Little Street takes all necessary measures to ensure confidentiality of information, both paper and electronic, required for the operation of our business. Our employees are trained in GDPR compliance and will act responsibly and with due care when handling personal data.
WHAT INFORMATION DO WE COLLECT:
When you book via our website, as part of the process, we collect the personal information you give us such as your name, telephone number and email address. Little Street does not hold any credit/debit card information.
When you send us an email, or contact us by telephone, Little Street may store the inquiries and their contents. This may include creating a paper customer record, to be held onsite at Little Street play centres in the form of an Annual Pass, Booking Credit or Party Booking.
When you browse our website, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
SJ Pearson Consulting Ltd (“SJPC”):- Our Booking System software (incorporating the online e-commerce platform) is provided by SJPC. Aspects of this system, including the underlying proprietary booking engine, is provided under licence from Q-nomy Inc.
Amazon Web Services UK Limited (“AWS”):- Our Booking System is hosted on technology provided by AWS. All data is held in centres located in the UK.
Realex:– Realex stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
WHY DO WE COLLECT THIS INFORMATION?
- To process your booking and to secure your space on one of our play sessions, enabling us to operate visitor capacity limits.
- We use your email address to send you a booking confirmation, or to respond to your queries. For those who have subscribed to our mailing list, we will also periodically send you details of offers and promotions, but you may unsubscribe at any time.
- To create a register of those attending a play session in order to comply with health & safety fire regulations.
- Your telephone number or email address may be used to contact you in the unlikely event of cancelling a play session.
- We collect other basic information when you interact with our website that assists us with understanding where our customers are visiting from, return visitors, and other such information for internal business reporting.
LAWFUL BASIS FOR PROCESSING DATA – CONSENT
How do you get my consent?
SHARING YOUR PERSONAL INFORMATION
Customer records are shared between franchisees of Little Street, and are visible to our booking system provider, SJ Pearson Consulting Ltd for the purposes of providing our services to you. We will not share your personal information outside of the parties stated above, unless required by law.
SALE OF THE BUSINESS
HOW LONG WE KEEP YOUR INFORMATION:
Customer records are kept for 3 years following the date of your last booking with us. You have a right to be forgotten and can contact us at any time to request that your data be removed from our systems.
CCTV is deleted after 21 days, unless required by law or for insurance purposes to be downloaded and retained as evidence.
For the safety and security of our visitors we have CCTV cameras in operation 24hrs a day. On franchised premises, both Little Street Limited (the franchisor) and the franchisee have access to the CCTV. CCTV monitoring on our premises is for security and training purposes only and is limited to uses that do not violate the individual’s reasonable expectation to privacy. We will not disclose to any third party, footage of our visitors unless required by law or for insurance purposes.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
You can write to us at any time to get a copy of the personal information we hold about you. If you believe we’re holding inaccurate information about you, please contact our customer services team via the ‘Contact Us’ page on our website so we can correct it. If you are concerned about how your data is being processed, please contact the ICO.