Privacy Policy — PolicyAndPlay

    PolicyAndPlay is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
  

1. Who We Are

PolicyAndPlay is a UK-based digital subscription service providing website templates, policy guides, and activity plans for childcare settings. References to "we", "us", or "our" refer to PolicyAndPlay.

For data protection enquiries, contact us at: hello@policyandplay.co.uk

ICO Registration Number: C1925950

2. What Data We Collect

We may collect the following personal data:

Account data: name, email address, and password when you register
Payment data: billing details processed securely by Stripe — we never store your card details
Usage data: pages visited, downloads, and subscription activity
Communications: any messages you send us

3. How We Use Your Data

We use your personal data to:

Provide and manage your subscription
Process payments via Stripe
Send service-related emails (receipts, updates, policy changes)
Improve our products and website
Comply with legal obligations

We do not sell your personal data to third parties.

4. Legal Basis for Processing

We process your data under the following lawful bases:

Contract: to fulfil your subscription
Legal obligation: for tax and financial records
Legitimate interests: to improve our service and prevent fraud
Consent: for any optional marketing emails

5. Third Parties

We share data only with trusted third parties necessary to run the service:

Stripe — payment processing (stripe.com/gb/privacy)
Netlify — website hosting
Google Fonts — font delivery (your IP may be logged by Google)

6. Cookies

Our website uses minimal cookies necessary for the site to function. We do not currently use advertising or tracking cookies. If this changes, we will update this policy and request your consent.

7. Data Retention

We retain your personal data for as long as your account is active, plus 7 years for financial records as required by HMRC. You can request deletion of your data at any time (see Your Rights below).

8. Your Rights

Under UK GDPR you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data ("right to be forgotten")
Object to or restrict processing
Data portability
Withdraw consent at any time

To exercise any of these rights, email hello@policyandplay.co.uk. We will respond within 30 days.

9. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website.