Privacy Policy

For the purposes of UK data protection law, 7 Figures Ltd (trading as Sprog Systems) is the Data Controller in respect of personal data collected via this website and our marketing activity. Where we process personal data on behalf of nursery clients, we act as a Data Processor, processing data only on documented instructions from the nursery and not for our own purposes.

Registered office: 56 Dumbarton Road, London, SW2 5LU
Contact: james@sprogsystems.co.uk
Registered with the Information Commissioner's Office (ICO). Registration number: [ICO REGISTRATION NUMBER]

We use a cookie banner to obtain your consent before placing non-essential cookies such as analytics and chatbot tools. Essential cookies required for the website to function are placed without consent as they are necessary for the operation of the website.

You may withdraw consent at any time by adjusting your preferences via the cookie banner or your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

We rely on the following legal bases:

• -Legitimate interest: responding to enquiries, improving our website, and standard business communications necessary to manage our relationship with existing clients
• -Contract: delivering agreed services to nursery clients
• -Consent: non-essential cookies and any direct marketing communications

Website visitors

We collect standard analytics data (pages visited, session duration, device type) via Google Analytics to understand how our website is used. This data is collected only after you have given consent to analytics cookies. We rely on legitimate interest to analyse and improve website performance.

Enquiries and contact forms

If you contact us via the website or by email, we collect your name, email address, and any information you choose to share. We use this to respond to your enquiry. Legal basis: legitimate interest. If you do not provide this information, we may be unable to respond to your enquiry.

Nursery clients

When you become a client, we collect business contact details, billing information, and information needed to deliver agreed services. Legal basis: performance of a contract. If you do not provide the required information, we may be unable to deliver the agreed services.

Marketing communications

We do not send marketing communications unless you have opted in or we have an existing business relationship with you under soft opt-in rules. Legal basis: consent or legitimate interest respectively.

End users of nursery websites

Where we build and operate websites on behalf of nursery clients, parents and carers may submit personal data (name, contact details, child details) via enquiry forms, chatbots, and tour booking systems. In these cases, the nursery is the Data Controller. We process this data only as instructed by the nursery, solely for the purpose of delivering the agreed services.

We do not knowingly collect personal data directly from children. Any child-related data is provided by parents or carers and processed on behalf of the nursery client.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

• -Enquiry and contact data: 2 years from last contact
• -Client data: 6 years from end of contract (in line with UK statutory requirements)
• -Analytics data: 14 months (Google Analytics default)

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

In the event of a data breach affecting personal data, we will notify affected parties and regulators where required by law.

We use third-party processors including, but not limited to:

• -Airtable (data storage)
• -Vercel (website hosting)
• -GoHighLevel (CRM and automation)
• -Google (Analytics, Business Profile, Ads)

Some of these providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK-approved standard contractual clauses or adequacy decisions, before any transfer takes place.

We do not sell personal data to any third party.

Under UK GDPR, you have the right to:

• -Access personal data we hold about you
• -Correct inaccurate data
• -Request deletion of your data
• -Object to or restrict processing
• -Request portability of your data in certain circumstances
• -Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at james@sprogsystems.co.uk. We will respond within one calendar month. We may request proof of identity before fulfilling certain requests.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.

We may update this policy from time to time. The current version will always be available at sprogsystems.co.uk/privacy.