Select Page

General Data Protection Regulation Policy

GDPR logo

General Data Protection Regulation Policy

Statement

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection

Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.

GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Tickety-Boo Partnership Limited is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, parents, visitors and staff personal data.

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

Tickety-Boo Partnership Limited is registered with the ICO (Information Commissioners Office) under registration reference:    A8323279 Copies of the certificates are held with the receptionists at all branches.

GDPR includes 7 rights for individuals

1) The right to be informed

Tickety-Boo Partnership Limited is a Children’s entertainment provider and as so, is required to collect and manage certain data. We need to know hirers names, addresses, telephone numbers and email addresses. We need to know children’s’ names and date of birth along with any SEN requirements should they be relevant.

When necessary, we are required to collect certain details of visitors to our Company. We need to know visits names, telephone numbers, and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies.

As an employer Tickety-Boo Partnership Limited is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to xxxxxxxxxx for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record.

Tickety-Boo Partnership Limited uses Cookies on its website to collect data for Google Analytics, this data is anonymous.

2) The right of access

At any point an individual can make a request relating to their data and Tickety-Boo Partnership Limited will need to provide a response (within 1 month). Tickety-Boo Partnership Limited can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.

3) The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. However Tickety-Boo Partnership Limited has a legal duty to keep children’s and parents details for a reasonable time*, Tickety-Boo Partnership Limited retain these records for 19 years children’s accident and injury records (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Staff records must be kept for 6 years after the member of leaves employment, before they can be erased. This data is archived securely onsite and shredded after the legal retention period.

4) The right to restrict processing

Parents, visitors and staff can object to Tickety-Boo Partnership Limited processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.

5) The right to data portability

Tickety-Boo Partnership Limited requires data to be transferred from one IT system to another; such as from Tickety-Boo Partnership Limited to the Insurance Company. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.

6) The right to object

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.

7) The right not to be subject to automated decision-making including profiling.

Automated decisions and profiling are used for marketing based organisations. Tickety-Boo Partnership Limited does not use personal data for such purposes.

 

Storage and use of personal information

All paper copies of clients and staff records are kept in a locked filing cabinet in the Tickety-Boo Partnership Limited office in Berkswell. Members of staff can have access to these files but information taken from the files about individual clients is confidential and apart from archiving, these records remain on site at all times. These records are shredded after the retention period.

Information about individual clients is used in certain documents, such as; a weekly booking sheet for staff. These documents include data such as clients and children’s names, telephone number, email address and sometimes address. These records are shredded after the relevant retention period.

Tickety-Boo Partnership Limited collects a large amount of personal data every year including; names and addresses of those who have contacted us with an enquiry. These records are deleted if the customer does not confirm a booking.

Tickety-Boo Partnership Limited stores personal data held visually in photographs or video clip. No names are stored with images in photo albums, displays, on the website or Tickety-Boo Partnership Limited social media sites.

Access to all Office computers is password protected. When a member of staff leaves the company these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.

GDPR means that Tickety-Boo Partnership Limited must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them

 

This Policy was adapted at a meeting at Tickety-Boo Partnership Limited in May 2018.

Signed on behalf of Tickety-Boo Partnership Limited

…………………………………………………………………………………………………………………………….. ……………………………………………………………………………………………………………………………. …………………………………………………………………………………………………………………………….

Policy review date: September 2018