This privacy notice applies to personal information processed by or on behalf of Tiny Tekkers.
This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals
Changes to this privacy noticeWe may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – http://www.tinytekkers.com/.
The Data Protection principles
This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
2.1 Processed lawfully, fairly, and in a transparent manner in relation to the data subject
2.2 Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
2.3 Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
2.4 Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
2.5 Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
2.6 Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
3.1 The GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The GDPR states that processing of personal data shall be lawful if at least one of the following applies.
3.1.1 The data subject has given consent to the processing of their personal data for one or more specific purposes;
3.1.2 The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract with them;
3.1.3 The processing is necessary for compliance with a legal obligation to which the data controller is subject;
3.1.4 The processing is necessary to protect the vital interests of the data subject or of another natural person;
3.1.5 The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; or
3.1.6 The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.2 If the personal data in question is “special category data” (also known as “sensitive personal data”) (for example, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation), at least one of the following conditions must be met:
3.2.1 The data subject has given their explicit consent to the processing of such data for one or more specified purposes (unless EU or EU Member State law prohibits them from doing so);
3.2.2 The processing is necessary for the purpose of carrying out the obligations and exercising specific rights of the data controller or of the data subject in the field of employment, social security, and social protection law (insofar as it is authorised by EU or EU Member State law or a collective agreement pursuant to EU Member State law which provides for appropriate safeguards for the fundamental rights and interests of the data subject);
3.2.3 The processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
3.2.4 The data controller is a foundation, association, or other non-profit body with a political, philosophical, religious, or trade union aim, and the processing is carried out in the course of its legitimate activities, provided that the processing relates solely to the members or former members of that body or to persons who have regular contact with it in connection with its purposes and that the personal data is not disclosed outside the body without the consent of the data subjects;
3.2.5 The processing relates to personal data which is clearly made public by the data subject;
3.2.6 The processing is necessary for the conduct of legal claims or whenever courts are acting in their judicial capacity;
3.2.7 The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, and shall provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject;
3.2.8 The processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of an employee, for medical diagnosis, for the provision of health or social care or treatment, or the management of health or social care systems or services on the basis of EU or EU Member State law or pursuant to a contract with a health professional, subject to the conditions and safeguards referred to in Article 9(3) of the GDPR;
3.2.9 The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or EU Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject (in particular, professional secrecy);
3.2.10 The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR based on EU or EU Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.What kind of personal information about you do we process?
- Personal information that we’ll process in connection with all of our products and services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Your date of birth, gender and/or age
- Your nationality, if needed for the product or service
- Products and services you have purchased or enquiries made about products & services
- Marketing to you and analysing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you.
- Family members of those responsible for minors participating in activities or services
- Medical & emergency contact information regarding those participating in activities or services in the case of a medical emergency
- What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly, via our online forms and or phone conversations
- Information generated about you when you use our products and services
- Data Portability
6.1 The Company processes personal data using automated means. Secure input and transmission of data over the internet, processing on secure servers, storage in encrypted format in secure databases, decryption and encrypted transmission over the internet to secure systems accessible only by authorised users
6.2 Where data subjects have given their consent to the Company to process their personal data in such a manner, or the processing is otherwise required for the performance of a contract between the Company and the data subject, data subjects have the right, under the GDPR, to receive a copy of their personal data and to use it for other purposes (namely transmitting it to other data controllers)
6.3 To facilitate the right of data portability, the Company shall make available all applicable personal data to data subjects in the following format:
6.3.1 security protected online forms, printed forms (by specific request)
6.4 Where technically feasible, if requested by a data subject, personal data shall be sent directly to the required data controller.
6.5 All requests for copies of personal data shall be complied with within one month of the data subject’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, the data subject shall be informedWhat do we use your personal data for?
- We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
- For health and safety to ensure we can contact person(s) and relevant emergency professions in the event of an emergency
- To facility activity bookings and event day registers
- To arrange or amend recurring payments for ongoing subscriptions of products or services
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business
- To follow guidance and best practice under the change to rules of governmental and regulatory bodies
- For management and auditing of our business operations including accounting
- To monitor and to keep records of our communications with you and our staff (see below)
- For market research and analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and services. We’ll send marketing to you by email, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services as well as to any other offers and advice we think may be of interest
- To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels
- To develop new products and services and to review and improve current products and services
- To comply with legal and regulatory obligations, requirements and guidance
- To provide insight and analysis of our customers both for ourselves helping us improve products or services, or to assess or improve the operating of our businesses
- To facilitate the sale of one or more parts of our business
4.1 Who do we share your data with?
- Tiny Tekkers LTD shares your data with the following UK based business
What data do we collect?
Parent / Name and contact details for each parent - Clubs need to know who parents are and communicate with them
Location /Parent/Child address /Clubs understand the location of their customers; ClassForKids understands the location of platform users
Child / Child name, date of birth and gender / Clubs need to know each child and may make class or facility choices based on age or gender
Emergency / Name, telephone number and relationship to a child for emergency contacts / Clubs need to have instant access to direct contacts in case of emergency
Medical / Any medical information that a parent deems relevant to their child’s participation in classes / Clubs may make specific arrangements depending on the medical needs of children
Custom / Answers to any additional questions that a specific club deem relevant to their club or activity/clubs may use the answers to these questions to make business or activity-related decisions
Club notes / Notes were taken by a club connecting to a specific child / Internal notes connecting to a specific child help the club to make business or activity-related decisions
Technical / Technical activity tracking during platform use / To understand platform usage for the purpose of improving the platform; To diagnose and correct technical issues arising through platform use10. Use Of Personal Data
The Company shall ensure that the following measures are taken with respect to the use of personal data:
1. No personal data may be shared informally. If an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from Jordan Badger, [email protected], Tiny Tekkers LTD, 9 Beech Hill Haywards Heath, RH163RY, 07702433227.
2. No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of Jordan Badger, [email protected], Tiny Tekkers LTD, 9 Beech Hill Haywards Heath, RH163RY, 07702433227.
3. Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time;
4. If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it; and
5. Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of the Data Protection Officer to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.6. Personal data will and may be collected and shared with the following business that works directly with Tiny Tekkers LTD to provide merchandise fulfilment and software services "Vektor Uk Ltd" & "Class4kids LTD". They both comply with the Privacy Policies set out in this document.
9. What are the legal grounds for our processing of your personal?
We rely on the following legal bases to use your personal data:
- Where it is needed to provide you with our products or services, such as:
- All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts
- For some of our profiling and other automated decision making to decide whether to offer you a product and/or service
- Where it is in our legitimate interests to do so, such as:
- To ensure we have relevant medical information and emergency contact details for those participating in an event or service
- To perform and/or test the performance of, our products, services and internal processes
- To follow guidance and recommended best practice of government and regulatory bodies
- For management and audit of our business operations including accounting
- To carry out monitoring and to keep records of our communications with you and our staff (see below)
- For market research and analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and services
- For some of our profiling and other automated decision making
- With your consent or explicit consent:
- For some direct marketing communications. For some of our profiling and other automated decision makings.
10. How and when can you withdraw your consent?
- Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
11. For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you
12. What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
13. Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.
14.What are your marketing preferences and what do they mean?
We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.
If you have any questions about this privacy notice, or if you wish to exercise your rights, you can contact us by going to the Contact Us section of our website.