Privacy Policy

PRIVACY POLICY

Jo Jingles Limited (we) are committed to protecting and respecting your privacy.

This policy, together with our terms of use (click here) and any other documents referred to in either document, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and any replacement or amending legislation, the data controller is Jo Jingles Limited, a company registered in England and Wales under company number 03052070, with its registered office at 22 Wycombe End, Beaconsfield, Buckinghamshire, HP9 1NB.
We are a registered data controller with the Information Commissioner’s Office under number Z6504025. Our nominated representative is the General Manager, whose contact details are available below.

1. Our franchise
We use a network of franchisees to deliver Jo Jingles classes in your local area. This network shares information with us in order for us to monitor the delivery and quality of Jo Jingles classes and the performance of our franchisees.
We will also share information with your local franchisee so that they can liaise with you about the classes that you want to attend. Please see section 4 below for more information on the basis on which we share this information. All our franchisees are currently registered with the Information Commissioner’s Office and are contractually obliged to pay the data protection fee annually.

This policy covers the use of our website by both consumers of Jo Jingles classes and/or products, and potential franchisees. Where it is necessary to distinguish between the types of data subject, we do so in this policy.

2. Information we collect from you
We will collect and process the following categories of data about you:

· Information you give us.

Parents and other users

This is information about you that you give us by filling in forms on the website (Site) or otherwise interacting with the
Site or us. This will be:

- “Contact Information” - your name, address, email address and telephone numbers;

- “Child Information” - your child’s name, date of birth, details of any medical conditions and details of a guardian or emergency contact; and

- “Payment Information” - (when using the online shop or otherwise paying for Jo Jingles products or classes) payment details which vary according to your chosen payment method when purchasing with us.

Potential franchisees

Again, this is information about you that you give to us by filling in the enquiry form on the Site or completing an application form that we have given you. This will be:

- ”Contact Information” - your name, address, email address and telephone numbers;

- “Experience Information” - your employment and education history and qualifications/certifications and information relating to your musical experience (including qualifications/certifications); and

- “Sensitive Information” - relevant medical history, credit checks and information on criminal convictions. Information relating to medical or criminal history are special categories of personal data and are subject to additional protections, which are set out in this document.

· Information we collect about you. This is information that we collect automatically about your visit during your time on the Site. It involves the collection of “Technical Information” using small data files called “cookies”. The information that we collect is:

- IP address;
- Login details (for registered users);
- Browser details (type and version and plug-in types;
- Device details (operating system and platform and location); and
- Site usage data (via Google Analytics).

We collect this information from parents, potential franchisees and all other users of the Site.
More information on how cookies work, what cookies we use and why can be found in our Cookie Policy (available here).

· Information we receive from other sources. This is information that we receive about you from third parties, such as business
partners, franchisees, providers of technical services (e.g. analytics) or sub‑contractors. The information that we received from third parties is Contact Information, Child Information and Technical Information. Please note that we do not receive, or have any access to, payment details provided through our online shop to our external payment processor (see section 4 below about for more information on our data sharing and data processors).

3. Uses made of the information
By law, we can only use personal information about you on a limited number of defined bases - the “lawful bases”. The lawful bases are as follows:
1. The data subject has consented to such use.
2. The use is necessary for the performance of a contract with the data subject.
3. The use is necessary for compliance with a legal obligation that we owe.
4. The use is necessary to protect the vital interests of the data subject or another person.
5. The use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority.
6. The use is necessary for the purposes of legitimate interests of us or a third party (except where such interests are overridden by your fundamental rights and interests).
Of particular concern to us are the bases identified in 1, 2, 3 and 6 above.

Parents and other users

The table below shows what uses we make of the information we collect and what category of information is involved in that use. It also shows what lawful bases are applicable to each use.
Please note that if we do agree to grant you a franchise, we will process your information in further ways than set out above. We will advise you separately of these uses/activities and our lawful basis for doing so at that time.

4. Disclosures of your information
Pursuant to the uses set out in section 3 above, we have the right to share the personal information that we collect with:
· Our franchisees. Jo Jingles classes are provided by a network of franchises across the country. Each franchise is a separate business that is owned and managed by the franchisee. In order to monitor the provision of Jo Jingles classes and services, and administer the Jo Jingles network as a whole, your personal information is shared between us and your local franchisee and vice versa. All of the data collected by our franchisees is stored on a secure online database (see section 5 below) and all our franchisees pay the data protection fee. The sharing of data between us and our franchisees is governed by contractual obligations in the franchise agreement. The data that is shared includes special categories of personal data where you have consented to such disclosure.

Occasionally, a franchisee may sell their franchise to another person. In such circumstances, the potential new franchisee will be given limited access to your personal data under a confidentiality agreement to assist in the transfer of the franchise. All new franchisees are expected to contact their customers to introduce themselves, provide an updated privacy notice and review the personal data held and, where relevant, the consents given to ensure continued compliance with data protection law.

· Our business partners and suppliers. Where you have made a purchase from the online shop, we will share your Contact Information with our selected carrier so that they can deliver your order to you. We may also disclose certain of your information to our professional advisers. Such advisers are under professional ethical obligations to maintain the confidentiality of any information we give to them.

· Other data processors. We have engaged certain organisations to provide particular data processing services to us.
If you are a parent or other user who is looking to buy a product from our online shop, we disclose Contact Information and Payment Information to Stripe, Inc. to process the payment. Stripe is a ‘Participating Organization’ in the Payment Card Industry Security Standards Council and has been independently certified as a PCI Level 1 Service Provider, which means that it is subject to the highest standards of data security and annual re-certification. Stripe are also members of the EU-US Privacy Shield Framework (please see https://www.privacyshield.gov/welcome for more information) and so disclosures and transfers between us and Stripe are protected. Please visit https://stripe.com for more information on Stripe (including their privacy policy).

Also, for information from parents and other users, we may disclose Contact Information to our online marketing processors - MailChimp - to administer promotional email campaigns for our own products and services, or to our market researcher - SurveyMonkey - for carrying out occasional market research and customer satisfaction online surveys. MailChimp is the trading name of The Rocket Science Group, LLC, which is a company located in the USA. SurveyMonkey is ultimately a US-owned company, but all their EU processing is carried out by SurveyMonkey Europe UC. Both MailChimp and SurveyMonkey are members of the EU-US Privacy Shield Framework.
Please visit https://mailchimp.com for more information on MailChimp (including their privacy policy) and https://www.surveymonkey.com for more information on SurveyMonkey (including their privacy policy).

If you are a potential franchisee, we will disclose your details to credit reference and fraud prevention agencies and to the Disclosure and Barring Service in order to conduct application checks. The privacy policies for the credit reference agencies that we use (Experian, Equifax and CallCredit) are available via their websites: https://www.experian.co.uk, https://www.equifax.co.uk and https://www.callcredit.co.uk. Further information on how your data may be used by credit reference and fraud prevention agencies is contained on the Franchise Application Form, and is also available on request. The Disclosure and Barring Service is a non-departmental public body affiliated to the Home Office.

· Analytics and search engine providers. Technical Information is shared between us and Google Analytics, which is a service provided by Google, Inc. Google are members of the EU-US Privacy Shield framework and their privacy policy can be found on their website. Information on the particular cookies used by the Google Analytics tool can be found here: https://developers.google.com/analytics/devguides/....

· Public bodies. Where we are legally obliged to disclose information to a public body (e.g. a government organisation, the Police or the courts), we will do so. We will only share the minimum information necessary for the purpose (which will never include any special category data without your consent) and will seek your express consent to share identifying information outside of the above organisations or outside of the EEA (save for in the circumstances set out above).

5. Where we store your personal data
All information provided to, or collected by, us or our franchisees is stored on our secure servers. Only authorised people have access to these servers, and each local franchisee can only see the information relevant to their own franchise. To ensure services continue to be delivered smoothly, we make regular back-ups of our data to a secure storage system at our head office, maintained for one year, after which the data is securely destroyed. Where information is provided or collected in hard copy, this is stored securely at our Head Office and is reviewed every 12 months. Where any data is identified at a review as no longer required, it is securely destroyed. We regard data as no longer required if we have not had any interaction with you for at least 2 years. All of our franchisees are under similar obligations. We will take reasonable steps to protect your information in accordance with this policy, including (without limitation):
· Installing a secure firewall;
· Using anti-virus protection software;
· Encrypting data; and
· Carrying out regular back-ups.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site at all times, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Should your data be unlawfully accessed or the subject of a data breach that may cause you significant harm, we will contact you and the Information Commissioner’s Office within 72 hours.

6. Your rights
You have the following rights under law in respect of your personal information:
· The right to be informed about the collectionand use of your personal information;
· The right of access to your information to verify the legality of our use of it;
· The right to request that inaccurate or incomplete information about you is rectified;
· The right to request the deletion or removal of your information where there is no further reason for us to use it ;
· The right to restrict the use of your information;
· The right to obtain and reuse the information that we have about you for your own purposes;
· The right to object to certain uses (such as for marketing purposes); and
· The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.

Should you wish to exercise any of these rights, whether against us or against your local franchisee, you may do so at any time by writing to us at the address given below. If applicable, please let us know if you are exercising your rights against your local franchisee so that we can forward your request on. We will respond to any request to exercise any of these rights promptly, and in any event within 30 days. If you feel that your rights have been breached in any way, you should contact Caroline Crabbe at the address given below, or lodge an official complaint with the Information Commissioner’s
Office.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

7. Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

8. Contact
Questions, comments and requests regarding this privacy policy are welcomed - please contact the General Manager:
· by telephone 01494 778989
· email us at jjorders@jojingles.co.uk.
· via our website http://www.jojingles.com; or
· by post to our Head Office at 1 Bois Moor Road, Chesham, Buckinghamshire, HP5 1SH.

Latest News Posts

EveryDay meets Jo Jingles!

Check out this great interview between our Newcastle upon Tyne Franchisee, Lindsay and EveryDay about her fantastic Intergenerational sessions - https://www.eve...

Read More

Say Hello!

01494 778989