Who are we?
We are Rattle and Roll Limited, registered in the UK, company number 06671152. We are registered with the ICO, registration number ZA328675.
Rattle and Roll is a Data Controller for the purposes of collecting and processing data in the provision of our services, this means that we control what happens to the data in our possession
Rattle and Roll is a provider of inspiring classes & clubs for primary and preschool children in drama, dance, music, singing, sport and yoga & mindfulness.
We acknowledge and agree that any personal data of yours that we handle will be processed in accordance with all applicable data protection laws in force from time to time. Currently, the Data Protection Act 1998 applies. With effect from 25 May 2018, the General Data Protection Regulations (“GDPR”) will apply.
The personal data we may collect about you
When you opt in to marketing communications, register on our website, register for classes and clubs via our website or via email we collect data from you to enable us to deliver our services. This may include your name, address, email, contact details, emergency contact details, details of your children including name, date of birth, permissions you grant us to provide medical assistance, who can and can’t collect them, any other medical or learning needs you wish to make us aware of and your payment details. In all instances the personal data we hold and process will have been provided by yourself.
Additionally, we may automatically collect website usage information using cookies.
How we use the personal data and legal basis for doing so
1) Delivery of our classes and clubs. To deliver our classes and clubs we need to store and process personal data about you and your children. We will use your personal data to send you specific information about the classes and clubs you have registered for, personalise, assess and improve our website and services, analyse the use of our services, make product recommendations and comply with our legal and regulatory obligations
We may need to pass your personal data or a subset of your personal data to our subcontracted teaching staff or your school. We will only disclose the minimum amount of data required to enable us to deliver the respective class or club.
The legal basis upon which we hold and process your personal data in this manner is for the Performance of a Contract. When booking a class or a club you agree to our Terms and Conditions which act as the basis of the contract between us.
Any medical data that you provide to us about your child is classified as Special Category data. This data is provided to us by you at your discretion and with your explicit consent which may be withdrawn at any time.
2) Newsletter and marketing emails.
Where you provide your specific consent we may send marketing emails or contact you with details of products or services we think may be of interest to you. Having provided your consent to receive marketing emails, you have a right at any time to opt out from receiving our marketing emails. If you no longer wish to be contacted for marketing purposes, please contact us. The legal basis upon which we hold and process your data for this purpose is Consent.
Existing and Previous Customers
Once a term we will send our termly newsletter with information about the classes and clubs we provide or intend to provide in the future. Also from time to time we will send you specific emails with details of similar classes and clubs, special offers and discounts. The legal basis upon which we hold and process your data for this purpose is for our Legitimate Interests.
You are able to opt out of these communications when first registering on our site and you are easily able to unsubscribe at any time by following the “unsubscribe” links included in every email we send or by logging into your account and updating your communication preferences.
3) Testimonials. We publish quotes and testimonials on our website with information of our customers’ names and comments they have made about our services. The legal basis upon which we hold and process your personal data in this manner is with Consent. We undertake to obtain your consent before publishing any testimonial on our website. You may withdraw your consent at any time by contacting us.
4) Collection of overdue fees. Where we have not received payment for services delivered we may process your data for the purposes of collecting those overdue fees. This may include passing your data to a 3rd Party Debt Collection Agency. The legal basis upon which we hold and process your data for this purpose is for our Legitimate Interests.
Third party disclosures
Personal data we collect about you is solely for our own use however may be shared with subcontractors such that we may obtain assistance and support in carrying out our services. We ensure that we have in place clear data protection requirements for all our third-party subcontractors.
We will only disclose your personal data to third parties in these circumstances:
1) you request or authorise disclosure thereof;
2) the disclosure is required to deliver services which you have requested (e.g. to subcontracted teaching staff or to your school);
3) the disclosure is required to a subcontractor to support our business processes (for example: a web hosting provider);
4) We are compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application;
5) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
6) If Rattle and Roll Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
We do not sell or rent your personal data to third parties for marketing purposes whatsoever.
Location of data and international transfers
All the personal data we hold is processed by us using cloud-based web services hosted within the EU. The exceptions to this are:
1) We use Elastic Email to send email communications relating to registering and booking on our online web platform as well as marketing emails. This information is sometimes stored and processed by Elastic Email outside the EU, specifically in Canada which is recognised by the EU as having adequate levels of data protection. Elastic Email complies with GDPR. You can view their policy here. Elastic email only retain records of emails sent for a period of 35 days.
2) We use Stripe to process credit and debit card transactions. This information is stored and processed by Stripe in the US. Stripe have certified to the EU-U.S. Privacy Shield Framework and is a PCI-DSS Level 1 certified organisation.
Data Retention Periods
Your data will be retained for no longer than is necessary and in any event no longer than 6 years.
You currently have the right at any time to ask for:
• Access to your data - a copy of the information about you that we hold.
• Erasure of your data - removal of data
• Restriction of processing - restriction in the way data is processed
• Objection - Correction of erroneous data
• Data Portability - Transfer of your data to another provider of services
You are able at any time to view and modify the personal data that we hold by logging into your account and clicking on “Edit Profile”.
If at any point you would like to exercise any of the above rights you can do so by sending us a request via our contact us page. Your request will be processed within 30 days. We may require that your request be accompanied by a photocopy of proof of identity or authority.
If you wish to raise a complaint on how we have handled your personal data, you can contact us and we will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) here.