Privacy Policy

This Privacy Policy applies between you, the user of this website, and The Little Lullaby Company, the owner and provider of this website. The Little Lullaby Company takes the privacy of your information very seriously. This Privacy Policy applies to our use of any and all data collected by us or provided by you in relation to your use of the Website.

This Privacy Policy should be read alongside, and in addition to, our Terms and Conditions, which can be found at: https://www.thelittlelullabyco.com/terms-and-conditions.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

The Little Lullaby Company reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Privacy Policy on your first use of the Website following the alterations. 

If you have any questions about this Privacy Policy, please contact me: jo@thelittlelullabyco.com

Please read this Privacy Policy carefully.

Definitions and Interpretation

In this Privacy Policy, the following definitions are used:

Data

Collectively all information that you submit to The Little Lullaby Company via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;

Data Protection Laws

any applicable law relating to the processing of personal Data, including but not limited to the GDPR, and any national implementing and supplementary laws, regulations and secondary legislation;

GDPR

the UK General Data Protection Regulation;

The Little Lullaby Company, we or us

The Little Lullaby Company of 2 Kelly Gardens, Sawbridgeworth, CM21 0FA;

User or you

any third party that accesses the website and is not either (i) employed by The Little Lullaby Company and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to The Little Lullaby Company and accessing the Website in connection with the provision of such services; and

Website

the website that you are currently using, www.thelittlelullabycompany.com, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

Scope of this Privacy Policy

This Privacy Policy applies only to the actions of The Little Lullaby Company and users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

For purposes of the applicable Data Protection Laws, The Little Lullaby Company is the “data controller”. This means that The Little Lullaby Company determines the purposes for which, and the manner in which, your Data is processed.

Data Collected

In accordance with the General Data Protection Regulation (GDPR), I will process any personal data according to the principles below:

We must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. We will be clear about what data we are collecting, and why.
We must only use the data for the reason it is initially obtained. This means that we may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.
We must not collect any more data than is necessary. We will only collect the data we need to hold in order to do the job for which we have collected the data.
We will ensure that the data is accurate, and ask parents to check this information throughout the period we are working together and confirm that the data held is still accurate.
We will not keep data any longer than needed. We must only keep the data for as long as is needed to complete the tasks it was collected for.
We must protect the personal data. We are responsible for ensuring that we, and anyone else charged with using the data, processes and stores it securely.
We will be accountable for the data. This means that we will be able to show how we are complying with the law.

We may collect the following Data, which includes personal Data, from you:

a) name;
b) date of birth;
d) contact Information such as email addresses and telephone numbers;
e) demographic information such as address and postcode;
f) IP address (automatically collected);
g) web browser type and version (automatically collected);
h) detail relating to your child, including name, age, medical history, special requirements and sleep;
i) medical information of the parents should it concern or affect their ability to carry out the plans agreed with The Little Lullaby Company;
j) who has parental responsibility for the child(ren);

in each case, in accordance with this Privacy Policy.

How We Collect Data

We collect Data in the following ways:

a) data is given to us by you;
b) data is received from other sources; and
c) data is collected automatically.

Data That is Given to Us by You

The Little Lullaby Company will collect your Data in a number of ways, for example:

a) when you contact us through the Website, by telephone, post, e-mail or through any other means;
b) when you register with us and set up an account to receive our products/services;
c) when you complete surveys that we use for research purposes (although you are not obliged to respond to them);
d) when you enter a competition or promotion through a social media channel;
e) when you make payments to us, through this website or otherwise;
f) when you elect to receive marketing communications from us;
g) when you use our 1:1 services through pre-consultation forms and sleep diaries;

in each case, in accordance with this Privacy Policy.

Data That is Received From Third Parties

The Little Lullaby Company will receive Data about you from the following third parties:

a) Google ads;
b) social media ads

Data That is Collected Automatically

To the extent that you access the website, we will collect your data automatically, for example:

a) we automatically collect some information about your visit to the website. This information helps us to make improvements to website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

Our Use of Data

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons:

a) internal record keeping;
b) improvement of our products / services;
c) transmission by email of marketing materials that may be of interest to you;
d) contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;
e) to produce bespoke sleep plans and resources as agreed with the client upon purchasing a service;

in each case, in accordance with this Privacy Policy.

We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

For the delivery of direct marketing to you via e-mail, we’ll need your consent, whether via an opt-in or soft-opt-in:

a) soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (for example, you contact us to ask us for more details about a particular product/service, and we are marketing similar products/services). Under “soft opt-in” consent, we will take your consent as given unless you opt-out.
b) for other types of e-marketing, we are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, checking a tick box that we’ll provide.
c) if you are not satisfied with our approach to marketing, you have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed “Your rights” below.

When you register with us and set up an account to receive our services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Who We Share Data With

We may share your data with the following groups of people for the following reasons:

a) third party service providers who provide services to us which require the processing of personal data;
b) third party payment providers who process payments made over the Website – to enable third party payment providers to process user payments and refunds;
c) relevant authorities - to support other professionals working with your child, for example health visitors, pre-school/ nursery/ school staff, or other health or education professionals. Information will also be shared with the local safeguarding children’s board or Social Services Referral and Assessment Team if we ever have any concerns about the safety of your child.

in each case, in accordance with this Privacy Policy.

Keeping Data Secure

Use of Firebase to Store Customer Data

This section explains how we use Firebase to store and process customer data in compliance with the General Data Protection Regulation (GDPR).

What is Firebase?

Firebase is a platform developed by Google that provides a variety of tools and infrastructure for app development. We use Firebase to securely store and manage your data and authorise you as a user on our platform at point of registration.

Legal Basis for Data Processing

Our use of Firebase to process your personal data is based on the following legal grounds:

Your consent (Article 6(1)(a) GDPR)
Performance of a contract (Article 6(1)(b) GDPR)
Compliance with a legal obligation (Article 6(1)(c) GDPR)
Our legitimate interests (Article 6(1)(f) GDPR), such as improving our services and ensuring their security

Data Security

Firebase provides robust security measures to protect your data, including:

Data encryption in transit and at rest
Regular security audits and updates
Access controls and authentication mechanisms

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Specific retention periods may vary depending on the type of data and the applicable legal requirements.

Third-Party Access

As a part of our use of Firebase, your data may be processed by Google. Google acts as a data processor under GDPR and adheres to strict data protection and privacy standards. We ensure that any third-party access to your data is compliant with GDPR requirements.

Suspected Breach of Data

If we suspect that data has been accessed unlawfully, we will inform the relevant parties immediately and report to the Information Commissioner’s Office (ICO) withing 72 hours. We will keep a record of any data breach.

Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: jo@thelittlelullabyco.com

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Data Retention

We are required by law to keep some data for some time even after support has ceased. We will review this regularly to ensure that any data is stored and disposed of correctly.

If you no longer wish for your data to be stored with The Little Lullaby Company, email jo@thelittlelullabyco.com and we will ensure your data is disposed of securely.

Your Rights

You have the following rights in relation to your Data:

a) Right to access – the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so. we may refuse your request. If we refuse your request, we will tell you the reasons why.

b) Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.
c) Right to erase – the right to request that we delete or remove your Data from our systems.
d) Right to restrict our use of your Data – the right to “block” us from using your Data or limit the way in which we can use it.
e) Right to data portability – the right to request that we move, copy or transfer your Data.
f) Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: jo@thelittlelullabyco.com

If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/.

It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

Links to Other Websites

This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the Privacy Policy or statement of other websites prior to using them.

Last updated: 26th July 2024