Barracudas acts as a Data Controller for the purposes of GDPR. This policy sets out how we will collect, use and store any personal data. To process your booking/enquiry we need to collect personal details about you and all the children on your booking and when you visit our website or click on our ads we will also collect information about those sessions to use for marketing purposes.
By creating an account with us, you are agreeing to us storing and processing this information as set out below. You are responsible for ensuring you have the agreement from all persons on your account and booking to pass on their details to us. We will respect and protect your privacy at all times.
When do we collect data?
When you register your details with us or make a booking we will need to collect certain personal details in order to process your booking and make the necessary arrangements for your child(ren) to attend camp.
Prior to attending camp we will also need to collect more sensitive personal data, specifically relating to the children on your bookings, such as medical conditions, allergies and educational needs in order to ensure we can provide the appropriate care for your child.
During camp you may need to complete forms which will require personal information relating to you or your child or if you contact us with a query/complaint.
We will also collect data from you for monitoring and marketing purposes including when you visit our website, click on our ads, enter a competition, complete a survey, follow us through social media or sign up to email or text messages.
What data do we collect?
Account Holderdetails - Name, address, DOB, telephone numbers, email address, encrypted log in password, security word, details of your interactions with us e.g. a query on your account/complaint, payment card details, comments and service reviews, work address and telephone number and social media username if you make contact with us in this way.
Children’s details – Name, address, DOB, medical, behavioural or educational needs, swimming ability, school, registered GP, language and distinguishing marks.
The law requires us to take reasonable steps to ensure data is kept accurate and up to date. We remind customers to update details when logging into their account and employees will also confirm customer’s details during telephone conversations.
We collect data when you visit our website, interact with us on social media or click on our ads. This data gives us information such as your browser, IP address, operating system, device, pages visited, length of time on site, location, etc. This is statistical information to help us provide the best online experience for our customers and does not identify any individual.
How do we use your data?
Service Delivery - If you have a booking with us, we will use your data in relation to delivering our childcare services, to contact you with information relating to your booking and your child(ren)’s time at camp, to protect the welfare of your child, to comply with our legal obligations and to process payments.
Marketing Communications - If you have registered an account with us, we may use your data to contact you via post, email, phone or text message with information about offers, news, services and products or to administer prize draws/competitions you may have entered or to send surveys or feedback requests. We will only do this if you have opted in to receive such information from us and you have the right to opt out of your data being used for marketing purposes at any time. Please let us know if your details or preferences change so we can keep our records up to date.
Should any safeguarding concerns or legal proceedings require us to pass on your personal information we trust you will understand that we have a duty to comply with the law. Please be aware that the way in which your personal details would be legally protected within the UK may differ from other countries.
At times, third parties manage our data, for such services as de-duping, mailing, e-marketing campaigns, data analysis and profiling. Information is given securely and only to approved suppliers. These suppliers include Mailchimp, SurveyMonkey, Google Analytics, Google Adwords, Adroll, Facebook, Instagram, Twitter, Tik Tok and Linkedin
How do we protect data?
Storage - Once data is received, we will take all reasonable steps to ensure your data is secure to prevent unauthorised access to it. All information you provide is stored on secure databases, our IT systems are password protected, hard copy information at camp is held in lockable containers and all payment transactions are encrypted.
Transfer - Barracudas uses WeTransfer when sending confidential and sensitive information by email to customers or external suppliers/authorities. This is a cloud based computer file service which encrypts the files and therefore cannot be intercepted.
Security and passwords - When you create an account with us you are assigned a Customer ID number. Your account will require an email and password so that you can access your details online. We advise your password should consist of at least six characters that are a combination of letters, numbers and symbols (e.g.@, #, $, %). It should also contain letters in both uppercase and lowercase.
You will also need to set up a security word that you will quote when you contact us by phone or live chat. This is to ensure that information stored on your account is only discussed with you. If you can’t remember your security word, we will not be able to disclose any information to you until we have been through a number of security questions to confirm your identity.
Please do not share your password or security word with anyone. Unfortunately, the passing of data via the internet is not completely secure therefore any transmission is at your own risk. Please keep these details safe and not written down anywhere. If you change your personal details or if you suspect that someone else has used your password or security word, then please notify us as soon as possible.
How long do we keep data for?
There are legal requirements for how long we have to keep data for before destroying it. Due to the nature of our services involving children we are required to keep information relating to each child and their booking for 3 years after the child would have turned 21 years. When the time arises, we securely delete and destroy all of the information we hold. Hard copies of personal data are shredded and electronic copies are securely deleted.
Whilst we hold data for longer, we will only actively use this to contact you regarding our products and services within a maximum of 3 years after your last booking/enquiry with us.
What is our legal basis for processing data?
Our lawful bases for processing data are as follows; Consent – consent has been obtained to use personal data Contract – the processing of data is necessary to fulfil our service agreement with customers Legitimate Interest – we use your data to pursue our legitimate interests in such ways which would be reasonably expected in order to operate our business and which does not impact on the freedom or rights of customers
Your rights You have the following rights in relation to your data: Right to access, rectification, erasure, data portability, object and automated decision making (including data profiling).
If you would like to exercise any of these rights please write to the Data Protection Officer, Barracudas, Unit 9, Airfield Industrial Estate, Warboys, Huntingdon, Cambridgeshire, PE28 2SH or by email to email@example.com or you can call us on 01480 467567. Please note that in some circumstances we will still need to retain certain data in order to comply with our legal obligations.
If a subject access request is put forward, we will send the information within one month and free of charge – this will be sent in a protected file. Please note that we will ask some security questions to prove your identity before disclosing any data.
If you are not happy with the way we have handled your data, or responded to your requests you can lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns or by phone on 0303 123 1113.
Changes to our policy
We reserve the right to update this policy from time to time and we will keep you informed by updating this statement on our website. Last updated May 2022.