Privacy policy.

 

Bookasleepoverparty.com recognises the importance of protecting your privacy. Our use of personal data is set out below.

Consent

By using the bookasleepoverparty.com website, you hereby consent to this Privacy policy and agree to its terms.

PII (Personally Identifiable Information) we collect and how we use it

In order to facilitate some of the services available on this website we need to collect and store your name, address, telephone number, email address and other basic information. The data is stored using appropriate safeguards to ensure security, integrity and privacy.

Any data collected about you will be used only:

·       (if a Cusomer) to enable us to validate your review/report or respond to your enquiry as necessary, or

·       (if a Supplier) to promote your services and allow us to contact you in relation to your subscription to the Service.

Personal data stored about any customer will be deleted once it is no longer needed for review validation or any related purpose. See How long is my personal information retained? for details of further automatic data cleansing measures in place.

Legal grounds for collecting/holding your personal data

We rely on the following legal bases to use your personal data:

1.       Where it is needed to provide you with services, such as letting you leave (or for us to validate) a review of a supplier as a customer, or for us to allow you to promote your services on the website, as a supplier.

2.       Where it is in our legitimate interests to do so, such as to keep records of our communications between you and our team, or for direct communications related to your supplier membership of bookasleepoverparty.com

3.       With your consent, such as for some direct marketing communications (if a Supplier).

When do you share my personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

·       BookASleepover Insurance

·       BookASleepover team staff who are a part of providing your products and services or operating our business, for example the bookasleepoverparty.com graphic designer.

·       Other organisations and businesses who provide services to us such as back-up and server hosting providers, IT software and maintenance providers, data storage providers and suppliers of other back-office functions, such as the bookasleepoverparty.com website developers.

Do I have to provide my personal information?

We’re unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

How long is my personal information retained?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

·       For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations

·       For as long as we provide goods and/or services to you, or

·       Retention periods in line with legal and regulatory requirements or guidance, including GDPR.

There are specific automated data-cleansing actions which occur after set periods, to clear the personal details of website users in line with legal requirements:

·       Customer reviews have the reviewer's personal details anonymised (excluding first/last name) after 30 days.

·       General enquiries are removed from the website after 30 days.

·       The details of a bookasleepoverparty.com member that has been archived are removed after 2 years of no updates/activity.

·       Customer requests to bookasleepoverparty.com suppliers (Email, SMS) are anonymised after 2 years.

Data collected in server logs

We store the following information about each request (page visit) visitors make when visiting bookasleepoverparty.com:

·       IP (Internet Protocol) Address

·       ISP (Internet Service Provider)

·       User agent (browser and OS type)

·       Date and time of each request

·       The URL visited

·       In the event of an error additional information about the request will be captured including headers, cookies and the request body (present on PUT and POST requests).

We collect this information to help us monitor traffic to the website, detect and analyse issues and to filter out unwanted traffic (e.g. unregistered web crawlers/bots).

We hold information in the server logs for 90 days. This information we collect does not directly provide us with any PII (Personally Identifiable Information - such as your name or email address) except where PII is submitted as part of a request that generates an error. For example, if you were submitting your email address as part of an enquiry and an issue was raised your email would be collected as part of the error information.

Your General Data Protection Regulation (GDPR) Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

·       The right to access – You have the right to request copies of your personal data held by us (commonly known as a subject access request).

·       The right to rectification – You have the right to request that inaccurate personal data we hold is rectified, or completed if it is incomplete.

·       The right to erasure / The right to be forgotten – You have the right to request that we erase personal data that we hold about you. This right is not absolute and only applies in certain circumstances.

·       The right to restrict processing – You have the right to request that we restrict the processing of personal data we hold about you. That is, we may hold that data but may not use it. This right is not absolute and only applies in certain circumstances.

·       The right to data portability – You have the right to request that we transfer the data we have collected about you; directly to you or to another organisation.

·       The right to object to processing – You have the right to object to us processing personal data we collect and hold about you.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

A more detailed overview of your rights under GDPR can be found on the Information Commissioner's Office website.