What data we hold
We may hold the following information about you, for as long as you have a subscription in our system. During the period of your active subscription we will retain the data indefinitely for providence purposes.
- Your personal name, email address and password
- Your Service details which include Service name, start date, Service type, Service details
- Any Branch details for Service delivery which include Address, contact phone number and a contact email address.
- Your bank details
- Your Organisation details which include Organisation type, Contact details, Address, CI number.
- Your comments and opinion.
Details of the technical personal data that we process if you use our website is below:
- We generate log files from various servers when you visit our website and mobile apps: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
- Our website and mobile app, like many others, uses Google Analytics, a web analytics tool provided by Google, to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Using your information
Managing your Account
We will use your data to help you manage your own account and setup your service provision. We use the branch data to create relationships between the staff members, parents and children with their allocated branches.
We use your data to present you with the most correct and compliant options when creating and adjusting rotas in the system.
We use your data to help you manage your staff allocation when creating and adjusting rotas in the system.
We use your data to help you manage child places within the rotas at each branch which is operated by you as a provider.
We use your bank data to allow you to receive payments when bookings are made for your services.
We automatically collect information to maintain and improve our services and functionality on our Platform and Applications (iOS and Android). We measure visitors to our Platform and Applications (iOS and Android) using tools such as Google Analytics. These tools use analytical cookies to record what pages you view within our site, how you arrived at our site and some basic information about your computer. All of that information is anonymous – so we don’t know who you are; just that somebody visited our site.
The information we collect from analytics helps us understand what parts of our sites are doing well, how people arrive at our site and so on. Like most websites and applications, we use this information to make our Platform and Applications (iOS and Android) better.
If you are reporting issues with the functionality of our Platform and Applications (iOS and Android), we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.
Our Reasons for Processing Your Data
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your organisation’s legitimate interests, including: to enable us to perform our contractual obligations under the organisation Agreement, to improve or optimise our services, to maintain the security of our computer systems, to understand how the Platform and Applications (iOS and Android) is used and to improve the user experience of the Platform and Applications (iOS and Android), to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
- We will not undertake any analysis via the Platform and Applications (iOS and Android) by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your organisation. Where this is the case, it is your organisation’s responsibility to ensure they have obtained your explicit consent to such processing. However, you might, in the course of providing comments or feedback, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the captured results and disclosing such data to your organisation.
- Data collected from you and other Organisation Users or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data.
We do have a small number of companies providing services to us, for example, our email sending provision and hosting company, we have confirmed that they adhere to the requirements of the GDPR.
We may at times share reports with interested parties for the purpose of improving the services and systems available to our users. These reports are anonymised and all identifiable information is removed and therefore does not fall within the scope of GDPR.
Technical and operational security
As an organisation, Flexible Childcare Services Scotland is committed to protecting personal data. This includes technical security measures (e.g., firewalls), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, and encrypted back ups.
All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.
Retaining your Information
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
- For Users: we will retain your personal data for a period of 5 years or until six months after our relationship with your organisation has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
- For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
You have lots of rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, for certain things, e.g. marketing although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
- If you want to exercise any of these rights, please just contact us on email@example.com.
- You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/