Kalma Baby and Kalma Mamas may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1st February 2018
For the purpose of the DPA and GDPR, Kalma Baby the franchisor is the overall data controller with all kalma baby franchisees being data controllers and processors on its behalf and any enquiry regarding the collection or processing of your data should be addressed to our Data Protection officer – Rebecca Riley – at our address:
St Peters Gate Business Centre, Charles Street Sunderland, SR6 0AN
By using the Website and/or Booking platform, you consent to this policy. We are registered with the Information Commissioner’s Office for this purpose – Kalma Baby – ZA315399.
Information we collect
We will collect personal data on our website only if it is directly provided to us by you, the user – e.g. your e-mail address, name, home or work address, and telephone number – and, therefore, has been provided by you with your consent. Normally you will only provide such details if you wish to sign up for our free newsletter or other resources, or if you are making a purchase from us.
We will collect personal data through our booking platform
- Names parent/customer and child
- DOB child
- Health conditions Customer and Child
- Telephone number
- Emergency contact
- Photo permissions in class
- Email address
– only if it is directly provided to us by you and therefore with your consent.
You may also provide us with information via phone, email or face-to-face communication including directly to a member of our team at one of our venues.
Included in the booking platform is the option for you to amend, update and delete any information that you do not wish for us to use. Please bear in mind that in some cases – such as any known medical conditions connected to you or your child – it is imperative that our teachers are made aware of any medical information that could affect your child’s learning and safety at the class or yours.
With regard to each of your visits to our website, we may automatically collect the following information:
Technical information (including the Internet protocol (IP) address used to connect your computer to the Internet), your login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access. These include, but are not limited to, traffic data, location data, web blogs, and other communication data (but this data will not identify you personally).
We encourage you to update your payment information in your online Doddle account, which can be changed by you at any time by logging in to your secure area.
Your payment information (e.g. credit card details) provided when you make a purchase from our website is not received or stored by us. That information is processed securely and privately by the third party payment processors that we use. This information is stored, using encryption, by Stripe Inc.
Kalma Baby will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
Use of your information
We may hold and process personal data that you provide to us in accordance with the DPA and GDPR.
The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you – primarily the delivery of safe yoga, mindfulness and pre and post natal sessions to yourself or child. In addition, we may use the information for the following purposes:
To carry out our obligations arising from any contracts entered into between you and us including your yoga, mindfulness and pre and post natal lessons
To provide you with the information, products and services that you request from us – you can opt in or out to our marketing communications at any time by contacting us at email@example.com;
To process your payments;
To notify you about changes to our service
To ensure that content from our site is presented in the most effective manner for you and for your computer.
To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service
If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you such as availability of holiday time lessons or notifications of any cancelled or available lessons
Session Planning and ensuring that all children are booked onto an age appropriate class
Health and safety
Child protection reasons
Internal record keeping
From time to time we may use your information to pass from one franchise branch to another for example If a new franchisee takes over the franchise, if classes are covered by another franchisee or employee in times of sickness and maternity cover
Where you have consented to receive such information, to provide information on other parties’ products or services that we feel may be of interest to you via our marketing team
Where you have consented to receive our newsletters, which we send out from time to time to provide information that is relevant to you and your children. You can unsubscribe at any time.
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries (includes franchisees), our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you. This includes our third party payment processors, Doddle (Bin Room Media) for our Booking platform, Stripe Inc for the processing of payment details and our hosting company, Karma Computing – https://karmacomputing.co.uk/page/homepage. We also use the Mailchimp platform for email services. Schools, Children centres, Nurseries, when this is requested as customer information this would be for Monitoring purposes, fire regulations, health and safety in the buildings.
We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
Please be advised that we do not reveal information about identifiable individuals to our advertisers but we may, on occasion, provide them with aggregate statistical information about our visitors.
Controlling the use of your data
If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided, you can write to us at the address detailed in clause 2 or email us at firstname.lastname@example.org at any time.
Upon completion of your sessions with us, if you wish to erase the data which we hold on our booking platform, we can do this. Please email us at the following address email@example.com
Where we store and transfer your data
As part of the services offered to you – for example through our website and booking platform – the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA). We use remote website server hosts to provide the website and some aspects of our service (which may be based outside of the EEA) or use servers based outside of the EEA. This is generally the nature of data stored in “the Cloud”. It may also be processed by staff, operating outside the EEA, who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent nor do we ask for this information from you.
We may disclose your personal data outside of our group:
(a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
You have the right to opt out of our processing your personal data for marketing purposes by contacting us at firstname.lastname@example.org
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Where you have chosen a password so that you can access certain parts of our booking platform, you are responsible for keeping this password confidential. You should choose a password that is not easy for someone to guess.
You might find links to third-party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Multi Site Operation
We operate a multi-site structure, please note Kalma Baby LTD the Franchisor is the main Data Controller and that any information collected by Kalma Baby Franchisee sites which are managed by Kalma Baby LTD act as Data Controllers on the Franchisors behalf. Your information is still collected, stored and processed in the same way as above. From time to time your information will be used by Kalma Baby LTD in the ways stated above to ensure we are delivering the best possible service and keeping our customers informed.
We use the following cookies:
Strictly necessary cookies; these are cookies that are required for the operation of our sites. For example, they include cookies that enable you to log in to secure areas of our sites.
Analytical/performance cookies; they allow us to recognise and count the number of visitors and to see how visitors move around our sites when they are using it. This helps us to improve the way our sites work, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies; these are used to recognise you when you return to our sites. This enables us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies; these cookies record your visit to our sites, the pages you have visited and the links you have followed. We will use this information to make our sites and the advertising displayed on them more relevant to your interests. We may also share this information with third-parties for this purpose.
Identifying you when you sign into our sites (where applicable);
Delivering content, including advertisements, relevant to your interests;
Conducting research and diagnostics to improve site content and any services;
Preventing fraudulent activities.
Some of the cookies we use are essential for parts of our sites to operate and have already been set. You may delete and block all cookies from our sites, but please be aware that restricting or deleting cookies may impact on the functionality of our sites and your ability to use our sites. Your web browser may allow you to restrict or delete cookies set by our sites. The ‘help’ function on your browser should tell you how.
Alternatively, you can visit www.allabout cookies.org which provides general information about cookies and how you can manage cookies on your computer.
The DPA and GDPR give you the right to access information held about you by us. At any point you can log in to our booking platform and check the data that is stored on your account. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, or by email at email@example.com
There is no charge for requesting that we provide you with details of your personal data that we hold. We will provide this information within one month of your request.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to info@Kalmababy.co.uk
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback – please regularly review these policies that you remain informed about how we are protecting your personal data.
Kalma Baby LTD St Peters Gate Business Centre, Charles Street, Sunderland, SR6 0AN or firstname.lastname@example.org