Processing: any operation or set of operations performed on personal data or sets of personal data, whether by manual or automated means. This can include collecting, recording, organising, structuring, storing or adapting data.
Data controller: the person, public authority, agency or other body which alone, or jointly with other parties, determines the purposes and means of the processing of personal data.
Data processor: a person or organisation who processes data on behalf of the data controller.
Data protection officer (DPO): Refers to the designated person who oversees the proper care and use of data, including personal data and sensitive personal data.
Personal data: any information relating to an identified or identifiable person; an identifiable person is someone who can be identified by reference, e.g. a name, identification number or physical trait.
Sensitive personal data: refers to personal data which reveals a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, details of someone’s health or sexual life, or their genetic data.
Data breaches: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Secure disposal: Is the safe deletion or destruction of all personal or sensitive personal data.
By browsing, registering or booking childcare services on this site, you consent to the collection, use and transfer of your information under the terms of this policy.
- What information do we collect?
When you visit, register or book childcare services on this website you may be asked to provide certain information about yourself including your name, contact details and credit or debit card information and your child(ren) or children you care for including but not limited to medical conditions, food allergies, behavioural problems.
We may also collect information about the following:-
- Your usage of our website as well as information about you from any messages you post to the website and/or e-mails or letters you send to us.
- Information about your visit, including but not limited to: your IP Address, operating system, browser version, geographical location, length of your visit and pages visited. This information is held on our server logs and is used for generating anonymous statistics to help us improve our service to you. We reserve the right to use this information to investigate and take action against any misuse of the site.
- Information provided by you via online forms. This includes, but is not limited to; enquiries, complaints, registration forms.
- Any transaction you perform on our site. This includes personal information that may identify you for the purposes of the transaction and any account you may hold with us. We may also use this information for anonymous statistical purposes.
- any other information that you choose to send to us;
- How do we use your personal data?
In particular, we may use your information to contact you for your views on our services and to notify you occasionally about important changes or developments to the site or our services. Further, we might also use your information to let you know about other products and services which we offer which may be of interest to you and we may contact you by post, telephone as well as by e-mail. If you are a registered user, we will contact you by electronic means about our products and services and services similar to those for which you have registered, only if you have consented to this or have requested us to do so.
We may use your personal information to:
- administer the website;
- improve your browsing experience by personalising the website;
- enable your use of the services available on the website;
- send invoices to you, and collect payments from you;
- send you general (non-marketing) commercial communications;
- send you email notifications which you have specifically requested;
- send newsletter and other marketing communications relating to our business or the centres you are registered with by email or similar technology (you can inform us at any time if you no longer require marketing communications);
- provide third-party with statistical information about our users – but this information will not be used to identify any individual user;
- deal with enquiries and complaints made by or about you relating to the website.
We will not provide your personal information to any third-party for the purpose of direct marketing [, but may provide them with aggregate information about our users (for example, we may inform that 500 women have viewed our website on any given day)].
Our website financial transactions are handled through
Or for some childcare providers, local authorities, schools or academies
- their own payment services provider, please refer to the relevant provider, local authority, school or academy’s T&C which can be found on their website or from your magicbooking account.
However, your personal data and data entered while registering your child(ren) will be confidentially passed onto the childcare provider, holiday club, club, local authority, school or academy you are registered with, this is because childcare providers, holiday clubs, clubs, local authorities, schools or academies need to have all necessary information related to your child(ren) including, but not limited to medical condition, food allergy, behavioural problems in order to provide a service adapted to your family needs. Childcare providers, holiday clubs, clubs, local authorities, schools or academies may also need to contact you, relatives or doctors in case of emergency. Childcare providers, holiday clubs, clubs, local authorities, schools or academies are data controllers and will hold and process this data in accordance with their own privacy and/or data protection policies and you are advised to check the terms of these before you register. As data processor, we are not responsible for their use of your data.
In addition, we may disclose information about you:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk) or the rights, property or safety of our customers, users, or others;
- Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners
- Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We do not hold physical personal data or sensitive personal data, all data is electronically stored.
Digital data is only stored for the intended purpose and is not kept longer than necessary.
Digital personal data and sensitive personal data is only accessed and manipulated by authorised members of staff who have been adequately trained to handled personal and sensitive data.
Every desktop, laptop, tablet or device from which data can be accessed is protected by strong passwords which are changed every 90 days.
All magicbooking databases and systems holding personal and sensitive data are protected by strong passwords which are changed every 90 days.
Every staff member or contractor has their own username and password for any login system.
We store all digital personal information including personal data and personal sensitive data you provide on our secure servers on the Microsoft Azure Cloud in Dublin.
All electronic transactions you make to or receive from us will be encrypted using TSL technology and data at rest is protected through SQL Database dynamic data masking.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and user details confidential. We will not ask you for your password.
- Data breaches
Our DPO take all necessary steps to ensure that all staff members are made aware of, and understand, what constitutes a data breach as part of their training.
All notifiable breaches will be reported to the relevant supervisory authority within 72 hours of magicbooking becoming aware of it.
Any breaches will be fully investigated by our DPO, reported to the data controller of the relevant childcare providers, holiday clubs, clubs, local authorities, schools or academies, and security measures will be assessed and reviewed in relation to the investigation.
If the data controller and data processor controller of the relevant childcare providers, holiday clubs, clubs, local authorities, schools or academies, agree that a breach is sufficiently serious, the data subject will be notified without undue delay.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
Some of our cookies are essential (“session” cookies), and parts of the site won’t work without them. These cookies are set when you submit a form, login or access the interactive maps.
Session cookies will be deleted from your computer when you close your browser.
We also use some non-essential cookies (“persistent” cookies) to anonymously track visitors. This helps us understand better how people use our site, so that we can improve it, and enhances your experience of the site.
Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Our advertisers/payment services providers may also send you cookies.
By using our website and servers you are deemed to accept these cookies, but may opt out of receiving the cookies (except the essential cookies) by emailing us at firstname.lastname@example.org
- Policy amendments
- Your rights
You may instruct us to provide you with any personal information we hold about you.
You may instruct us not to process your personal data for marketing purposes by email at any time. In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.
- Third party websites
Where the website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.
- Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.