to our website (see Cookies), personal details to help tailor our services to you.

Children’s details – Name, address, DOB, medical, behavioural or educational needs, school and registered GP.

The law requires us to take reasonable steps to ensure data is kept accurate and up to date. We remind customers to update details when logging into their.

Cookies

Our website uses cookies. Some cookies are essential and are there to enable you to make your booking and transact, others are non- essential and are used to track visitor behaviour on the site, determine relevant products to show you for re-marketing purposes, track where visitors have come from or to improve user experience. Cookies are not harmful and do not contain any personal information e.g. address or DOB. You can choose to accept or decline cookies when you first visit the site by accessing the preference panel from your browser’s main menu (usually found under Edit, Tools or Options). If you choose to remove cookies, some of our site may not function properly for you and your use of the site may be impaired.

We may collect details about your device and visits to this site including IP address, browser type, device type, page interaction information, traffic data and location information. This is statistical information to help us provide the best online experience for our customers and does not identify any individual.

How do we use your data?

If you have a booking with us, we will use your data in relation to delivering our childcare services, to contact you with information relating to your booking and your child(ren)’s time at an activity, to protect the welfare of your child, to comply with our legal obligations and to process payments.

Third Parties - We will not pass on your personal information to other users of the site and we will only ever pass on your personal details to a third party if it is necessary to fulfil a particular service on your behalf or as part of our normal business activities. For example, your payment will be taken via a secure card processing company called Class4kids. Any details passed on will be transferred in a secure manner.

Should any safeguarding concerns or legal proceedings require us to pass on your personal information we trust you will understand that we have a duty to comply with the law. Please be aware that the way in which your personal details would be legally protected within the UK may differ from other countries.

How do we protect data?

Storage - Once data is received, we will take all reasonable steps to ensure your data is secure to prevent unauthorised access to it. All information you provide is stored on secure databases, our IT systems are password protected and all payment transactions are encrypted.

Security and passwords - When you create an account with us you are assigned a Customer ID number. Your account will require an email and password so that you can access your details online. The password is automatically generated by the booking system and we recommend you keep this password safe for future bookings.

Please do not share your password with anyone. Unfortunately, the passing of data via the internet is not completely secure therefore any transmission is at your own risk. Please keep these details safe and not written down anywhere. If you change your personal details or if you suspect that someone else has used your password, please notify us as soon as possible.

How long do we keep data for?

Your rights

You have the following rights in relation to your data:

Right to access, rectification, erasure, data portability, object and automated decision making (including data profiling). If you would like to exercise any of these rights please write to:

D L Mitchell

80 Grove Lane

London

SE5 8SN

Please note that in some circumstances we will still need to retain certain data in order to comply with our legal obligations.

If a subject access request is put forward, we will send the information within one month and free of charge – this will be sent in a protected file.

If you are not happy with the way we have handled your data, or responded to your requests you can lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns or by phone on 0303 123 1113.

Changes to our policy

We reserve the right to update this policy from time to time and we will keep you informed by updating this statement on our website.

Get In Touch

info@jaegarhc.co.u

Data Processing

PARTIES

(A) D L Mitchell

(B) Jaegar HC based at 80 Grove Lane London SE5 8SN,

Data Controller, Diana L Mitchell

BACKGROUND

(A) This Agreement is to ensure there is in place proper arrangements relating to personal data passed from Controller to the Processor.

(B) This Agreement is compliant with the requirements of Article 28 of the General Data Protection Regulation.

IT IS AGREED AS FOLLOWS:

1. DEFINITIONS AND INTERPRETATION

In this Agreement:

"Data Protection Laws" means the Data Protection Act 1998, together with successor legislation incorporating GDPR;

"Data" means personal data passed under this Agreement, being in particular data collected, stored and processed with The Childcare on-line Booking (CoB) system;

“GDPR” means the General Data Protection Regulation;

"Services" means providing on going technical support and backing up of data associated with The Childcare on-line Booking (CoB) system.

2. DATA PROCESSING

D L Mitchell is the data controller for the Data and the Processor is the data processor for the Data. The Data Processor agrees to process the Data only in accordance with Data Protection Laws and in particular on the following conditions:

a. The Processor shall only process the Data (i) on the written instructions from Diana Mitchell (ii) only process the Data for completing the Services and (iii) only process the Data in the UK with no transfer of the Data outside of the UK (Article 28, para 3(a) GDPR);

b. ensure that all employees and other representatives accessing the Data are (i) aware of the terms of this Agreement and (ii) have received comprehensive training on Data Protection Laws and related good practice, and (iii) are bound by a commitment of confidentiality (Article 28, para 3(b) GDPR);

c. D L Mitchell and the Processor have agreed to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, complying with Article 32 of GDPR, details of those measures are set out under Part A of the Annex to this Agreement (Article 28, para 3(c) GDPR);

d. The Processor shall not involve any third party in the processing of the Data without the consent of D L Mitchell. Such consent may be withheld without reason. If consent is given a further processing agreement will be required (Article 28, para 3(d) GDPR);

e. Taking into account the nature of the processing, assist D L Mitchell by appropriate technical and organisational measures, in so far as this is possible, for the fulfilment of D L Mitchell obligation to respond to requests from individuals exercising their rights laid down in Chapter III of GDPR – rights to erasure, rectification, access, restriction, portability, object and right not to be subject to automated decision making etc (Article 28, para 3(e) GDPR);

f. Assist D L Mitchell in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR – security, notification of data breaches, communication of data breaches to individuals, data protection impact assessments and when necessary consultation with the ICO etc, taking into account the nature of processing and the information available to the Processor (Article 28, para 3(f) GDPR);

g. At D L Mitchell choice safely delete or return the Data at any time. [It has been agreed that the Processor will in any event securely delete the Data at the end of the Services]. Where the Processor is to delete the Data, deletion shall include destruction of all existing copies unless otherwise a legal requirement to retain the Data. Where there is a legal requirement the Processor will prior to entering into this Agreement confirm such an obligation in writing to D L Mitchell. Upon request by D L Mitchell the Processor shall provide certification of destruction of all Data (Article 28, para 3(g) GDPR);

h. Make immediately available to Jaegar HC all information necessary to demonstrate compliance with the obligations laid down under this Agreement and allow for and contribute to any audits, inspections or other verification exercises required by D L Mitchell from time to time (Article 28, para 3(h) GDPR);

i. arrangements relating to the secure transfer of the Data from D L Mitchell to the Processor and the safe keeping of the Data by the Processor are detailed under Part A of the Annex.

j. maintain the integrity of the Data, without alteration, ensuring that the Data can be separated from any other information created; and

k. immediately contact D L Mitchell if there is any personal data breach or incident where the Data may have been compromised.

3. Termination

D L Mitchell may immediately terminate this Agreement on written notice to the Processor. The Processor may not terminate this Agreement without the written consent of D L Mitchell.