Privacy Policy

INTRODUCTION

Welcome to S+G’s Privacy Policy.

S+G respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect personal data when you visit our website, contact us, or use our services (including parties, holiday camps, activity days/weeks and corporate events). It also explains your rights under data protection law.

This Privacy Policy is provided in a layered format so you can easily navigate to the sections below:

1. Summary for young readers

2. Important information and who we are

3. The data we collect

4. How we collect your data

5. How we use your data and our lawful bases

6. Who we share your data with

7. International transfers

8. Data security

9. Data retention

10. Your legal rights

11. Glossary

1. SUMMARY FOR YOUNG READERS

Sometimes we need to collect information about you so we can run our parties and events safely and properly. For example, we might need your name, your age, where the party is happening, and any important information that helps keep you safe (like allergies).

Usually your parent or guardian gives us this information. We use it to organise the Event, make sure we go to the right place, and help you have a brilliant time.

We keep this information safe and only let the right people see it. You have rights over your information. That means you can ask what we hold, ask for it to be corrected, and in some cases ask for it to be deleted.

If you have questions, ask your parent or guardian to read this policy and they can contact us too.

2. IMPORTANT INFORMATION AND WHO WE ARE

Who we are

S+G is the data controller responsible for personal data collected and processed through our website and services.

In some cases, we receive personal data about Guests from Clients (for example, guest lists or allergy information). Where we use this data to deliver our services, we process it in accordance with this Privacy Policy and applicable data protection law.

Contact details

Legal entity: Sharky and George Limited
Company number: 06224400
Address: 17 Berghem Mews, Blythe Road, London W14 0HN
Email: george@sharkyandgeorge.co.uk
Telephone: 0207 924 4381

Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would appreciate the opportunity to address your concerns first, so please contact us using the details above.

Children

Our website is primarily directed at parents and guardians, but we recognise that children may access it. We may process children’s personal data when providing our services.

When you provide information about a Child to us, you confirm that you have parental responsibility or appropriate authority to do so.

Third-party links

Our website may include links to third-party websites, plug-ins or applications. We do not control those websites and are not responsible for their privacy policies. Please review their privacy information when you leave our website.

3. THE DATA WE COLLECT

Personal data means any information that can identify an individual.

We may collect and process the following categories of data:

Identity and contact data

• Names of parents/guardians and Guests

• Email address, telephone number, billing address

• Event address and relationship to the Guest

• For corporate enquiries: job title, company name and work contact details

Event and service information

• Booking details (Event date, time, location, numbers attending)

• Preferences and requirements relevant to the Event

• Health information (such as allergies or medical conditions), where necessary for safety

Communications

• Emails, messages or calls you send to us

• Feedback, reviews and survey responses

Technical and usage data

• IP address, browser type and version, device information

• Information about how you use our website

• Cookie and analytics data (see our Cookie Policy)

We do not intentionally collect criminal convictions data and only collect health-related information where it is necessary for providing our services safely.

4. HOW WE COLLECT YOUR DATA

We collect personal data in the following ways:

• Directly from you when you contact us, complete website forms, make enquiries or book Events

• Automatically through cookies and similar technologies when you use our website

• From third parties such as analytics providers or service partners where necessary to deliver our services

Further information about cookies is available in our Cookie Policy.

5. HOW WE USE YOUR DATA AND OUR LAWFUL BASES

We only use your personal data where the law allows us to do so. Most commonly, we rely on:

• Performance of a contract

• Legitimate interests

• Legal obligations

• Consent, where required (for example, certain marketing or cookies)

Key purposes

Providing and managing Events

• Processing bookings and delivering services

• Communicating about Event details and changes

• Managing payments and invoices
  Lawful basis: Contract, Legitimate interests, Legal obligation

Health, safety and safeguarding

• Managing allergies, medical needs and safety planning

• Contacting you in an emergency where necessary
  Lawful basis: Contract, Legitimate interests

Customer relationships

• Responding to enquiries and feedback

• Handling complaints or issues
  Lawful basis: Legitimate interests, Contract

Marketing

• Sending updates about S+G where permitted
  You can opt out at any time by contacting us.
  Lawful basis: Legitimate interests and/or Consent

Website analytics and improvement

• Understanding how visitors use our website

• Improving content and performance
  Lawful basis: Legitimate interests and/or Consent

Special category data

Health and allergy information is treated as special category personal data. We only process this information where necessary to deliver Events safely and appropriately.

6. WHO WE SHARE YOUR DATA WITH

We may share personal data with trusted third parties, including:

• Service providers who support our business (IT, email, analytics, admin tools)

• Event venues, partners or suppliers where required to deliver an Event

• Professional advisers (lawyers, accountants, insurers)

• Regulators or authorities where required by law

All third parties are required to keep your data secure and to process it only in accordance with our instructions.

7. INTERNATIONAL TRANSFERS

Some suppliers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law.

8. DATA SECURITY

We have appropriate security measures in place to protect personal data against loss, misuse, unauthorised access or disclosure. Access to personal data is limited to those who need it for business purposes.

We have procedures to deal with suspected personal data breaches and will notify you and/or the ICO where legally required.

9. DATA RETENTION

We retain personal data only for as long as necessary for the purposes for which it was collected.

• Booking records and invoices: retained for 10 years from the end of the financial year in which the Event took place, for accounting, tax and business record purposes.

• Health, allergy and safety information: retained for up to 12 months after the relevant Event, unless a longer period is required due to an incident or legal obligation, after which it is securely deleted or anonymised.

• Enquiries that do not result in a booking: retained for up to 3 years to allow appropriate follow-up and business record keeping, after which the data is securely deleted or anonymised.

10. YOUR LEGAL RIGHTS

You have rights under UK data protection law, including the right to:

• Access your personal data

• Correct inaccurate data

• Request erasure in certain circumstances

• Object to processing, including direct marketing

• Request restriction of processing

• Request data portability

• Withdraw consent where consent is relied upon

To exercise your rights, please contact: george@sharkyandgeorge.co.uk

We will respond within one month in most cases.

11. GLOSSARY

UK GDPR: United Kingdom General Data Protection Regulation
Data controller: The organisation that decides how and why personal data is processed
Special category data: Personal data requiring extra protection, such as health information
Legitimate interests: Our business interests in operating and improving S+G, balanced against your rights

LAWFUL BASIS

Legitimate interests means the interest of our business in conducting and managing our business to enable us to provide our services effectively, safely and securely. We consider and balance any potential impact on individuals (both positive and negative) and their rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on the individual, unless we have consent or are otherwise required or permitted by law. You can obtain further information about how we assess our legitimate interests by contacting us.

Performance of a contract means processing personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

Legal or regulatory obligation means processing personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.

THIRD PARTIES

Internal third parties
Other companies within our corporate group, based in the United Kingdom, which provide IT, system administration or management support services.

External third parties
Service providers acting as processors who provide IT, system administration, website hosting, analytics, email or operational support services. These providers may be based in the UK or outside the UK.

Professional advisers including lawyers, accountants, auditors and insurers based in the United Kingdom who provide legal, financial, insurance and accounting services.

HM Revenue & Customs, regulators and other authorities based in the United Kingdom where reporting or disclosure is required by law.