Purpose of Our Policy
- SafeCircle Ltd (Company Number 09324993) of 207 Regent Street, 3rd Floor, London, England W1B 3HH (SafeCircle) (we, us or our) provides the SafeCircle websites (www.safecircle.com & app.safecircle.com) (Websites).
- For the purposes of the General Data Protection Regulation 2016 (Act), we are the Data Controller.
- Providing the SafeCircle websites; and
- The normal day-to-day operations of our business.
Who and What This Policy Applies To
- We handle data in our own right and also for and on behalf of our customers and users.
- If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person's consent to provide such information for the purpose specified.
- SafeCircle is not available to children (persons under the age of 18 years).
The Information We Collect
In the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type and purpose of information we may collect is:
From Family Members for the following purposes:
- Identification: Full names of first and second parents and children to be cared for within the family.
- Communication: Email, main telephone and other telephone of first and second named parents.
- To ensure terms are met: Date of Birth of the first and second named parents.
- To perform the service and ensure availability in the area: Family home address and address of booking where that location is one other than the family home.
- To ensure appropriate care can be provided: Date of birth, likes/dislikes and allergy information for children to be cared for, and general location of first aid box in family home.
- To enable Sitters to make informed decisions when reviewing available bookings: Information about pets at the family home.
- To make payment: We may collection financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services.
- Marketing: Email, gender and family home address.
From Sitter Members for the following purposes:
- Identification: Full name, form of government-issued identification document such as passport or driving licence, profile photo, change of name deeds such as marriage certificate.
- Communication: Email and mobile phone number.
- To assess ability to fulfil the role: Details of appropriate qualifications and training courses including copies of relevant certificates, employment history of last three years, details of transportation access necessary to fulfil role.
- To assess suitability to fulfil the role: Details of criminal history including DBS certificate, date of birth, health status and details of third-party references.
- To assess potential availability for bookings: Home address, details of pet preferences, details of other babysitting agencies currently working for.
- Gender equality: Gender.
- To transfer payment to the Sitter: We may collection financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services.
- Marketing: Details of how the individual heard about the Company.
From both Family and Sitter Members for the following purposes:
- Identification and secure access to the websites: Username and password.
- Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
- Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual's activities, including activities with our partners (such as Facebook or Twitter).
- From Family Members for the following purposes:
- We may also collect non-data about an individual such as information regarding their computer, network and browser. This may include their IP address.
- In the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type and purpose of information we may collect is:
How Information Is Collected
Most information will be collected in association with an individual’s use of SafeCircle sites, products and services, an enquiry about SafeCircle or generally dealing with us. However we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners (such as Facebook or Twitter). In particular, information is likely to be collected as follows:
- Registrations / Subscriptions / Purchases. When an individual registers, subscribes and or purchases a product, service, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services;
- Accounts / Memberships. When an individual submits their details to open an account and/or become a member with us;
- Partners. When an individual grants us access to their accounts with our business partners (such as Facebook or Twitter).
- Supply. When an individual supplies us with goods or services;
- Contact. When an individual contacts us in any way;
- Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access;
- Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
- As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their data is being collected.
- We may also collect anonymous data such as traffic, IP addresses and transaction statistics, which may be used and shared on an aggregated and anonymous basis.
- Most information will be collected in association with an individual’s use of SafeCircle sites, products and services, an enquiry about SafeCircle or generally dealing with us. However we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners (such as Facebook or Twitter). In particular, information is likely to be collected as follows:
How Data Is Stored
- SafeCircle stores data in a variety of secure locations including web servers located in the United Kingdom, mobile devices belonging to the Company and our own office locations.
- Policies related to risk management, data storage and secure deletion are held at the Company's operating office.
- The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) or the European Union (EU). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
- Where data is transferred to partners outside of the EEA or EU (including Stripe Inc., Salesforce.com Inc. and The Rocket Science Group LLC), we ensure that these partners are subscribed to the EU-U.S. Privacy Shield Framework.
- By submitting your personal data, you agree to this transfer, storing or processing.
When Data Is Used & Disclosed
- The primary principle is that we will not use any data other than for the purpose for which it was collected other than with the individual’s permission or where permitted by law. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
- Data relating to live Family and Sitter members on the system - retained until further notice or until a request for deletion is received;
- Data relating to redundant Sitter applications - kept for 6 months; and
- Data relating to Sitter earnings - 6 years.
- It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business.
- We will not disclose or sell an individual’s data to unrelated third parties under any circumstances.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
- The provision of goods and services between an individual and us;
- Verifying an individual’s identity;
Communicating with an individual about:
- Their relationship with us;
- Our goods and services;
- Our own marketing and promotions to customers and prospects;
- Competitions, surveys and questionnaires;
- Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
- As required or permitted by any law (including the Act).
There are some circumstances in which we must disclose an individual’s information:
- Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of, or where we believe that a child is at risk according to the Children Act 1989;
- As required by any law (including the Act); and/or
- In order to sell our business (as we may transfer data to a new owner).
- We may partner with or utilise third-party service providers (such as Gmail from Google, Inc., and MailChimp from The Rocket Science Group LLC) to communicate with an individual and to store contact details about an individual. These service providers may be located outside the United Kingdom, including the United States of America.
Third Party Accounts
- We may link your account with a third party (such as Facebook or Twitter) to our services to enable certain functionality, which allows us to obtain information from those accounts (including your profile picture, friends or contacts).
- The information we may obtain from those services often depends on your settings or their privacy policies.
- A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Opting "In" or "Out"
An individual may opt to not have us collect their data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
- Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
- Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
- If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
- An individual may opt to not have us collect their data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
The Safety & Security of Data
- We will take all reasonable precautions to protect an individual’s data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
- The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
- We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
- If an individual suspects any misuse or loss of, or unauthorised access to, their data, they should let us know immediately.
- We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
Subject Access Requests
- The Act gives you the right to request from us the data that we have about you.
- Requests for subject access must be made via email from the email registered to the member and must include a copy of photo ID of the main member (first parent or sitter) and a utility bill of family home address from the last 90 days. This is for confirmation of identity prior to the release of any personally identifiable information.
- SafeCircle will then have 30 days in which to respond to the request from the date of receipt.
- SafeCircle will redact third-party information and it is at the discretion of the Company as to how we forward that information on to the requesting individual.
- Subject Access Requests must be made to firstname.lastname@example.org.
- If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual as soon as practically possible but not later than 30 days of receiving written notice from them about those errors.
- It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
- Requests to update information must be made to email@example.com.
Right To Deletion
- Members have the right to request deletion of their personal data under the Act, unless we are required to retain the data for lawful purposes as outlined in the Act, or the request is made within the minimum period that we are required to retain certain parts of the data under the conditions as outlined in the Act or in section 6.2.
- Any requests by a member for the deletion of their account and all associated data must be made in writing to firstname.lastname@example.org from the registered email address on the account.
- SafeCircle will ensure this request is fulfilled as soon as practically possible, but by no later than 60 days from receiving the request.
Complaints and Disputes
- If an individual has a complaint about our handling of their data, they should address their complaint in writing to the details below.
- If we have a dispute regarding an individual’s data, we both must first attempt to resolve the issue directly between us.
- If we become aware of any unauthorised access to an individual’s data we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed. Any high risk data breaches will be reported to the Information Commissioners Office (ICO) within 72 hours of a senior member of starff becoming aware.
Additions To This Policy
All correspondence with regards to privacy should be addressed to:
The Data Controller
You may contact us by email in the first instance.