Privacy notice – customers of The Story Frog Limited
There are three lawful basis’s for processing data of customers of The Story Frog Limited :
For Individuals we will only contact using the following basis’:
In rare circumstances we may use the legitimate interest basis for individuals. We will also use legitimate basis to conduct business to business electronic marketing.
Legitimate Interest –We endeavour to ensure that the nurseries and preschools/schools we contact are businesses and not sole traders or individuals in the main instance:
Purpose test – we have a legitimate interest in marketing our goods to existing customers to increase sales in local areas we cover.
Necessity test – In order to send email directly to the managers of nurseries
Balancing test – We always ensure that we delete the email of addresses of anyone that opts out and they don’t get emailed again. We understand that as a nursery manager you may reasonably expect to receive emails from companies whose services you may require from time to time.
Legitimate interest assessment:
First, identify the legitimate interest(s). Consider:
Why do you want to process the data – what are you trying to achieve?
We want local nurseries and preschools to know about our services.
Who benefits from the processing? In what way?
Our trainers/franchisees and teachers benefit from being able to market their services in a balanced way. The clients benefit by bein made aware of our services.
What would the impact be if you couldn’t go ahead?
It is a difficult to reach market, clients would not know about our services.
Would your use of the data be unethical or unlawful in any way? No
Second, apply the necessity test. Consider:
Does this processing actually help to further that interest?
Is it a reasonable way to go about it?
Yes we will not send just in case emails just an initial email and possibly a follow up on an annual basis/bi annual basis to clients we can reasonably reach.
Is there another less intrusive way to achieve the same result?
Third, do a balancing test. Consider the impact of your processing and whether this overrides the interest you have identified. You might find it helpful to think about the following:
What is the nature of your relationship with the individual?
No pre existing relationship
Is any of the data particularly sensitive or private?
No we don’t use emails that belong to individuals
Would people expect you to use their data in this way?
All of our contacts details are listed on local government sites as childcare providers and use their email addresses as contact details to advertise their own services.
Are you happy to explain it to them?
Are some people likely to object or find it intrusive?
Our explanation in the email of why we feel it is a legitimate interest to receive emails will negate this in most circumstances. There are odd providers who object and as soon as they do their email addresses are removed from our lists.
What is the possible impact on the individual?
The individual may ignore/delete the email, opt out or use our services. It is unlikely to cause nuisance.
How big an impact might it have on them? Small
Are you processing children’s data? No
Are any of the individuals vulnerable in any other way? No
Can you adopt any safeguards to minimise the impact? Yes by keeping lists of safe emails where providers have not opted out.
Can you offer an opt-out? Yes
Further information about our understanding of the law and business to business emailing is found here:
We understand that:
Sole traders and some partnerships are treated as individuals – so you can only email or text them if they have specifically consented, or if they bought a similar product from you in the past and didn’t opt out from marketing messages when you gave them that chance.
You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice – and good business sense – to keep a ‘do not email or text’ list of any businesses that object or opt out, and screen any new marketing lists against that.
The term electronic mail is intentionally broad and is defined in PECR as:
“any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”
It covers any electronically stored messages. For example emails, text messages, picture or video messages, voicemails, direct messages via social media or any similar message that is stored electronically.
The PECR rule on direct marketing by electronic mail does not apply to corporate subscribers. For example, this means you can send B2B direct marketing emails or texts to any corporate body. You do not need their consent under PECR to send such messages.
However you must:
not disguise or conceal your identity; and
give a valid address for business to opt-out or unsubscribe from your messages.
It makes good business sense for you to keep a ‘do not email or text’ list of any corporate subscribers that object or opt-out of your direct marketing by electronic mail. You should screen any new B2B direct marketing lists against it.
PECR does not say that you must comply with a corporate subscriber’s opt-out in the context of electronic mail. However, given the fact that it does require you to provide a valid address for opt-outs, the intention clearly was there to allow corporate subscribers to unsubscribe. In addition, it serves little purpose to continue to send such marketing to a corporate subscriber who has asked you not to. Therefore, you should comply with a corporate subscriber’s opt-out request. It is important to remember, however, that in some circumstances you may be required to comply with an opt-out or objection. For example, if personal data is involved. See the section Can businesses object to our direct marketing for further information.
Because sole traders and some partnerships are treated by PECR as individual subscribers you can only market them by electronic mail if they have specifically consented, or the ‘soft opt-in’ applies.
The soft opt-in is a term commonly used to describe the exception to the consent requirement. If you want to use the soft opt-in for sole traders or partnerships instead of consent you must meet all of the following requirements:
you must have obtained the contact details in the course of a sale or negotiation of a sale of your product or service;
it is your similar products and services that are being marketed;
you gave the sole trader or partnership a clear opportunity to refuse or opt-out of your marketing when you collected their details; and
you give them an opportunity to refuse or opt-out in every communication you send to them.
Further information can be found here: https://ico.org.uk/for-organisations/direct-marketing/business-to-business-marketing/#whatisbusiness
Consent is obtained from clients of The Story Frog to collect personal data for the purpose of marketing or to ensure that clients are happy for us to use their information to share our experiences and ideas of Story Frog classes. We have made the request for consent prominent and separate from our terms and conditions and consent is obtained through the following means:
• In person - Positive opt in on the Story Frog disclaimer form for those customers attending classes
• Online – Users of our website can choose to subscribe to receive further updates, marketing and newsletters from us
We do not use pre ticked boxes or any other type of default consent and we use clear and plain language which is easy to understand. We ensure that where consent is required we specify why we want the data and what we are going to do with it.
We give separate and distinct consent options for different types of processing.
What data will we ask for?
We may ask for the following information from you:
• Email address
• Telephone number
• Home address
• Childs first name
• Childs birthday
We will also acquire consent from parents to take photographs of our classes for marketing purposes, we ensure that the person giving consent for photographs to be taken of children and are able to consent on their behalf.
Why do we need your data? What is the purpose?
Personal data is required to contact our customers and let them know of any updates or news regarding our services. Consent will be obtained in order for customer to receive our newsletter and for any other updates.
We will use personal contact information to contact you directly from our central Head Office. We may also share your information with your local Story Frog Teacher in order for them to contact you directly with various offers or events that they are running.
What do we do with your data?
Data is stored centrally and securely.
How long do we keep the data?
Personal data is kept for the duration of time required for the purpose of collecting the data – after such period of time the information shall be deleted from any computer or device, all hard copies will be destroyed by shredding. An annual audit is carried out to ensure that all data is deleted that is no longer required for the purpose of processing.
Photographs are used on our social media pages and shared with other Story Frog teachers in the UK and Ireland. These photographs are used from time to time for marketing purposes and are also displayed on our website www.thestoryfrogphonics.com
Can I withdraw my consent?
Consent can be withdrawn at any time and you can do so easily by either contacting your Story Frog Teacher in person or by emailing or by contacting The Story Frog Head Office at email@example.com requests to withdraw consent will be acted on immediately
Online consent can be withdrawn at any time by clicking on the unsubscribe button on the newsletter or by emailing The Story Frog contact/processor.
If you refuse consent to give personal information you will still be able to attend classes as long as you sign a disclaimer form establishing that you are happy to participate and for your child to participate in the class.
We keep a record of consent given by either – keeping a hard copy of the disclaimer form in a safe place at The Story Frog Head Office or at your Story Frog local office or with online consent – folders are kept showing a list of subscribers who have given consent by subscribing to our service.
Where individuals have asked us to provide a quote for or make preparations for a special event such as a preschool class, workshop, training session or birthday classes then contact is the lawful basis under which we process individuals data.
Where individuals have asked us for information as to how to become a story frog franchisee we use contract as the lawful basis with which we use their personal information.
When people contact us what do we do with their data?
For special classes:
• We will reply to the individual using the contact information they have given in order to provide them with a quote/further information
• We will share their information with their local Story Frog teacher if required in order to fulfil the contractual obligation between them and their local teacher
• Once the booking has taken place a record of their personal data will be kept until the event has taken place by head office.
• Their personal data will then be removed from the system and any hard copies of their personal data will be destroyed. By head office and by Story Frog processors who have used it for the purpose with the exception of invoices which shall be kept for the 7 year period required by HMRC for accounting purposes.
For franchisee enquiries:
• 1. We will reply to the individual using the contact information they have given in order to provide them with further information
• We will contact them again one week after initial contact
• Finally we will contact the individual once more within a six month period of their initial enquiry and then not again unless the individual requires further information.
• Their personal data will then be removed from the system and any hard copies of their personal data will be destroyed
The right to be informed
All individuals have the right to be informed of what data is collected, how it is used, for what purpose and how long it is kept as outlined above.
The right to access, rectify and erase information
Individuals have the right to access their information as well as the right to rectify and erase the information we hold. To exercise these rights speak to The Story Frog Head Office and inform them either verbally or in writing of this request and this will be acted upon within one calendar month.
The right to object
Individuals have the right o object to the collection of their personal information or its retention. We will stop processing for direct marketing as soon as objections are received either verbally or in writing to our head office.
The right to rectification, restrict processing and the right to data portability:
All individuals have these rights and the requests can be given verbally or in writing, we will act on the request within one calendar month
How to report a breach:
If you are concerned that there has been a breach of the use of our data you can contact our Head office directly. If you are unhappy with the response further support can be found at https://ico.org.uk/for-the-public/raising-concerns/
The name and contact details of our organisation:
The story Frog Limited
Company number: 10915524
Data Controller: Kate Daurge
Arquen House, 4-6 Spicer Street, St. Albans, AL3 4PQ
Telephone number: 07791860059