Privacy Notice Website and Facebook

Dear colleague

We’d like to tell you about how we ensure the privacy of your data when you use our website or interact with us via our Facebook Page. Your privacy is extremely important to us and we aim to be completely transparent about how these platforms gather, use, disclose and manages its visitors’ data.
Firstly, please let us tell you about our ‘lawful basis’ for collecting and processing your information. All organisations must have good and lawful reasons for collecting your personal information and for using it. Our Lawful basis for processing data is based upon ‘legal’ obligation. Due to the specialist and consultancy-based nature of the service we offer, professional indemnity is paramount, making ‘legal’ obligation the most appropriate lawful basis for the collection and processing of information within our organisation.

What data we may collect:
• Information when placing an order: this includes; billing details (including card details), addresses, contact details, business names and addresses, names and any notes you choose to add to your order
• Information provided from when you complete a form such as those used to register your interest or to request product/service/information or to make a booking: this includes your personal information, such as your name and contact details and your business information and contact information. We may also collect information relating to your role within your company
• Contacting us via our Facebook private massage inbox: we may ask more information relating to your needs and collect personal details such as your name, email address, address, contact number, business name and address, your job role. We may also use this inbox to attach documents such as agreements, invoices, documents relating to purchases and product specific documents such as course certificates
• Facebook posts and comments: names, comments and interests
• Internet protocol (IP) address used to connect your computer to the Internet: login, e-mail address, password, computer and connection information
• Account information: such as passwords, email addresses, purchase history, invoices, addresses, names, contact numbers and any correspondence via the website account
• Any feedback that you provide us with: from a range of sources, such as message comments, forms and notes, and in both qualitative and quantitate forms
• Website analytics: we may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page
• Customer Relations Management CRM software: to collate, organise, report on, profile and market from as well as informing service users
• Site cookies: this includes information relating to visitors’ movements and actions on the website

We collect the above information in the following ways:
• As soon as you visit the website due to the cookies placed on it
• When you use the website due to analytical software
• When you complete an online order via the website
• When you set up an account on the website
• When you complete a form on the website
• When you contact us via our private message Facebook inbox or email
• When you interact with any of our Facebook posts, including when any of those are shared by those other than ourselves
• When you interact with us in any way due to integration with CRM software

We collect both personal and non-personal information for the following reasons:
• To provide and operate our services
• To provide our users with ongoing customer assistance and technical support
• To be able to contact our visitors and users with general or personalised service-related notices and promotional messages
• To create aggregated statistical data and other aggregated and/or inferred non-personal information, which we or our business partners may use to provide and improve our respective services
• To comply with any applicable laws and regulations
Sharing data:
We only share your information with established partners who we will make you aware of. We do this to be able to offer a service that meets the needs of the user.
Data retention:
We keep information for no longer than it is needed in relation to the following:
• How long it must legally be kept for
• How long we need to keep it to provide our service
• For as long as expressed consent is maintained by the data subject
Information is destroyed confidentially and permanently deleted from the website hosting and editing account and from 1&1’s data storage, databases and the general 1&1’s applications. Facebook data is permanently deleted when required.
Your information is stored securely in the following ways:
Our company is hosted on the 1&1 platform. 1&1 provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through 1&1’s data storage, databases and the general 1&1 applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by 1&1, and used by our company, adhere to the standards set by The Payment Card Industry Data Security Standard PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Our Point of Sale POS software is secure and fully complies with data protection standards and legislation. They are used to ensure that payment for customer orders are processed securely and in order for us to operate our service.
1&1 is a secure website hosting platform that is password protected and to which only authorised persons have access to for the purposes of providing our service.
Facebook is password protected and complies with data protection law and statutory guidance.
Analytical and CRM systems are secure and password protected.
We may communicate with our site users in the following ways:
• Email
• Text
• Post
• Telephone
• Private message Facebook inbox
• Replying to comments on Facebook posts
• Video-link e.g. Skype
We may contact you for the following reasons:
• As part of providing our service
• As part of ensuring the terms and conditions of purchasing
• As part of ensuring user care
• In response to user enquiry
• To notify and update users
• To comply with laws and statutory guidance
• To market and promote our service e.g. extending offers
The use of cookies on our website
Our website tracks personal information through the use of cookies. We have listed the type of cookie contained on our website, its lifespan and its purpose:
• svSession – Permanent – Creates activities and BI
• hs – Session – Security
• incap_ses_${Proxy-ID}_${Site-ID} – Session – Security
• incap_visid_${Proxy-ID}_${Site-ID} – Session – Security
• nlbi_{ID} – Persistent cookie – Security
• XSRF-TOKEN – Persistent cookie – Security
• smSession – Two weeks – Identify logged in site members
Consent – The right to object:
You can withdraw consent to collect and process your personal details at any time by emailing Lyndsey@theearlyyearsfoundation.com.
Furthermore you can request (by the same above means) to exercise any of the following individual rights:
• right to access
• right to rectification
• right to erase
• right to restrict processing
• The right to data portability
• rights in relation to automated decision-making and profiling
The right to be informed is underpinned by this privacy statement.
Updates to this privacy policy:
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately and will supersede any policy before it. If we make material changes to this policy, we will notify by issuing of a public statement, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.