This privacy notice provides information about the ways in which The Baby Academy collects, stores, shares or keeps personal information provided by our clients, contacts, website visitors and office visitors.
Using our Website
We collect information about you, using cookies, when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc.
When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes, they will not use your data for any purposes and will only hold the data in line with our policy on data retention.
We use Google Analytics to store information about how visitors use our website so that we can may make improvements to our website and give visitors a better user experience.
Google Analytics are third-party information storage systems that record information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there.
Calling our Office
The Baby Academy does not collect Calling Landline Identification (CIL) or any other information on the origins of a call. We do not record or retain phone conversations.
Any emails sent to us at email@example.com are recorded and forwarded to the relevant member of staff. The sender’s email address will remain visible to all staff tasked with dealing with the email. Emails may also be sent to members of staff directly and these may be shared internally if required to do so for the purpose of the email for a client engagement. Please be aware that it is the sender’s responsibility to ensure that the content of their emails is within the bounds of the law. Unsolicited material of a criminal nature will be reported to the relevant authorities and blocked.
Processing Client Information
At The Baby Academy we take your privacy seriously and will only use your information to provide the Services you have requested from us as detailed in your Letter of Engagement. We will only use this information subject to your instructions, data protection legislation, statutory legislation and our duty of confidentiality.
Due to the nature of engagements, The Baby Academy processes personal and other data on behalf of clients on a contractual basis. Where The Baby Academy processes personal data on behalf of a client, the Data Processor and the client is the Data Controller.
The Baby Academy acknowledge our responsibilities as a Data Processor and a Data Controller where relevant, under Irish Data Protection legislation.
As a Data Processor, The Baby Academy acknowledges that we process personal data on behalf of the Data Controller, and should:
- Carry out the processing only subject to our instructions from the Data Controller and provide appropriate security measures for the data.
- Comply with Data Protection legislation on all aspects of processing personal data and protecting the rights of data subjects.
- Ensure that personal data is only used for the purpose it was provided for to The Baby Academy.
As a Data Controller, our clients acknowledge that they are responsible under Irish Data Protection legislation for the personal data that is provided to The Baby Academy and should:
- Apply technical and organisational security measures and take reasonable steps to ensure compliance with those measures.
- Comply with data protection legislation on all aspects of processing personal data and protecting the rights of data subjects.
- Take responsibility for any Data Subject Access Requests made in relation to personal data supplied to The Baby Academy.
- Notify data subjects in relation to international transfers, especially outside the EU.
As part of the services offered to clients through our engagement, information which our clients give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU.
Where this is the case we will take the necessary steps to ensure the appropriate security measures are taken, so that privacy rights continue to be protected as outlined in this policy. If our clients use our services while outside the EU, information may be transferred outside the EU to provide those services.
The client may request The Baby Academy not to use services outside of the EU at any point in the engagement. This may result in a review of the terms of the engagement.
Security precautions in place about data collected
When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear at the bottom of your web browser (such as Google Chrome, Safari, etc).
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Communication with contacts
The Baby Academy retains contacts in Google Sheets. These systems contain personal data such as the name, address, email address, phone number and associated company. This information is utilised to communicate with contacts, including sending them details of financial news, products and services on a legitimate interest basis. Contacts have the option of opting out of this communication option and / or being removed from our systems at any time and this is highlighted on news, products and services emails. We do not share contacts information with third parties without the consent of the contact. You may also opt out by emailing your request to: firstname.lastname@example.org
Data retention – how long do we keep your personal data
We will not retain your Personal Data longer than is necessary to fulfill the purposes for which it was collected. However, we may be required by applicable laws and/or regulations to hold your personal data longer than this period.
Your data protection rights
You have rights which allow you to address concerns or queries regarding the processing of your personal data, including the rights of access, rectification, erasure, restriction of your personal data, as well as the right to transfer your data, the right to object to some processing and automated decision making, including profiling. Your right may be exercised freely and at no cost.
Enforcing your data protection rights
You may contact The Baby Academy Data Protection Officer (“DPO”) about all issues related to this Privacy Statement, your personal data and to exercise your rights under Data Protection law.
Contact details of our Data Protection Administrator are as follows:-
Name: Tom McGovern
If you feel that your personal data has been processed in a way that does not meet the Data Protection legislation, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will in due course inform you of the progress and outcome of your complaint. The supervisory authority in Ireland is the Data Protection Commissioner – www.dataprotection.ie.
Changes to our privacy statement
This is a live document, under regular review. This policy was last updated on 4th July 2019.
For and on behalf of The Baby Academy
In compliance with General Data Protection Regulation (academy) effective 25 May 2018
The Baby Academy (DAE) Data Protection Policy applies to personal data held by the academy and which is protected by the General Data Protection Regulation.
This policy applies to all staff, the board of management, parents/guardians and others insofar as the measures under the policy relate to them. Data will be stored securely so that confidential information is protected in compliance with the academy and relevant legislation. This policy sets out the manner in which personal data and sensitive personal data will be protected by the academy.
Article 5 of the GDPR sets out principles relating to the processing of personal data. These include:
- The processing of personal data must be lawful, fair and transparent
- Personal data is collected for specified, explicit and legitimate purposes.
- Personal data held must be adequate, relevant and limited.
- Personal data held must be accurate.
- Personal data is retained and stored for no longer than is necessary.
- Personal data is processed in a manner that is safe, secure & confidential.
The academy will process all data in compliance with these principles as outlined in the academy.
Implementation of this policy takes into account the academy’s legal obligations and responsibilities. Some of these are directly relevant to data protection.
The Personal Data records held by the academy may include:
As well as existing and former members of staff, these records may also relate to applicants for positions within the academy.
These staff records may include:
- Name, address, contact details and PPS number
- Original records of application and appointment to posts
- Details of approved absences
- Details of work record
- Details of any accidents/injuries sustained on academy property or in connection with the staff member carrying out their academy duties
Staff records are kept for the purposes of:
- The management and administration of academy business (now and in the future)
- Facilitating the payment of staff, and calculations other benefits/entitlements
- Human resources management
- Recording promotions made (documentation relating to promotions applied for) and changes in responsibilities
- Enabling the academy to comply with its obligations as an employer including the preservation of a safe, efficient working and teaching environment (including complying with its responsibilities under the Safety, Health and Welfare at Work Act, 2005)
- Complying with legislation relevant to the academy.
Staff records are held in both manual and electronic form. Such files are kept in secure filing cabinets that only personnel who are authorised to use the data can access or in electronic form that is password protected. Employees are required to maintain the confidentiality of any data to which they have access.
These may include:
- Information sought and filed on a Registration Form
These records may include:
- Name, address, contact details
- Attendance records
- Records of meetings or interactions with instructors for the purposes of pastoral care or general welfare
The purposes for keeping student records are:
- To comply with legislative or administrative requirements
- To ensure that eligible clients can benefit from the relevant additional teaching or financial supports
- To ensure that the client meets the academy’s admission criteria
Client records are held in both manual and electronic form. Such files are kept in secure filing cabinets that only personnel who are authorised to use the data can access or in electronic form that is password protected. Employees are required to maintain the confidentiality of any data to which they have access.
The Baby Academy Board Records
Minutes of Board meetings shall record attendance, items discussed and decisions taken, and will be kept safely and securely. Board business shall be considered confidential to the members of the Board.
Data Access Requests
Requests for access to personal data may be made by completing a academy Data Request Form. Individuals are entitled to a copy of their personal data on written request in compliance with Article 15 of the GDPR.
Where a subsequent or similar request is made soon after a request has just been dealt with the academy may charge a fee to cover administrative costs.
No personal data can be supplied relating to another individual unless that third party has consented to the disclosure of their data to the applicant.
Data will be carefully redacted to omit references to any other individual and where it has not been possible to redact the data to ensure that the third party is not identifiable the academy will refuse to furnish the data to the applicant.
In compliance with the GDPR, The DAE may refuse to grant an access request where such a request is deemed manifestly unfounded or excessive.
For and on behalf of The Baby Academy