Privacy Policy

Effective from: 15.07.2025
Last updated: 15.07.2025

Whirl & Wonder LTD is committed to protecting your privacy and handling your data with care. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Whirl & Wonder LTD is a UK-registered company providing antenatal classes and creative workshops for second-time parents.

Company Name: Whirl & Wonder LTD
Registered in England and Wales
Email: hello@whirlandwonder.co.uk
Website: www.whirlandwonder.co.uk
ICO Registration Number: ZB938238

2. What Personal Data We Collect

We may collect and process the following information:

  • Contact details – your name, email address, phone number

  • Booking details – including session selection and payment status

  • Health/accessibility info – shared voluntarily to help us tailor support
    Any health or accessibility information you voluntarily provide to us (e.g., details about your pregnancy, specific needs, or allergies) is considered 'special category data' under the UK GDPR. We process this sensitive information only with your explicit consent and solely for the purpose of ensuring your safety, well-being, and enabling us to tailor our sessions effectively to your individual needs. This information will not be used for any other purpose and is handled with the utmost confidentiality.

  • Communication history – emails, enquiries, or responses to surveys

  • Consent preferences – including marketing opt-ins and contact sharing

3. Why We Collect It

We use your personal data to:

  • Process bookings and communicate with you

  • Tailor sessions to your needs

  • Send updates, reminders, and useful resources

  • Provide optional marketing and community support (if consent is given)

  • Maintain business and financial records as legally required

4. Lawful Bases for Processing

We rely on the following lawful bases:

  • Contract – to fulfil your booking

  • Consent – for optional marketing and contact sharing

  • Legal obligation – for HMRC/ICO compliance

  • Legitimate interests – improving services and communications

5. Data Storage & Security

We use secure, password-protected platforms (e.g., Squarespace, Stripe, MailChimp) to store and process your data. In addition to utilising secure third-party platforms, we implement appropriate technical and organisational measures internally to protect your personal data from unauthorised access, alteration, disclosure, or destruction. This includes restricting access to your data to authorised personnel only, using strong passwords, and providing regular data protection awareness training to our team.

We only keep personal data as long as necessary, including:

  • 6 years for financial records

  • Until you unsubscribe or request deletion for marketing data

Beyond the periods mentioned, we retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, general communication history related to enquiries or past attendance may be retained for the duration of our ongoing relationship plus a reasonable period for administrative purposes from your last interaction with us, unless a longer retention period is required or permitted by law.

6. Third Parties

We use carefully selected third-party providers, including:

  • Website host: Squarespace

  • Email marketing: MailChimp

  • Payment processor: Stripe

Each provider complies with UK GDPR and has their own privacy terms.

Some of our third-party service providers, such as Mailchimp (for email marketing), may process or store your personal data outside the UK or the European Economic Area (EEA). When such transfers occur, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. These safeguards may include reliance on 'adequacy decisions' by the UK government, or the implementation of Standard Contractual Clauses (SCCs) (or the UK International Data Transfer Agreement / Addendum) to ensure your data receives the same level of protection as if it were processed within the UK/EEA.

7. Your Rights

You have the right to:

  • Access your data

  • Request correction or deletion

  • Withdraw consent

  • Object to certain uses

  • Complain to the ICO at www.ico.org.uk

Please note that to ensure the security of your personal data, we may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to prevent personal data from being disclosed to any person who has no right to receive it.

To exercise your rights, email: hello@whirlandwonder.co.uk

8. Cookies

We use cookies to track site usage and improve your experience. See our full Cookie Policy for details.

9. Data Protection Fee

Whirl & Wonder LTD complies with the ICO’s data protection fee requirements. For more, visit ico.org.uk.

10. Updates to This Policy

We may update this policy from time to time. The most recent version will always be published on our website.