Calmababy is fully compliant with the General Data Protection Regulations (GDPR). We process personal client data to facilitate the booking of our classes and courses. We do not share any data we hold with third parties.
Our booking software
- Your name
- Your Address
- Telephone numbers (normally you’re mobile)
- Email addresses
- Your children’s names and dates of birth
- Medical history for you and your children (if applicable)
Our mailing lists
- First name
- Last name
- Email address
- Booking confirmations and reminders
- Payment receipts
- Calmababy Newsletters
- Offers and promotions
Data relating to children
- Childs name
- Date of birth
- Medical history (if appropriate)
Card payments and purchases
Calmababy is PCI compliant, in accordance with these regulations we do not store debit or credit card details on site. If you have given us consent to retain your debit or credit card, your details are stored via secure third-party merchant providers on their systems. They are encrypted, with the exception of the last four digits of the card number and its expiry date, and cannot be viewed by any member of the Calmababy team.
Our lawful basis for processing your data
When you visit our Centre, become a member or contact us via email or social media we may ask permission to store your details in our booking software and mailing lists.
For existing customers who are attending classes and courses, we store, retain and use your data in order to provide the services agreed in your contract with us.
For new customers, all our systems require a positive opt-in before we can send you communications. We will undertake this process with you during the registration process.
For lapsed customers, we may from time to time, send you communications about our products and services which we believe you have a legitimate interest in receiving. You can opt-out of these communications at any time.
Protecting your data
- to be provided with access to your personal data held by us;
- to request the rectification or erasure of your personal data held by us;
- to object to the collection of your data and request that we cease processing your data;
- to request that we restrict the processing of your personal data while we investigate your concerns with this information;
- to object to solely automated processing; and
- to request that your data be transferred to a third party (data portability).