We use a combination of technical, administrative and physical controls to maintain the security of your data. The data we collect and how it is kept and protected is outlined below.
We only collect the data we need to provide the best and most efficient service to you.
We do not take card payments and therefore we do not collect or store any customers card details.
In order to create, process and complete our bookings for the customer, there is certain data that we need to take and record. Details of this is as follows-
We ask all customers (via email or a telephone conversation initiated by the customer) for a full name and postal address in order to raise invoices for bookings. This is used for invoice purposes only and we do keep a digital and printed copy of invoices for our financial records. These can only be accessed by our management team (Becky Shaw and Russell Shaw) through our Teaching Talons laptop and desktop computer only, both of which are password protected and encrypted.
Invoices are only transferred by our password protected Teaching Talons email address to our directors private, password protected email address. These are not accessible to anyone else outside of our management team and details are never passed on to anyone else or any third parties.
As required by HMRC, we keep digital and hard copies of invoices for 6 years.
For all bookings we ask customers (during their phone call or through password protected email or Facebook messenger from our business account- depending how the customer has made contact) for the full postal address of the booking, which may sometimes be a private home location, along with two contact numbers. This is so we can record them in our hard copy diary, in order to get to locations on the day and phone customers if needed on the day. For example, we may need to phone a customer if we get stuck in traffic, or cannot find a location. These details are not used at any other time. Our diary is kept with the presenting team at all times when travelling to and from and during bookings. When not at a booking, our diary is kept at one of our two, private premises- which are locked. Booking addresses and phone numbers are not kept anywhere else and are not transferred anywhere else, or to anyone else.
If a customer books a party- we also ask for the birthday childs first name. This is simply so we can make our parties personal and the name is only recorded in the diary we bring with us to bookings.
We keep our diaries permanently- as a record of when and where we have done bookings and the type of bookings they were- along with their corresponding invoice numbers.
Most of our correspondence is completed via email and all of our invoicing is sent via email, to save paper. This email account is only accessed by animal manager and presenter- Becky Shaw. No one else has access to, or uses this information. We don’t email newsletters, or other correspondence to customers and email addresses are used solely for arranging bookings, a follow up email to ask how the customer found their experience, to say thank you and for sending customer invoices.
For staff, volunteers and work experience students we keep an email and paper record of the individuals full name, contact number, email address and home address. We also keep a signed copy of their medical declaration, risk assessment and contract, along with a copy of their CV. All individuals have volunteered this information to us directly and are aware of how it is used and stored. These are all kept in a secure folder, locked on site and not taken off premises. This information is kept on file permanently so we have a record of past employees and volunteers (unless we are asked to destroy it). Bank details are only used for paying staff and these are only held and accessed by director, Russell Shaw.
We run enhanced DBS checks on all paid staff and take a copy of driving licences and birth certificate as evidence for this. These copies aren’t kept after the DBS request is submitted. The DBS certificate is carried with us in a folder on bookings and kept in a locked place on site when we are not travelling.
The above outlined data is the only data Teaching Talons Ltd. collect and hold. It is not used, sold to, or transferred to anyone else outside of Teaching Talons Ltd.
Right to Erasure (Right to be Forgotten). Under Article 17 allows all individuals to request the deletion of personal data at any time by contacting us directly. Individuals also have the right to Data Portability and Subject Access Requests.