PRIVACY POLICY

Frankie & Lola’s respects your privacy and is committed to protecting your personal data and being transparent about how we collect and use your data. We will comply with any data protection legislation currently in force. This privacy notice, together with our terms of use, explains how we use any personal information that you provide or which is provided to us by third parties.

By visiting our website, or responding to social media posts, you are accepting and consenting to the practices described in this notice, so please read it carefully. Any changes we make to this privacy notice will be posted on this page, so remember to check back again if you are a regular user.

1. Important information about who we are

This website is owned and operated by Frankie & Lola’s Scotland, who is also the Data Controller.

Frankie & Lola’s is a company limited by guarantee (registered in Scotland No. SC462238).

The registered office is:

Frankie and Lola’s

4326 Ivanhoe Avenue

Inverness

IV2 6BZ

Changes to the privacy notice and your duty to inform us of changes

This privacy notice was last updated on November 1st, 2020.

It’s important that the personal data that we hold about you is accurate and up to date. Please keep us informed if your personal data changes during the duration of your relationship with us.

We may update this privacy notice from time to time. If we make significant changes we will contact you to confirm that changes have been made.

2. The personal data we collect from you, how we collect it and how we use it

This section explains what information Frankie & Lola’s collects, keeps and stores about you and/or your family if you’ve visited our soft play or made a booking with us.

What information do we collect?

 We will collect, store and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.

• Date of birth.

• Gender.

Why do we collect your information?

Under the General Data Protection Regulation (GDPR), and the UK’s Data Protection Bill, we must have a legal reason to keep your data and process it. When Frankie & Lola’s provides you with a service, we will process your data on the basis of legitimate interest or public task. We do this because we cannot provide a service to you without using your personal information.

Who do we share your information with?

We share your data within Frankie & Lola’s with people who need to see it in order to provide you with a service. This may be a manager or member of staff if you’ve booked a party with us.

We may also be required to share your data with other agencies for legal reasons but this is usually very rare.

Those situations might be:

1. Where we need to protect your interests (or someone else’s interests).

2. Where it is needed in the public interest [or for official purposes].

There may be occasions when we will ask you for consent to use your data, for example to help us inform the public about our work. If this is the case, we will explain to you exactly what your data will be used for. You can withdraw your consent at any time, and wherever possible, any of your data that has been used for publicity purposes will be deleted.

Who is responsible for your data?

The Data Controller is responsible for your data.

How long do we keep your data?

Frankie & Lola’s will keep your data for a specified period of time once we have finished our relationship with you. Depending on the nature of the service and our legal obligations this will be a maximum of 7 years.

How can you access your data? (subject access requests)

You may request a copy of the information that Frankie & Lola’s holds about you. Requests should be made in writing to:

The Data Controller

Frankie and Lola’s

4326 Ivanhoe Avenue

Inverness

IV2 6BZ

2b. People who are interested in what we do

How do we collect your personal information?

We obtain personal information from you when you enquire about our activities, become a service user, send or receive an email, or ask a question about our services. Sometimes we may obtain your personal information from third-party data suppliers, but only if they provide the appropriate evidence that you have agreed for your personal information to be shared with other organisations.

We also gather general information about the use of our website and social media channels such as pages visited and areas that are of most interest to users. We use this information to improve our communication and make it a better experience for everyone.

What information do we collect?

The personal information we collect may include name, address, email address, telephone numbers, date of birth and gender. Data protection law recognises that certain categories of personal information are more sensitive. These are known as special categories of data and cover health information, race, religious beliefs and political opinions. We do not usually collect special categories of data about our customers unless there is a clear reason for doing so, such as a health condition where we need to ensure that we can provide the appropriate facilities or support to enable you to participate in an event.

How do we use your data?

We may use your personal information for:

• dealing with our enquiries, requests and complaints

• providing you with information about our work activities events and services

• complying with our legal obligations, policies and procedures.

• providing and personalising our services

• marketing

• conducting market research

How we communicate with you

Being able to communicate with you is important, as your support and interest will help us make good decisions about the services we offer. We believe in being open, honest and transparent and want you to feel comfortable about your decision to give us your personal information and how we use it.

We will use the details you provide to us to communicate with you about events and promotions we may run from time to time.

We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy.

We will take appropriate measures to keep your personal information safe and secure and we promise not to contact you more than necessary. We will also never pass your personal information on to other organisations for them to use for their own marketing purposes.

In certain instances, Frankie & Lola’s collects and uses your personal information by relying on the ‘legitimate interest’ legal basis. This is because when you, for example, request to receive information from us, we have a legitimate organisational interest to use your personal information to respond to you and there is no overriding prejudice to you by using your personal information for this purpose.

We will always provide you with the option to opt out of hearing from us. In most instances, however, we will rely on obtaining your consent to use your personal information. For example, where we seek to obtain your consent to receive email marketing from Frankie & Lola’s.

We will only communicate with you in the way you have told us to.

Email/text marketing

If you have actively provided your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to emails from Frankie & Lola’s or opting in to email communication from Frankie & Lola’s you grant us the right to use the email address for email marketing.

Post/telephone marketing

If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information.

It’s your decision

It is always your decision as to whether you want to receive information about our work and the ways you can get involved.

You may opt out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails.

You can also change any of your contact preferences at any time, including telling us that you don’t want us to contact you by getting in touch with us at:

info@frankieandlolas.co.uk

2c. Visitors to our website

Frankie & Lola’s sometimes sends small data files, called cookies, from our website to your computer mobile phone or other device. These cookies are then stored on the hard drive of your device. Some of these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. The data collected is not shared with any third party. The information we get through the use of these cookies is anonymous and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies, we will not be able to include your anonymous visit in our statistics.

What are your choices regarding cookies

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

Where can you find more information about cookies

You can learn more about cookies and the following third-party website:

http://www.allaboutcookies.org/

Google Analytics

These cookies help Frankie & Lola’s to analyse how users use the site. Here is a more complete explanation of Google Analytics.

Google Remarketing (interest-based advertising)

This cookie identifies the sites you visit subsequent to visiting our website and allows better and more relevant ads to be displayed to you. You can learn more about and control 3rd party remarketing on youronlinechoices.com.

Facebook Tracking Pixel

Facebook may use cookies to collect or receive information from Frankie & Lola’s and elsewhere on the internet and use that information to provide measurement services and target ads. Visit the Facebook Basics page for further information on how this is implemented. Find out more about how to control 3rd party remarketing on youronlinechoices.com.

Embedded content

YouTube video, Vimeo video, Facebook buttons, Flickr photos

These cookies enable you to use functions embedded in our site (e.g., playing a YouTube video clip).

You can control and/or delete cookies as you wish or delete cookies installed by the site – for more details, see www.allaboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. To do so you should modify your browser settings, click on the help section of your Internet browser and follow the instructions.

However, if you do this, you may have to manually adjust some preferences every time you visit the site and some services and functionalities may not work.

During your visits to our site you may notice some cookies that are not related to Frankie & Lola’s. You should check the third party websites for more information about these.

2d. Job applicants and paid roles

As part of any recruitment process, Frankie & Lola’s collects and processes personal data relating to job applicants. If you apply for a role with Frankie & Lola’s, we will only use the information you supply to us to process your application and to monitor recruitment statistics.

What information do we collect?

We will collect a range of information about you, including:

•   your name, address and contact details, including email address and telephone number

•   details of your qualifications, skills, experience and employment history

•   information about your current salary

•   whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process

•   information about your entitlement to work in the UK

•   equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief – we will only collect this sensitive information with your explicit consent, which can be withdrawn at any time

How do we collect your personal data?

We collect it in a variety of ways. For example, you may have filled in an application form, or submitted a CV or resumé, you may have provided your passport details or other identification documents, or we may have collected it through interviews or other forms of assessment, like online tests.

We may also collect information about you from third parties, such as references supplied by former employers. Frankie & Lola’s will only seek information about you from third parties once we’ve made you an offer. In all cases the application process will make clear at what point we will be contacting third parties.

Where will we keep your data?

Your personal information will be stored, securely, in several places: on your application record, in our recruitment and selection system, our management systems and on other IT systems.

Why do we need your personal data?

We need to process your data in order to enter into a working agreement with you. In some cases we need to process your data to ensure we are complying with our legal obligations, e.g. checking an individual’s right to work in the UK.

We have a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process. It allows us to manage that process, assess and confirm your suitability for the role and decide who to offer a role to. We may also need to process data from job applicants to respond to, and defend against, legal claims. Where we are relying on legitimate interest as a reason for processing data, we have considered whether or not those interests override the rights and freedoms of the applicant and have concluded that they do not.

We process health information if we need to make a reasonable adjustment to the recruitment process for the candidates who have a disability or other conditions that require consideration. This is to carry out our obligations and exercise specific rights in relation to employment.

For some roles, Frankie & Lola’s is obliged to seek information about criminal convictions and offences. This is necessary to carry out our obligations and exercise specific rights in relation to employment.

Frankie & Lola’s will not use your personal information for any purpose other than the recruitment exercise for which you have applied.

How long will we keep your data?

Personal information about unsuccessful candidates will be held for one year after the recruitment exercise has been completed; it will then be destroyed. Interview notes for all unsuccessful applicants are destroyed after six months. We retain depersonalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

If your application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in accordance with our retention policy.

Who has access to your data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR (people) and recruitment team, interviewers involved in the recruitment process, managers in the organisation area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

As part of the recruitment process we may need to share your data with third parties in order to conduct any necessary background checks and vetting processes, such as contacting previous employers/referees to obtain a reference; and/or the Disclosure and Barring Service to conduct criminal record checks. As part of the recruitment process, we will make clear to you which checks will be required and at what stage of the process.

What if you don’t provide personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide Frankie & Lola’s with the information, we may not be able to process your application properly, or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

2e. Our current and former employees.

Frankie & Lola’s collects and processes personal data relating to its staff in order to manage the work relationship with you.

What information do we collect?

Frankie & Lola’s collects and processes a range of information about you that is appropriate to the role you perform with us.

This will vary depending on whether you are an employed member of staff or consultant and may include:

•   your name, address and contact details, including email address and telephone number, date of birth and gender

•   your image

•   the terms and conditions relating to the work you are doing for Frankie & Lola’s

•   details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us

•   information about your salary

•   details of your bank account and national insurance number

•   information about your marital status, next of kin, dependents and emergency contacts

•   information about your nationality and entitlement to work in the UK

•   information about your criminal record

•   details of your schedule (days of work and working hours) and attendance at work

•   details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for the leave

•   details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence

•   assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence

•   information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments

•   equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief

How do we collect your personal data?

We collect your information in a variety of ways. For example, you may have filled in an application form, or submitted a CV or resume; you may have provided your passport details or other identity documents; from forms completed by you at the start or during your work with us; from correspondence with you; or through interviews, meetings or other assessments.

We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information from criminal records checks as permitted by law.

Where will we keep your data?

Your personal information will be stored, securely, in several places: in your personnel file (hard copy and electronic staff file), in our HR management systems and in other IS systems.

Why do we need your personal data?

Frankie & Lola’s needs to process your data to enter into a working relationship with you and to meet our contractual obligations under any agreement with you. For example, if you are an employee we need to process your data to provide you with an employment contract, to pay you in accordance with that contract and to administer any benefits.

In some cases, Frankie & Lola’s needs to process data to ensure that we are complying with our legal obligations. For example, it is required to check a worker’s right to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it’s necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question.

In other cases, Frankie & Lola’s has a legitimate interest in processing personal data before, during and after the end of the working relationship.

Processing staff data allows the organisation to:

•   run recruitment and talent management processes

•   maintain accurate and up-to-date staff records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights

•   operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace

•   operate and keep a record of employee performance and related processes and workforce management processes

•   operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay and other benefits to which they are entitled

•   obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers are receiving the sick pay or other benefits to which they are entitled

•   operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave) to allow effective workforce management, to ensure that Frankie & Lola’s complies with duties in relation to leave entitlement, and to ensure that workers are receiving pay or other benefits to which they are entitled

•   ensure effective general HR and business administration

•   provide references on request for current or former employees

•   respond to and defend against legal claims

•   comply with our statutory and regulatory obligations

•   maintain and promote equality, diversity and inclusion in the workplace

Where Frankie & Lola’s is relying on legitimate interest as a reason for processing employee data, we have considered whether, by collecting the data, the charity is overriding the rights and freedoms of our employees and workers and has concluded that we are not.

Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).

Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.

Who has access to the data?

Your information will be shared internally, including with members of the people team (including payroll), the finance team, your line manager, managers in the business area in which you work and any other members of staff for whom access to the data is necessary for the performance of their roles.

Frankie & Lola’s shares your data with third parties in order to obtain pre-employment references from other employers and, if applicable to your role, to obtain necessary criminal records checks from Disclosure Scotland.

How long will we keep your data?

Frankie & Lola’s will hold your personal data for the duration of your working relationship with us. After the end of your working relationship with us, due to the nature of the work that Frankie & Lola’s carries out, and in order to meet our safeguarding commitments, we may hold some of your data for a further 5 years.

3. Working with third parties

Frankie & Lola’s will never sell your personal data. However, we may share your information with third parties in order to provide services to you. Your data may be accessible to some of the IT support companies who manage our business critical systems, however, this is only for the purposes of supporting our IT systems and is strictly governed by our contractual arrangements with them.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

We can share your personal information with:

•  our ‘customer’ relationship management systems

•  archive and storage systems

•  commissioners, printers, fulfilment houses, photographers, videographers, creative designers, creative agencies, and online survey providers

•  benefits providers and criminal records check processors

•  analytics and search engine providers that assist us in the improvement and optimisation of our site

•  where we are under a duty to disclose or share your personal information in order to comply with any legal obligations, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Frankie & Lola’s, our beneficiaries or others – this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction

•  for employees, payroll agencies, HMRC, pension, insurance companies and statutory bodies, where regulated to do so by law

•  we will keep your personal information confidential, and where we provide it to other third parties we will only do so under contract, on conditions of confidentiality and security, and only for the purposes for which you have provided your information to us

Third-party websites

Our website may contain links to third-party websites. This policy only applies to this site, so if you follow a link to a third-party site, please make sure you read the privacy policy on that site. We do not accept any responsibility for third-party sites.

4. How do we keep your data safe?

We take the security of your personal information very seriously. We have internal policies, controls and appropriate data collection, storage and processing practices and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our website are protected by encryption (this means that communications are turned into codes that only Frankie & Lola’s website can understand, which stops unauthorised people seeing them). We work closely with industry-leading technical partners to make sure that all your personal information, including payment data, is safe and secure.

However, we cannot guarantee the security of data that you transmit to our websites and therefore any transmission to us is at your own risk.

Please be aware that any personal information you choose to post on the public areas of our website or social media channels can be read, collected, or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.

5. How we store and process your information

The information that we collect from you may be transferred to, and stored in, a location outside of the United Kingdom, but only where we are satisfied that it has an adequate level of protection. It may also be processed by staff operating in these locations who work for our service providers. This includes staff engaged in, among other things, the hosting of the site and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Frankie & Lola’s will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy notice.

6. Your legal rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

a. the right to be informed

b. the right to access your personal information

c. the right to edit and update your personal information

d. the right to request to have your personal information deleted

e. the right to restrict processing of your personal information

f. the right to data portability

g. the right to object – including automated decision making and profiling

h. the right to lodge a complaint with a supervisory authority

If you wish to exercise your rights, please contact us, providing as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 30 days before they take effect.

6a. The right to be informed.

You have the right to be informed about the data we hold and share about you.

6b. The right to access your personal information

You have a right to access your personal data. By making a subject access request to Frankie & Lola’s you can find out what personal data we hold about you, why we hold it and who we disclose it to. You must make a subject access request in writing, and include proof of your identity.

Our address is:

Data Protection Officer

Frankie and Lola’s

4326 Ivanhoe Avenue

Inverness

IV2 6BZ

Once we have received your request, and verified your identity, we will respond within 30 days.

6c. The right to edit and update your personal information

The accuracy of your personal information is important to us. You can ask us to edit your personal information including your address and contact details at any time.

6d. The right to request to have your personal information deleted

You have the right to request the deletion of your personal information which we will review on a case-by-case basis.

6e. The right to restrict processing of your personal information

You have the right to ‘block’ or suppress processing of your personal data. However, we will continue to store your data but not further process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future. Please note, this is not an absolute right and only applies in certain circumstances.

6f. The right to data portability

You have the right to get your personal data from us in a way that is accessible and machine readable,
for example as a csv file. You also have the right to ask us to transfer data you have provided us with to another organisation where technically feasible.

6g. The right to object – including automated decision making and profiling

You have the right to object to your personal information being processed for marketing (including profiling) and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.

You can exercise this right by contacting us on the address below:

Data Protection Officer

Frankie and Lola’s

4326 Ivanhoe Avenue

Inverness

IV2 6BZ

6h. Your right to lodge a complaint with a supervisory authority

If you wish to lodge a complaint or seek advice from a supervisory authority please contact:

The Information Commissioner’s Office – Scotland

Queen Elizabeth House

Sibbald Walk

Edinburgh

EH8 8FT

Telephone: 0303 123 1115

Email: Scotland@ico.org.uk

7. Glossary

Anonymization is the process of either encrypting or removing personally identifiable information from data sets, so that the people who the data describe remain unknown or anonymous.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.

The Data Controller is the person or persons that is responsible for your personal data. They are required to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or not kept confidential.

The Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Encryption is the method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.

General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the collection and processing of personal information of individuals in the European Union (EU).

Legitimate business interests legal basis means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation, personal preferences, interests and location.

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to the data subject without the use of additional information. The additional information must be kept separately.

Public task legal basis means we can rely on this lawful basis as we need to process personal data ‘in the exercise of official authority’. This covers public functions and powers that are set out in law; or to perform a specific task in the public interest that is set out in law.

Special category data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Subject access request is your right to get a copy of the information that is held about you.

Suppression list is a list that contains mailing or email addresses that you want to permanently exclude from future mailings or emails we send.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.