PRIVACY / COOKIE POLICY

Introduction

We are committed to protecting and respecting the privacy of our website visitors and service users. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or is received by us from third parties, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By using this website and/or interacting with us in any way (including but not limited to supplying us with goods or services, accessing, purchasing, or making use of any of our products or services, entering competitions, promotions or surveys, working in conjunction with us, or communicating with us via any form of written, electronic, telephone or personal communication) you are accepting and consenting to the practices described in this Privacy Policy and you consent to our use of cookies.

 

Who We Are

Whenever we act as a Data Controller and are making decisions regarding the processing of data this policy will apply to all personal data collected from visitors to our website and users of our services.

In this policy, "we", "us" and "our" refer to Popcorn School Limited

For the purpose of the GDPR, the data controller is:

Popcorn School Limited (trading as ‘Easy Peasy Plays’), which is incorporated and registered in England and Wales with company number 8534985 whose registered office is at 1 Shortbutts Lane, Lichfield, WS14 1BT.

Data Protection registration number: ZA056652

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

 

SECTION 1: HOW WE USE YOUR PERSONAL DATA

This section contains a description of the personal data we collect from you and the general categories of that data, the ways we use your personal data, and the legal bases we rely on to do so. In the case of any personal data we did not obtain directly from you, the source and specific categories of that data is also included.

Personal data we obtain from you:

a) When you open an account:

Data: This may include your name, company/organisation name, email address, postal address, telephone number, date of birth.

Purpose: This data may be processed for the purposes of providing services, communicating with you, security and running our website, and maintaining back-ups of our databases. Communications you may receive from us may include information and/or updates about your purchases, orders, and use of our services.

Legal basis for processing: Consent and our legitimate interests, namely the proper running and administration of our website and the provision of our services.

b) When you make any transaction, place an order, make a purchase, access a service, or supply us with services and/or goods:

Data: This may include your name, company/organisation name, email address, postal address, telephone number, date of birth.

Purpose: This data may be processed for the purposes of providing services, communicating with you, security and running our website, and maintaining back-ups of our databases. Communications you may receive from us may include information and/or updates about your purchases, orders, and use of our services.

Legal basis for processing: The performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract, and our legitimate interests, namely the provision of our services and administration of our website and business.

Data: This may include your contact details, and financial details such as bank account and sort code.

Purpose: This data may be processed for the purposes of making payments, and transactions (such as invoices and/or purchase orders), supplying the purchased goods and services, and keeping proper records of those transactions.

Legal basis for processing: The performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the provision of our services and administration of our website and business.

c) When you send us any communication or submit an enquiry to us (for example by telephone, email, or via our on-line contact form):

Data: This may include your name, company/organisation name, email address, postal address, telephone number, date of birth, and communication data and associated metadata (our website will generate the metadata associated with communications made using the on-line contact form).

Purpose: This data may be processed for the purposes of offering, marketing and selling relevant goods and/or services and communicating with you, and record-keeping. Communications you may receive from us may include information about products and/or services, updates about your purchases and/or orders, and use of our services.

Legal basis for processing: Consent, and our legitimate interests, namely the provision of our services, communicating with you and administration of our website and business.

d) When you submit reviews/comments to us for publication/marketing purposes:

Data: This may include your name, company/organisation name, email address, telephone number.

Purpose: This data may be processed for the purposes of publication, and communicating with you. Communications you may receive from us may include information and/or updates about your purchases, orders, and use of our services.

Legal basis for processing: Consent.

e) When you subscribe to our email notifications and/or newsletters:

Data: This may include your name, company/organisation name, email address, telephone number.

Purpose: This data may be processed for the purposes of communicating with you and sending you relevant notifications, offers, free offers, information about new products and/or services, and newsletters.

Legal basis for processing: Consent.

f) When you use our website and services:

Data: This may include information about your visit, including your Internet Protocol (IP) address, geographical location, browser type/version, operating system, referral source, length of visit, page views, website navigation paths, the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-hovers), methods used to browse away from the page, and any phone number used to call our customer service number, as well as information about the timing, frequency and pattern of your service use. The source of this data is the following providers, together with details of their individual Privacy Policies:

Google Analytics: https://policies.google.com/privacy?hl=en

SoundCloud: https://soundcloud.com/pages/privacy/05-2018

Vimeo: https://vimeo.com/privacy

YouTube: https://policies.google.com/privacy?hl=en-GB&gl=uk

Mailchimp: https://mailchimp.com/legal/privacy/

CookieBot: https://www.cookiebot.com/en/privacy-policy/

Shopify Analaytics: https://www.shopify.com/legal/privacy

MailMunch: https://legal.mailmunch.com/privacy/

Purpose: This data may be processed for the purposes of analysing the use of our website and improving our services.

Legal basis for processing: Our legitimate interests, namely monitoring and improving our website and services.

g) Additional uses:

    We may process or share any of your personal data as specified in this policy with third parties if required to do so for legal issues, for the protection or others, or for any other unspecified purpose in addition to the specific uses set out in this policy.
     

    h) Other people's personal data:

    Please do not provide us with the personal data of any other person, unless we specifically ask you to do so and unless the other person has given you permission and has fully understood and accepted this Privacy Policy.

     

    SECTION 2: SOCIAL MEDIA

    We may make use of social media platforms and content from third party providers, including but not limited to Facebook and Twitter. These social media platforms set cookies. We have no control over these cookies. For further information about these cookies and what they are used for, please contact these third party providers directly.

    You control the personal data that you allow us to have access to via your privacy settings and preference settings within the privacy controls on each of the respective social media platforms. By making use of our services via these social media platforms you acknowledge that we may receive automatic access to certain personal data about you that is held by them (including your user name, data from your on-line account profile, and content accessed by you), and you agree that we can process your personal data as provided by these social media platforms in accordance with this Privacy Policy.

     

    SECTION 3: PROVIDING YOUR PERSONAL DATA TO OTHERS

    This section provides details of third parties we may pass your data to.

    a) Our service providers:

    We may share your personal data with our suppliers or subcontractors where necessary. Our service providers include:

    Shopify (Canada) are our website hosting providers.
    See their Privacy Policy here: https://www.shopify.com/legal/privacy

    Microsoft (Office 365) host our emails, documents, and contact information.
    See their Privacy Policy here: https://privacy.microsoft.com/en-gb/privacystatement

    Mailchimp host our emails (including newsletters).
    See their Privacy Policy here: https://mailchimp.com/legal/privacy/

    Sendowl deliver some of our digital files.
    See their Privacy Policy here: https://www.sendowl.com/privacy

    Vonage host our telephone service.
    See their Privacy Policy here: https://www.vonage.com/privacy-policy

    Royal Mail host our delivery service.
    See their Privacy Policy here: https://www.royalmail.com/privacy-notice

    Post Office host our delivery service.
    See their Privacy Policy here: https://www.postoffice.co.uk/privacy

    Fraud protection, debt recovery and credit facilities providers.

    b) Our payment providers:

    Financial transactions relating to our website and services may be handled by our payment services providers. We may share your personal data (which may include your contact details, and financial details such as bank account and sort code) with the providers of our payment services for the processing of financial transactions, including processing your payments, providing your refunding, and processing enquiries relating to all financial transactions. Our payment services providers include:

    Stripe: https://stripe.com/gb/privacy

    PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

    Shopify: https://www.shopify.com/legal/privacy

    HSBC: https://www.hsbc.co.uk/1/2/legal/site-terms-and-privacy-statement

    Apple Pay: https://support.apple.com/en-gb/HT203027

    c) Our group of companies:

    We may share your personal data with any member of our group of companies (including our subsidiaries, our parent company and all its subsidiaries) for the purposes, and on the legal bases as set out in this policy.

    d) Professional advice/services:

    We may share your personal data with third parties (including our accountants, insurers, and legal and professional advisers) where required for necessary administrative purposes (including obtaining or maintaining insurance cover, obtaining legal or professional advice, managing risks, or processing the establishment, exercise or defence of legal claims, whether as court action or in administrative or out-of-court actions) on the legal bases as set out in this policy.


    e) Selected third party suppliers:

    We may share your enquiry data with third party suppliers of goods and services in order for them to contact you to provide marketing or information on relevant goods or services. In relation to your personal data as supplied by us, the third party receiving your data will act as a data controller and each such third party will be bound by its own privacy policy.

    f) The establishment, exercise or defence of legal claims:

    We may process or share any of your personal data as specified in this policy with third parties where required to do so for legal obligations, including the safeguarding and implementation of all legal rights and claims for us, you and others, whether as court action or in administrative or out-of-court actions.

     

    SECTION 4: INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

    Your personal data may be transferred to third parties located outside the European Economic Area (EEA) or to these third party’s service providers located outside the EEA. Where this is the case, we take steps to ensure we or our data processors only make such transfers to countries where the European Commission has made an ‘adequacy decision’ regarding data protection laws in these countries, or otherwise where appropriate safeguards are in place, such as the EU-US Privacy Shield in respect of transfers to the US. You can contact us for more information, and details of how to obtain a copy of these safeguards.

    Shopify (the hosting facilities for our website), are situated in Canada and the USA.

    Mailchimp (our email and newsletter provider), are located in the USA.

    You can find privacy policies for Shopify and Mailchimp here:

    Shopify: https://www.shopify.com/legal/privacy

    Mailchimp: https://mailchimp.com/legal/privacy/

    Please also note that by submitting your personal data for publication by us, you provide consent that such data may be made available, around the world, via the internet. We cannot protect this personal data from use or misuse by others.

     

    SECTION 5: RETENTION OF YOUR PERSONAL DATA

    We shall retain your personal data for as long as we deem necessary in relation to the purpose or purposes as outlined in this policy, and/or the purposes of satisfying any legal, accounting, business or reporting requirements. The length of time we retain your data depends on a number of important factors including the purposes for collecting and using the data, the nature and sensitivity of the data, the potential risk from unauthorised use or disclosure of your personal data, our obligations under legal, accounting or reporting requirements, and our legal obligations to protect your vital interests or the vital interests of others.

    We may require your personal data to fulfil our legal, accounting or reporting obligations. For this reason, we may retain your data for seven years after the date it is no longer required by us for any of the purposes listed in this policy, unless:

      • existing or future law or regulations require us to your retain your data for a longer or shorter period;
      • you ask us to delete your data (if such a request applies) and we do not need to hold it for any other reason;
      • legal proceedings or enquiries require us to hold your data until such proceedings or enquiries have concluded and we do not need to hold it for any other reason.

        Our Retention Policy contains the details of our individual retention periods, and is available on request.

         

        SECTION 6: SECURITY OF YOUR PERSONAL DATA

        To protect your personal information, we take reasonable precautions and appropriate security measures to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

        We have a policy to process any suspected personal data breach.

        Payment:

        If you choose a direct payment gateway to complete your purchase Shopify will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

        All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

        PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.

        If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

         

        SECTION 7: YOUR RIGHTS

        Under the General Data Protection Regulation (GDPR), you have the following rights:

          a) Right to be informed: This Privacy Policy and our Cookie Policy explains how your personal data is used when using our website and services.


          b) Right of access: You have the right to ask for a copy of the personal data we may hold about you, together with certain additional information (that includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data). Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.


          c) Right to rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.


          d) Right to erasure: In some circumstances, you have the right to erasure of your personal data (right to be forgotten) without undue delay. These may include:

          • the personal data is no longer necessary for the purpose which we originally collected or processed it for;
          • where consent is our lawful basis for holding the data, you withdraw your consent;
          • where legitimate interests is our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing;
          • processing for direct marketing purposes;
          • processing the personal data unlawfully.

          This right only applies in specific circumstances.


          e) Right to restrict processing: In certain circumstances, you have the right to request the restriction or suppression of your personal data. Where processing is restricted, we may store the personal data, but not use it unless:

          • we have your consent;
          • it is for the establishment, exercise or defence of legal claims;
          • it is for the protection of the rights of another person (natural or legal); or
          • it is for reasons of important public interest.


          f) Right to data portability: The right to data portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller. The right to data portability only applies when:

          • our lawful basis for processing this information is consent or for the performance of a contract; and
          • we are carrying out the processing by automated means (ie excluding paper files).

          However, this right won’t apply if it would adversely affect the rights and freedoms of others.

          g) Right to object: You have the right to object to our processing of your personal data where our legal basis is legitimate interest or the performance of a task in the public interest/exercise of official authority (including profiling) and where you have an objection on “grounds relating to your particular situation”.

          If you make such an objection, we will stop processing the personal data unless:

          • we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
          • the processing is for the establishment, exercise or defence of legal claims.


          h) Right to object to direct marketing: You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will stop processing your personal data for this purpose.


          j) Right to complain to a relevant supervisory authority: You have the right to lodge a complaint with a relevant supervisory authority. In the UK, this is the ICO.


          k) Right to withdraw consent: Where our legal basis for processing your personal data is consent, you have the right to withdraw that consent at any time, however, this will not affect the lawfulness of any processing carried out before you withdraw consent.

            You may exercise your rights in relation to your personal data by contacting us at hello@easypeasyplays.co.uk

             

            SECTION 8: COOKIES

            A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. They may be ‘persistent’ or ‘session’. ‘Session’ cookies expire at the end of a user’s session when the web browser is closed. ‘Persistent’ cookies are stored by web browsers and remain valid until the cookie’s set expiry date (unless it’s deleted by the user first).

            We use the following cookies:

            • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
            • Statistical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
            • Preference/functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
            • Marketing/targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

            You can find more information about the individual cookies we use and the purposes for which we use them, and change your preferences, in our Cookies List here:
            https://easypeasyplays.co.uk/pages/cookies-we-use


            Third Party Cookies

            Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.


            Google Analytics

            This website uses Google Analytics, a web analytics service provided by Google. Google Analytics use cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.

            Please refer to the following Google Page “How Google uses information from sites or apps that use our services” here: 
            www.google.com/policies/privacy/partners/

            You can also read more about Google Analytics here:
            https://support.google.com/analytics/answer/6004245

            You can read about Google Aalytics’ privacy policy here:
            https://policies.google.com/privacy?hl=en


            Sound Cloud

            This website uses the embedded player provided by SoundCloud Ltd, Rheinsberger Str. 76/77, 10115 Berlin, Germany (“SoundCloud”). When you visit a page of our website that contains the embedded player, your browser establishes a direct connection to the SoundCloud servers and in this process your IP address, your user agent, the site referrer and cookie data is transferred to SoundCloud. SoundCloud may also place cookies that recognize your browser to perform analytics aimed at improving SoundCloud’s products, services and technologies when the player is loaded.

            For more information see SoundCloud’s privacy and cookie policies here:
            https://soundcloud.com/pages/privacy/05-2018


            Youtube

            This website uses embedded video content from Youtube. These embedded videos set cookies. We have no control over these cookies. For further information see Youtube’s privacy and cookie policies here:
            https://policies.google.com/privacy?hl=en-GB&gl=uk


            Vimeo

            This website uses embedded video content from Vimeo. These embedded videos set cookies. We have no control over these cookies. For further information see Vimeo’s privacy and cookie policies here:
            https://vimeo.com/privacy


            Shopify

            This website uses Shopify to host/manage our website and provide analytics. Shopify uses cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. For further information see Shopify’s privacy and cookie policies here:
            https://www.shopify.com/legal/privacy


            Cookiebot

            This website uses Cookiebot to provide a cookie consent pop-up. For further information see Cookiebot’s privacy and cookie policies here:
            https://www.cookiebot.com/en/privacy-policy/


            Mailchimp

            This website uses Mailchimp to provide pop-ups and email services. For further information see Mailchimp’s privacy and cookie policies here:
            https://mailchimp.com/legal/privacy/


            Mailmunch

            This website uses Mailmunch to provide pop-ups and email services. For further information see Mailmunch’s privacy and cookie policies here:
            https://legal.mailmunch.com/privacy/


            Social media

            Our website may make use of social media content from Third Party providers, including but not limited to "Facebook" and "Twitter". These Third Party providers set cookies. We have no control over these cookies. For further information about these cookies and what they are used for, please contact these Third Party providers (e.g. "Facebook" and "Twitter") directly.


            Managing/blocking cookies 
            You can refuse to accept, block or delete cookies in most browsers; the methods vary depending on the browser/version.
            However, if you use your browser settings to block all or any cookies (including essential cookies) you may not be able to access all or parts of our site.  You can find out more about cookies, including how to see the cookies that have been set, at www.aboutcookies.org or www.allaboutcookies.org.

             

            The following links will give you more information:

            Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

            Safari: https://support.apple.com/kb/PH21411

            Chrome: https://support.google.com/chrome/answer/95647?hl=en

            Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

            Opera: http://www.opera.com/help/tutorials/security/cookies/

            Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy


            Web Beacons and other Tracking Technologies

            We, or our third party partners, may use a software technology called web beacons (which are also called pixels, web bugs or clear gifs). These are tiny graphics with a unique identifier, that shows us when content is viewed. Our third party partners or us, may link information gathered by web beacons to information obtained from, or stored in cookies.

             

            SECTION 9: OTHER IMPORTANT TERMS

              a) Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

              Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

              b) Transfer of data to another company: If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.


              c) Internet security: The transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or from our site, or through any electronic interactions with our company, its subsidiaries or staff; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


              d) Children: Our website is not intended for use by children and we do not knowingly market to anyone under the age 18, nor collect data relating to anyone under the age of 18. By using our services and/or this site, you represent and confirm that you are at least the age of majority in your state or province of residence. People under 18 (or the legal age of majority in your state or providence of residence, whichever is higher) are not permitted to register for an account or use our services.

                We do not knowingly collect any personal data from children under the age of 18. If we become aware that a child under age 18 has provided us with personal data we will delete it. If you believe that a child has provided us with personal data, please contact us at hello@easypeasyplays.co.uk

                 

                This policy was last updated on 21 November 2022.