Flexibility Pathway means Flexible Childcare Services Scotland (Registered in Scotland, UK Registration Number: CS004023) are committed to protecting and respecting your privacy.
This policy sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will process any personal data we collect from you, or that you provide to us through your use of the Flexibility Pathway online software Platform and Applications (iOS and Android) and the accompanying software App (together the “Platform and Applications (iOS and Android)”).
OUR PROCESSING OF PERSONAL DATA
In the normal course of our business we collect and process data in respect of
- Administrative users of the Platform and Applications (iOS and Android) dashboard who are acting on behalf of their relevant organisation (where their organisation is an existing client) (“Client Users”); and
- Trial users or potential new users of the Platform and Applications (iOS and Android), including those who we have identified as possible future clients and to whom we are marketing or promoting the Platform and Applications (iOS and Android) and our services (“Marketing Contacts”).
When we refer to “personal data” in this policy, we mean any information relating to you from or in relation to which you may be identified (directly or indirectly). This might include, for instance, your contact details, online identifiers.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.flexibilitypathway.co.uk or using the Platform and Applications (iOS and Android) or Applications (iOS and Android) you are accepting and consenting to the activities and data usage as described in this policy.
OUR STATUS AND RESPONSIBILITIES
In the case of Client Users, Flexibility Pathway and/or one its subsidiary companies has entered into an agreement with you to grant you access to the Platform and Applications (iOS and Android) (the “organisation Agreement”), and Flexible Childcare Services Scotland is the data controller of your personal data. We will process your personal data on and in accordance with its lawful instructions. The information you provide to us and/or upload to the Platform and Applications (iOS and Android) (whether or not it constitutes personal data) will also be governed by the organisation Agreement.
In the case of Marketing Contacts, Flexible Childcare Services Scotland are the data controller in respect of your personal data.
Flexible Childcare Services Scotland are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.
References in this policy to “your organisation” shall refer to the entity who has entered into the organisation Agreement with us, whether or not as a matter of law you are an employee, consultant or contractor of that entity, and such references are not intended to characterise or prejudice your status vis-à-vis that entity.
INFORMATION WE COLLECT ABOUT YOU
For Client Users: we will collect and process the following data about you as follows.
- Information you give us. You may give us information about you:
- When using the Platform and Applications (iOS and Android) functions. This information may include your name, email address, address and phone number, as well as any views or feedback you provide regarding your organisation.
- If you contact or correspond with us (for example, using any support function made available by us) and we may keep a record of that correspondence (either directly or through our service providers).
- Information your organisation gives us. Your organisation may give us information about you:
- When creating a user profile for you in order to enable you to access the Platform and Applications (iOS and Android) under the organisation Agreement or to enable us to send an invite email to you. When registering the information requested may include your name, email address, address, phone number and details of your child/children (including their names, date of birth, relationship to the User, any medical needs and any other requirements)
- Otherwise in the course of your organisation’s use of the Platform and Applications (iOS and Android).
- Information we collect about you. Each time you use the Platform and Applications (iOS and Android) we may automatically collect the following information:
- When you use the Platform and Applications (iOS and Android), we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage;
- If you are a Client User (using the Platform and Applications (iOS and Android) as a representative of your organisation), we may obtain further information about you from your organisation, for example to verify your eligibility to access and use the Platform and Applications (iOS and Android);
- Any suggestions, comments, opinions and/or feedback you provide to us regarding the Platform and Applications (iOS and Android) that you may participate in or thereafter;
- Technical information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type;
Other information about your use of the Platform and Applications (iOS and Android), including the pages you have viewed, the duration spent on the Platform and Applications (iOS and Android) and data files you have uploaded to the Platform and Applications (iOS and Android). This information may be linked to your user profile (where relevant).
For Marketing Contacts, we will collect and process personal data which you provide us when you complete an enquiry via a website or register or otherwise contact us to request information about our products and services. We will typically obtain contact information such as your name, email address and telephone number.
HOW WE USE YOUR PERSONAL DATA AND OUR LEGAL BASIS FOR DOING SO
Please note that we are permitted to collect, use, disclose and/or otherwise process any information other than personal data, including data sets you upload to the Platform and Applications (iOS and Android) or otherwise provide to us, to the fullest extent permitted by the organisation Agreement.
Where we have collected, received or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
For Client Users
- Information you give to us. We will use this information to:
- if you are a Client User, process your application to become a registered user of the Platform and Applications (iOS and Android) and verify your eligibility to use the Platform and Applications (iOS and Android);
- carry out our obligations arising from the organisation Agreement. This includes providing your organisation with reports and analysis summarising information provided during your use of the Platform and Applications (iOS and Android), including any suggestions and comments, aggregated with information from other Organisation Users and personnel.
- provide you with information, products and services you request from us. We will not contact you for promotional or marketing purposes, such as to inform you of new products or services that we offer, unless you specifically consent to this at the time you provide your details to us or you expressly request (or provide explicit consent for) us to do so at a later date;
- contact you for your feedback on our services and to help us evaluate and improve our services, for example by acting on any information you have provided to us;
- notify you about changes to the Platform and Applications (iOS and Android) and any other services of ours that you use, including informing you about new versions of the Platform and Applications (iOS and Android) and about new features, functionality and service offerings; or
deal with any enquiries, correspondence, concerns or complaints you have raised, or that have been raised by or concerning third parties (such as your organisation) involving you and any issues caused by your use of the Platform and Applications (iOS and Android).
Information we collect about you. We will use this information:
- to administer and improve the Platform and Applications (iOS and Android) and other services, including ensuring that content is presented in the most effective manner for you and for your computer;
- to report to your organisation relating to the use of the Platform and Applications (iOS and Android), as may be required under the organisation Agreement;
- for internal operations, including troubleshooting, data analysis, testing, research and reporting purposes;
- to allow you to participate in interactive features of the Platform and Applications (iOS and Android), when you choose to do so;
- as part of our efforts to keep the Platform and Applications (iOS and Android) safe and secure; or
- to compile reports (which do not personally identify you) of usage of the Platform and Applications (iOS and Android).
- Information we receive from other sources. We may combine information from other sources with the information you give to us or we collect about you and use this information as specified above.
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your organisation’s legitimate interests, including: to enable us to perform our contractual obligations under the organisation Agreement, to improve or optimise our services, to maintain the security of our computer systems, to understand how the Platform and Applications (iOS and Android) is used and to improve the user experience of the Platform and Applications (iOS and Android), to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
- We will not undertake any analysis via the Platform and Applications (iOS and Android) by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your organisation. Where this is the case, it is your organisation’s responsibility to ensure they have obtained your explicit consent to such processing. However, you might, in the course of providing comments or feedback, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the captured results and disclosing such data to your organisation.
- Data collected from you and other Organisation Users or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes.
For Marketing Contacts, we will collect and use data to contact you about our news, updates, events, developments, products and services from time to time and for the purposes of entering into discussions with you in connection to your use of the Platform and Applications (iOS and Android). This data is processed by us on the basis that it is necessary for the purposes of our legitimate interests, namely undertaking targeted marketing and business development activities in connection with our business.
DISCLOSURE OF YOUR INFORMATION
We may share your personal data with other companies in our group, where necessary or desirable to do so in the course of the provision of services to you or your organisation or in the course of undertaking marketing activities.
We may also share your personal data with selected third parties in accordance with this policy, including:
- service providers, for example of IT services, business partners, suppliers and/or sub-contractors, for the performance of any contract that we enter into with your organisation (such as the organisation Agreement) or in the course of undertaking marketing activities, including the following:
- Amazon Web Services; who provide cloud hosted infrastructure and services used by us to operate the Platform and Applications (iOS and Android) as a hosted solution;
- Google LLC, SendGrid Inc, who provide product tools and functionality used by us in delivery of the Platform and Applications (iOS and Android) and associated services; and
- analytics and search engine providers that assist us in the improvement and optimisation of our marketing activities and the analysis of data supplied via the Platform and Applications (iOS and Android) for contact enrichment and lead generation purposes, including Google Analytics; and
- government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information).
We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
- if we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
- if Flexibility Pathway or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets;
- we may disclose your personal data to our legal advisers if they need to have access to this information in order to advise us on our legal rights and obligations; and
INTERNATIONAL DATA TRANSFERS
A number of our service providers are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to provide our services via the Platform and Applications (iOS and Android) or (in respect of Marketing Contacts) in order to undertake marketing activities.
We have put in place appropriate measures to ensure that your personal data are treated by those third parties in a way that is consistent with and which respects the EU laws on data protection:, including verifying that the recipient is certified under the EU-US Privacy Shield, or in putting in place written contractual agreements to meet EU-approved data protection obligations. If you require further information about these protective measures, please contact us at email@example.com.
SECURITY OF INFORMATION
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Platform and Applications (iOS and Android) and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
Where consent is required for our use of your personal data, by registering on this platform or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy. If you disclose someone else's personal data to us, you confirm that you have their consent to disclose this to us and for us to use and disclose it in accordance with this policy.
By providing consent you hereby grant us a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate your personal data to the extent reasonably required for the performance of the Flexibility Pathway's obligations and the exercise of Flexibility Pathway's rights under this policy. This also includes the right to use anonymous data for research and reporting purposes subject to Customer consent, such consent not to be unreasonably withheld or delayed. You also consent to providing the right to sub-license these rights to 3rd parties including hosting, connectivity and telecommunications services and professional service providers to the extent reasonably required for the performance of Flexibility Pathway's obligations under this policy, subject always to any express restrictions elsewhere in this policy.
RETAINING YOUR INFORMATION
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
- For Client Users: we will retain your personal data for a period of 5 years or until six months after our relationship with your organisation has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
- For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
You have the following rights in regards to your personal information:
- Access. You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
- Right to object to processing. You have the right to object to processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
- Rectification. You have the right to request that we rectify any inaccurate personal data that we hold about you.
- Erasure. You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. Please also note that it is likely to be necessary for us to retain your personal data for the purposes of assessing and verifying data that is submitted and/or held on the Platform and Applications (iOS and Android), and your rights under applicable law to request erasure may be limited accordingly. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
- Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
- Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.
- Change of preferences. You can change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt out of receiving marketing communications by emailing us at firstname.lastname@example.org or clicking the relevant link in any communication you receive.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Platform and Applications (iOS and Android), you will no longer be able to use the Platform and Applications (iOS and Android) following the date on which we action your request. This does not include your right to object to direct marketing which can be exercised at any time without restriction. Please allow at least 5 working days for your request to be actioned.
Save as set out above, your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact your organisation directly if you would like to exercise any of these rights (other than a change to your marketing preferences, which should be notified directly to us as described above).
If for any reason you are not happy with the way that we have handled your personal data, you also have the right to make a complaint to the relevant supervisory authority in your country. In the UK, the relevant authority is the Information Commissioner’s Office.