Privacy Statement

1. Introduction

Be Rota Limited (“we”, “us”, or “our”) is committed to the protection of your and your Users’ personal data that we hold. The information in this document has been published to inform you of how we collect, store and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.

We will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (“Data Protection Laws”).

When you access or use any of the Be Rota Limited products or services, you agree to our privacy policy and you consent to our collection, storage, use and disclosure of your Personal Data for the purpose of making Be Rota Limited products and/or the Service available to you, in accordance with this policy.

2. Security

Be Rota Software Users Only For the purpose of Data Protection Laws, in relation to any Personal Data you or any Users submit to our platform, you will be the data controller and we will be a data processor of such Personal Data.

We take the security of all the data we hold seriously and we will take reasonable steps to maintain appropriate technical and organisational measures to protect the Personal Data you provide to us.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

3. Personal Data that we may collect and hold

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Sensitive Personal Data” means any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, data concerning health, data concerning sex life or sexual orientation and data concerning the commission or alleged commission of any offence.

We provide services to individuals as well as businesses, non-profits and other organisations. The exact data held will depend on the services to be provided. We may collect and use the following data about you and any one you chose to add to our Platform:

• Any data and information you or your user provide to us in respect of our delivery of any service or product you have procured from Be Rota Limited

• Any correspondance you or your Users have had with us

• Any data we are required to collect and hold to fulfil regulatory or legal requirements, for example: proof of identity, proof of eligibility to work, agreements to terms or declarations

• Any relevant personal data including but not limited to: name, identification number, contact details, address history, date of birth, emergency contact details

• Any sensitive personal data you or your Users have supplied to us including but not limited to: medical records, criminal records, ethnic origin, beliefs, biometric data

• Any relevant financial data necessary for us to provide our services, for example: bank account details, tax information, payroll history, holiday accrual

• Any previous work history you supply to us via our app, online questionnaires, emails, phone or our website, relevant to the use of our services

• Responses to optional research surveys and questionnaires we may as you or your Users to complete

• Any other information or data you or your Users have supplied to us

• Details of your or your Users’ visits to our Website, which includes without limitation location and traffic data, resources you access, information and data submitted or shared and other communication data.

• Internet protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

• Uniform Resource Locators (URL) (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

Our website uses cookies to distinguish individuals from one another. This helps us to provide a better experience when individuals browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Where we receive personal data that relates to an individual from you, you represent and warrant that you i) have the right to transfer such Personal Data (including Sensitive Personal Data, if applicable) to us for the purpose of receiving the Service; and ii) are solely responsible for obtaining all required consents, authorisations and permissions from such Users and third parties and providing all required notifications to such Users and third parties (where applicable) to enable you to provide such information to us and to grant to us the rights set forth in this privacy policy and the Terms of Use. It is your responsibility to ensure that all such Users and third parties are aware of and accept the terms of this policy and that you have obtained explicit and informed consent of Users to our processing any of their Sensitive Personal Data in accordance with this policy and the Terms of Use. You may not provide us with any Client Data or other information containing Personal Data of Users or third parties unless and until you have obtained all necessary consents, authorisations and permissions to do so.

4. People who use our website and mobile apps

When people visit our website, personal data is collected both through automated tracking and interacting with various forms on the website or apps (collectively referred to as the websites).

Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our websites, subscribe to our service, make an enquiry, comment on publications, enter a competition, promotion or survey, apply to work for a Be Rota Limited business and report a problem with our websites.

When individuals visit our websites, certain personal data may be automatically collected. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).

Often, individuals who visit our website additionally fall into another category as listed by this privacy statement. For instance, users of our websites may be current clients, business contacts or become clients in the future. Where this is the case, data held and processed for individuals who use our website may also become data that is held and processed for another purpose.

5. How do we use your data

The Personal Data we hold about you and your Users may be used in any of the following ways, dependant on the service or product you are utilising:

• To provide you with the Service, including administration and management of your account.

• To provide you with user support.

• To moderate your account.

• For research and analytics purposes (for example, to improve the quality of the Service).

• To ensure security for you, our staff and other users of the Service including security, quality and risk management activities. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.

• To comply with applicable Laws, court orders, government and law enforcement agencies’ requests. To send you further information about our services for which we think you may have an interest. This information will be supplied only where you have given consent.

• To send you further information about our services based on a request we have received from you.

• To fulfil the obligations we have in relation to any contracts/agreements we have in place with you (including, without limitation, the Terms of Use).

• To provide you with notification about any technical updates or changes to the Service.

• Relationship management, hosting and facilitating of events

We will never supply your or your Users’ Personal Data to third parties unless under the conditions stated in our privacy policy. Notwithstanding the foregoing, you acknowledge and agree that we may aggregate and anonymise your, and your Users, Personal Data (excluding, for the avoidance of doubt, Sensitive Personal Data) and use and share such aggregated and anonymised Personal Data with third parties for statistical purposes and for the purpose of data analytics, product development, and/or Service improvement.

6. How long do we hold your data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected.

We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our clients.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

Be Rota Software Users Only

We will keep your and your Users’ Personal Data for the duration of the Service and in accordance with your instructions or for such periods as may be required by law.

7. Sharing personal data

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Be Rota Limited and group businesses

Auditors and other professional advisers

Law enforcement or regulatory agencies or those required by law or regulations

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

8. Locations of processing

Where possible, personal data resides within the UK territory but may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all reasonable steps to ensure that your data is treated securely, in accordance with this privacy statement.

We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU.

9. Individual's Rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:

• Individuals may request access to their personal data held by us as a data controller.

• Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.

• Individuals may request that we erase their personal data

• Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.

•Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.

• Individuals may request information about, or human intervention into, any automated data processing that we may undertake.

If you wish to exercise any of these rights, please send an email to dpo@rota.com.

10. Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to dpo@rota.com. We will investigate and respond to any complaints we receive.

You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/make-a-complaint/

11. Data Controller and contact information

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

dpo@rota.com