Time to Shine Kids Ltd respects your privacy and would like you to understand the ways in which we collect and use personal information provided by you in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Time to Shine Kids Ltd (*hereafter referred to as Time to Shine) is a company offering Therapy and Learning with horses. We are registered in England and Wales as a not for profit limited company at Companies House (Company Number: 10775435) and our registered office is C/O Lower Morden Equestrian Centre, Garth Road, Lower Morden, Surrey, SM4 4NL.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Our Data Protection Officer, Mrs. Carey Khan, is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact then please use the contact form on this site.
Collection and Use of Information
Time to Shine collects two kinds of information:
1. Personal Information, and
2. Non-personal Information.
We may use both personal information and non-personal information, individually or together, for record-keeping purposes, to improve our marketing and promotional efforts, improve our products and services, better understand customer interests and preferences, and/or provide you with relevant information.
We obtain personal data about you, for example, when:
• you engage us to use our services and also during the course of the provision of those services;
• you contact us by email, telephone, post or online via social media, our website online booking system or website contact form.
The information we hold about you may include the following:
• your contact details (for example name, address, email and telephone numbers);
• details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
• details of any services you have received from us;
• our correspondence and communications with you;
• information about any complaints and enquiries you make with us;
• information we receive from other sources, such as: publicly available information; information provided by your referrer (for example parents, teachers, social workers etc.).
• information received on the referral form and other sensitive information stored about you, for example session notes, will be kept confidential and stored in a safe locked cabinet. Permission will be sort before this is shared with third parties and otherwise this will only be shared if required from a safeguarding perspective without permission.
The information may be used for the following purposes:
1. to provide you with products, services, or information you request
2. seek your feedback on the services we provide
3. notify you about any changes to our services
4. to deliver marketing communications or promotional materials that may be of interest to you;
5. to improve the services we provide to you and the usefulness of the website; to prevent and detect fraud, infringement, and other potential misuse of our site.
6. collect and store your personal data as part of our legal obligation for business accounting and tax purposes; although we will not include ‘client identifiable information’ on records sent to our accountant.
7. to get supervision / mentoring to improve the services we provide to you. Although we will not include ‘client identifiable information’ on information shared with our supervisor.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing the appropriate retention period for your personal data, we take into consideration:
• the requirements of our business and the services provided
• any statutory or legal obligations
• the purposes for which we originally collected the personal data
• the lawful grounds on which we based our processing
• the types of personal data we have collected
• the amount and categories of your personal data
• whether the purpose of the processing could reasonably be fulfilled by other means.
Where we need to use your personal data for any reason, other than the purpose for which it was initially collected, we will only do so where said reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
Data processors and third parties
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
“Third parties” includes third-party service providers. The following activities may be carried out by third-party service providers: IT and cloud services, customer relationship management and emailing programs, professional advisory services and administration services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
Blogs, social media and other interactive features
We may offer blogs, surveys or other interactive features such as competitions and loyalty programmes at our website that allow you to share information about our services or other issues of interest.
You should be aware that any communications you submit or post to any such interactive features may be viewable by other participants or users. Therefore, you acknowledge and agree that you have no expectation of privacy or confidentiality in the content you submit for such interactive features, whether or not it contains personal information about you.
Note regarding use of this site by children
We request that children do not provide personal information at this site. To register with us and to make use of our online booking system, you must be over eighteen years of age.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
When supplying personal information you will be given the option to opt-out to indicate that you do not wish your information to be used for direct marketing purposes. If you have previously omitted to check the opt-out box, you may email us with a request to rectify this.
We will not sell, distribute or lease your personal information to third parties.
However, personal information of any individual user may be shared with entities outside Time to Shine Kids: (i) as permitted by law, (ii) in the event of a transfer of ownership, assets or bankruptcy of Time to Shine Kids, (iii) where we determine that disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process, or (iv) to protect the interests or safety of Time to Shine or other visitors to this site.
Passive collection of Non-personal Information
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the site, and understanding how visitors use the site.
Cookies can also help customise the site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personal information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties, such as Ad Networks – see below
Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
Ad Networks (Advertising networks)
We may have relationships with third party service providers known as Ad Networks to serve ads on our behalf across the internet. Using cookies, advertising networks collect anonymous information about your visits to our site and other sites in order to deliver advertisements that may be of particular interest to you. This process does not involve the collection of any personal information. We do not share any personal information about you with these advertising networks.
Marketing communications from Time to Shine
This site may provide you with the opportunity to opt-in to receive marketing communications from Time to Shine. We will not send you promotional offers, if you do not choose to opt-in. You may also opt-out of marketing communications at any time by clicking the “unsubscribe” link in the body of the communication. However, regardless of your opt-in preferences, we may still at times need to send you e-mails for administrative reasons.
Links to other websites
This site may contain links to other sites. Time to Shine is not responsible for the privacy practices or the content of these other sites. We provide such links only as a convenience and the inclusion of a link on the site does not imply endorsement of the linked site by Time to Shine Kids.
The password you provide when registering with the website is encrypted to ensure protection against unauthorised access to your personal information. We invest in high-quality security and we will do our utmost to protect your privacy. We use Secure Socket Layer (SSL) encryption to provide a high level of confidence when you first register with us and subsequently login using a password. A padlock icon will appear in your browser while you are logged in indicating that encryption is active. Our site also features a Trust Logo site seal. However, no data transmission over the Internet can be entirely secure, and therefore we cannot guarantee the security of your personal information and/or use of the website. Any information that you send is at your own risk and may be read by others. However once we have received your personal information we use strict procedures to protect the security of your personal information.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Governing Law and Jurisdiction
Transferring personal data outside the European Economic Area (EEA)
We will not transfer the personal identifiable data we collect about you outside of the EEA. Where delivery of our assignments are undertaken outside the EEA, we will ensure that any data shared is treated with the exacting standards and conditions prescribed by, and in accordance with, EU and UK Data Protection laws.
We do receive mentoring and supervision from Eagala Executives outside the EEA and for this purpose will share case information however this will not include personal identifiable information and will be password protected.
There is an adequacy decision by the European Commission in relation to these countries therefore they will be deemed to provide an adequate level of protection for your personal information for the purpose of the Data Protection Legislation.
Should you require further information about this protective measure, please use our contact form on this site.
Rights of access, correction, erasure and restriction
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact form on our site.
Under certain circumstances, by law you have the right to:
• Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our data protection point of contact Mrs. Carey Khan on the contact form on this site. You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, it could be in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email our data protection point of contact Mrs. Carey Khan using the contact form on this site.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our Data Protection Point of Contact:
Mrs. Carey Khan using the contact form on this site.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time.
Website – https://ico.org.uk/concerns