Light UP

Privacy Policy

Light UP is committed to protecting and respecting your privacy. This policy sets out what personal data we collect from you, or that you provide to us, and how it will be used. Please read it through carefully and if you have any queries contact [email protected] .

Where we collect information from

When you give data to us directly

When you give data to us indirectly:

What we collect and how it used

Personal Data

Personal data includes your (and where applicable the student signed up to our classes) contact details, date of birth, address, email, phone number, emergency contact name and number, images of you (or student, where permission has been granted) taken at classes, workshops and shows, and orders via our online shop. This enables us to conduct business with you and provide you with the best service for your needs, and to keep you informed about the company. Your details are collected via Class Manager, a secure online class registration program. Any transaction through our online shop or through Xero, our accounting service, is secure and follows their own privacy policies. Account information is never shared, but sometimes stored (through Xero and Go Cardless) through your own choosing. We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.

Special Category Data

Special Category Data may be asked for in certain instances; this includes your bank details (directly into payment processer or to us for refunds), ethnicity, gender identity, medical information and next of kin. This information is available to a restricted number of staff for whom it is deemed necessary. It is used to process some transactions, in the case of an emergency, or aggregated and anonymised for monitoring and reporting as required by public funding bodies. ​

Children’s Data

We collect and store data for under 16s who participate in our classes, which includes Special Category Data. Our online booking form ensures that we obtain consent from the parent/carer of the child before collecting this data . This information is available to a restricted number of staff for whom it is deemed necessary. When the young person reaches 16, consent is sought from the individual. ​

Purposes of use

Administering purchases

You give us Personal Data, such as your name and contact details so we can administer purchases (tickets, subscriptions, memberships, merchandise and donations) made online, in person or over the telephone. If you choose to save the details of your card for future purchases on your account, these details are captured by Go Cardless & Stripe our payment provider. All transactions are conducted in accordance with the Payment Card Industry Data Security Standard. If you have given us information about family members, individuals or organisations you are connected to, this may be stored against your record as a relationship.

Classes

If you participate in classes, workshops or events, we ask for additional Personal Data such as (for the participant) your age, the school you attend and information about your next of kin. We also ask for medical information and emergency contact details; this is classed as Special Category Data. We do this to ensure that staff are aware of any specific needs of participants and so we can quickly contact relevant people in the case of an emergency.

Marketing

Electronic and postal

For all parents/guardians who have enrolled in classes we use your details to keep you up to date about class information and for our teachers to contact you regarding the class member. If you would prefer us not to contact you via email please email [email protected], however this method of communication is essential to us keeping you in the loop. We also subscribe you to our mailing list, if asked to, for forthcoming events, shows, workshops and your purchases. You can opt out of this at any time by emailing [email protected] - or clicking unsubscribe from the e-news itself. We never send you information about anything outside of the organisation.

 Online

Depending on your device’s privacy settings and those on other websites and apps you use, we may aggregate information you give us directly or indirectly to target advertising and social media posts. For example we may create a specific campaign to be shown on social media to people in the PO19 postcode area aged between 16 and 25, or an advert to target specific people who have visited a particular page on our website. How a website tracks you depends on the privacy settings on the device you are using and any privacy settings you have set up with individual sites and apps.

Reporting and analysis

We use the data you give us directly and indirectly to report on our class numbers, show & workshop attendance and to improve your experience. This reporting is created from aggregated data and is not attributable to individuals.

Our website

When you visit our website we may automatically collect technical information about your session including the Internet Protocol (IP) address that connects your device to the internet, the type of device you use, your browser, operating system, whether you made a purchase and from where you have arrived at our site. We do not link this information to anything that identifies individuals. This information enables us to analyse how the website is used, where improvements can be made and to report to funding and public bodies.

HR

If you apply for a job, work experience or volunteer opportunity at Unexpected Places we collect Personal Data and Special Category Data as part of your application. Equal Opportunities information is requested separately and anonymously and cannot be tracked back to individual applicants. ​

How we keep your data safe and who has access

Unexpected Places/Light UP/ Steppin' UP staff have access to your data at differing levels. Our Light UP & Steppin' UP teachers are able to see the information you have submitted on your booking form, but all other data is only visible to the Administration Team. We use a few different services who have access to your data, Google, Xero, Wix, & Stripe. These organisations only hold the data for the reason contracted by Unexpected Places and do not sell, share or use your data for any other purpose Paper files with Personal and Special Category Data are kept to a minimum and are stored securely when not in use.

Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

If legally required we may disclose your information to the police, regulatory bodies or legal advisors. We will only share your data in other circumstances with your consent. If there is a breach of data that is likely to have a detrimental effect on individuals (for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage), Unexpected Places will notify the Information Commissioners Office within 72 hours of becoming aware of the breach. Any individuals affected will also be notified within this timeframe.

​ Keeping your information up to date

Please let us know when your details change so we can make sure that our information is current. You can do this yourself by logging into the parent portal or by emailing [email protected].

Your rights

If you wish to amend your data, ask us to stop using your Personal and Special Category Data for reasons other than processing your transaction, or erase your Personal and/or Special Category Data please contact us at [email protected]. You have a right to ask for a copy of the information we hold about you. To request this please send an email to [email protected].. We do not make a charge for this, but may charge a reasonable administrative fee if we deem the request to be unfounded or excessive. We endeavour to respond to requests within 30 days. ​

Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time. We will post any changes to our website and notify you of any material changes by e-mail if we have permission to do so.

Date last modified: 07 Jan 2020