Privacy Notice

Here at tiney, we take privacy rights seriously. We respect the privacy of all individuals we deal with, including our website visitors, childminders, families who use our services, suppliers, enquirers and anyone else we meet in our business.

This privacy notice sets out information about how we use, store and transfer personal data which we receive through our website tiney.co (the Site), through the tiney platform (the Platform, which we make available through the Site and through our app) or otherwise.

We are a data controller in relation to that personal data, which means we determine the purposes and means of the processing of that personal data.

This Policy also contains information about our use of cookies. We will ask you to consent to our use of cookies in accordance with the terms of this Notice when you first visit the Site.

We or us means Tiney Limited, trading as tiney, a company registered in the United Kingdom under number 11194291 whose registered offices are at International House, 12 Constance Street, London, E16 2DQ. We are a registered childminder agency.

We’ve broken this Notice down to make it easier to navigate depending on your relationship with us.

If your child is of reading age, and will be looked after by one of our registered Childminders, then we have a child-friendly privacy notice which is set out at the bottom of this Notice.

Information about our use of cookies is contained in this Notice as well. We will ask you to consent to our use of cookies (or select which cookies you accept) in accordance with the terms of that Notice when you first visit our Site.

Finally – in some places in this Notice we refer to the GDPR, which is the main law setting out our legal obligations and your rights in relation to personal data. That’s kind of a shorthand reference – technically there’s a European GDPR and a separate UK GDPR (which is the same wording as the EU one, just transposed into UK law as part of the Brexit arrangements), and some other subsidiary legislation as well.

When we say GDPR, we mean the UK law as transposed from the European one and then updated.


Summary

Full details are set out in the relevant sections of this Notice below, but keeping it brief:

  • we normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted (e.g. other users of the Platform);
  • if you are a parent, then we will process personal data relating to your children. We’ve included information for you in the section for parents below, but there’s also a child-friendly privacy notice if your child is of reading age;
  • we do not normally review personal data relating to children, but might do so if we have quality or safeguarding concerns or in case of emergency;
  • we use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
  • we only provide your personal data to third parties for our business purposes or as permitted by law. We don’t share your data with third party advertisers;
  • we store personal data for specified periods; you have legal rights in relation to your personal data which you can exercise on request;
  • the Sites use cookies; and
  • you can contact us to enquire about any of the contents of this Notice.

Importantly, this Notice relates only to the personal data which we receive and use. If you’re a parent engaging a Childminder, then you will likely provide personal data to them relating to yourself and your family. The Childminder’s use of that personal data will be governed by your own contract with them and by any privacy notice issued by them (although where copies of that data are stored in the Platform we might be a data controller together with the Childminder in connection with those copies).


Information for Childminders

Overview

Hello! Thanks for your interest in being a tiney childminder. If you register with us, we will receive a variety of personal data relating to you in the course of conducting checks and onboarding, and in your ongoing use of our Site and App. We will also receive personal data relating to others, such as the parents and children with whom you deal, your household members, and your referees. It might be helpful to summarise the various relationships for context first.

  • Tiney is data controller in relation to all personal data received in connection with your use of the Platform. That means we have to comply with law in handling it (and in particular have to make this Notice available to you in relation to how we handle your personal data). We also make this Notice available to families who use the Platform.
  • If you run a childminding business in the UK, you are also subject to data protection laws as a data controller. Our help centre has some useful information about your obligations under data protection law, and how tiney can help you meet them. The main thing to understand is that if you receive personal data relating to families in providing your services to them, you are a data controller in relation to that data. That means you need to provide your own privacy notice to families who use your services (the Childminding Agreement tiney provides includes a standard notice which should be suitable for most childminders). If that personal data is stored on the tiney Platform then in some instances both you and we will be data controllers of that personal data (since we’re both using it for our respective business purposes).

Personal data we handle

In connection with your use of our Platform and activities as a tiney childminder we may handle the following data:

  • Account data, which you provide to us in setting up or using an account on the Platform, or in engaging with us offline to provide services to you. The account data may include your name, email address, phone number, postal address, username and password. If you use a third-party application like Facebook to log into your account then we may receive and process account data from the relevant third party.
  • Discovery data, which we receive when you complete discovery on the Platform. This may include: data relating to the completion of discovery modules; your responses to assessment questionnaires and quizzes; and responses to our safeguarding questionnaire.
  • Check data, which we receive as you go through the various compliance checks we make in our capacity as a childminder agency. This may include: your name; date of birth; address history (5 years); names of household members; ID documents; signature; your experience and qualifications; registration history with OFSTED or other agencies; local authority checks; references and criminal record checks. We may also conduct credit checks (as some of the suppliers of the benefits we offer to our Childminders, like insurance, may require these).
  • Health data, which is personal data relating to your health which we may receive in onboarding (e.g. through a health declaration form) or which you may choose to share with us later.
  • Payment data, which we may process in relation to payments we make to you, receive from you, or process on your behalf through the tiney wallet. These may include your contact details, your payment account details and the transaction details. We do not collect or process your credit or debit card details when you make or receive payments. We use Stripe as a payment processing service provider and it is Stripe who will collect and process your card details. For more information, you can access Stripe’s own privacy policy here.
  • Contracts data, which means records relating to the performance of your or our services (for instance, the record of the engagement of a childminder by a parent, records of the tiney benefits you have elected to receive and records of training you have completed on the Platform). Contracts data may also include any correspondence between you and us relating to your use of our Platform, or correspondence with any other person which concerns you (e.g. if a parent contacts us directly with feedback on your services).
  • Register data, which means records of sign in/sign out at your childminding setting.
  • Journal data, which is information you record in learning journals (tracking a child’s progression against the Early Years Foundation Stage), or other logs or journals on the Platform where you can make notes in connection with the childminding services you have provided, for your own, the parent or guardian’s, or tiney’s reference.
  • Messaging data, which is information contained in messages sent between you and parents/guardians via the Platform, whether sent as direct messages or through noticeboard functions. We do not normally see or read messages between you and parents/guardians, and would only access these in connection with quality or safeguarding concerns or to address emergencies.
  • Profile data, which is information contained in your public web profile on the Site and/or App, which might include your name, photo, location, and descriptions of your childminding setting and anything else you choose to share.
  • Usage data about your use of our Site and Platform, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use.

What we do with it

Here’s what we do with your personal data, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)

We may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data.

Type of Data Purpose/Activity Legal Basis for Processing
Account data, contracts data, payment data Operating our Platform, providing our services and the features of our Platform, making and receiving payments, verifying logins, and communicating with you. Performance of a contract with you (i.e. delivering our services) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications.
Discovery data, check data Confirming the suitability of childminders to provide childminding services. We have a duty to ensure suitability under the Childcare Act 2006 and Childcare (Childminder Agency) (Registration, Inspection and Supply and Disclosure of Information) Regulations 2014. Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents. Compliance with our legal obligations (Art 6.1(c) GDPR, Art 9.2(b) GDPR) to conduct these checks as a CMA. Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR).
Criminal record information contained in check data Confirming the suitability of childminders to provide childminding services. Your consent, compliance with our legal obligations.
Childminder health data Confirming the suitability of childminders to provide childminding services. Your consent, compliance with our legal obligations.
Register data Maintaining the child passport feature helps Childminders meet their legal obligations to maintain records in relation to children in their care. It also helps us check billing and payments and fulfil our safeguarding and quality roles as a CMA. Legitimate interest in providing our service to Childminders and helping them meet their legal obligations. Compliance with our legal obligations.
Journal data Reviewing journal entries and other logs in our role as a CMA, as part of our quality assurance and safeguarding processes. Legitimate interest in providing assurance of a safe and high-quality service to families. Compliance with our legal obligations to conduct these checks as a CMA. Your consent.
Messaging data Investigating safeguarding and quality concerns. Legitimate interest in ensuring a safe and positive user experience.
Profile data Displaying your profile. Legitimate interest in promoting your, and our, services.
Usage Data Analyzing the use of, and improving, our Platform and Site, security monitoring and fraud detection. Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy.
Any personal data For the purposes of legal compliance (e.g. maintaining tax records). Compliance with our legal obligations.
Any personal data Bringing and defending legal claims. Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights.
Any personal data Record-keeping and hosting, back-up and restoration of our systems. Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data.

Where it goes

Any information which you choose to include in your profile will be visible to users of the Site and Platform. Messaging data you send to families and register and journal data relating to their children will be visible to those families, as will some contract data relating to your services to those families. Otherwise, your personal information may be transferred to our suppliers and third parties as described in the section headed providing your personal data to others below.


Information for parents / guardians

Overview

Hello! Thanks for using tiney. We will receive a variety of personal data relating to you and your children in connection with the childminding services provided to you, our provision of our Platform, and our statutory responsibility as a childminder agency. It might be helpful to summarise the various relationships for context first.

  • Tiney is data controller in relation to personal data we receive relating to you and your children. That means we have to comply with law in handling it (and in particular have to make a notice available to relevant individuals).
  • This Notice describes how we handle your, and your children’s, personal data. If your children are of reading age, then you should provide to them the Information for Children set out below. Otherwise, you should ensure you have read and understood the information in this section on their behalf as well as your own.
  • Childminders are also data controllers. Each tiney childminder should have provided you with their own privacy notice at the time you entered into a Childminding Agreement with them. In some instances both we and the childminder will be data controllers of personal data stored on the tiney Platform (since we’re both using it for our respective business purposes) but we suggest you contact us in the first instance with any queries.

Personal data we handle relating to you

In liaising between you and your chosen Childminder, and providing you both with access to the features of our Platform, we may handle the following data:

  • Account data, which you provide to us in setting up or using an account on the Platform, or in engaging with us offline to provide services to you. The account data may include your name, email address, phone number, postal address, username and password. If you use a third-party application like Facebook to log into your account then we may receive and process account data from the relevant third party.
  • Payment data, which we may process in relation to payments we receive from you (or in the case of refunds pay to you). These may include your contact details, your payment account details and the transaction details. We do not collect or process your credit or debit card details when you make or receive payments. We use Stripe as a payment processing service provider and it is Stripe who will collect and process your card details. For more information, you can access Stripe’s own privacy policy here.
  • Contracts data, which means records relating to the performance of our or the Childminder’s services (for instance, the record of your engagement of the Childminder). The contracts data may also include any correspondence between you and us relating to your use of our Platform, or correspondence with any other person which concerns you (e.g. if a Childminder contacts us in relation to the contract between you and them).
  • Journal data, which means comments you may add to the learning journal or other journals or logs in which the Childminder makes notes of your child’s progress against the Early Years Foundation Stage or otherwise make notes in relation to childminding services provided.
  • Messaging data, which is information contained in messages sent between you and Childminders via the Platform. We do not normally see or read messages between you and childminders and would only access these in connection with quality or safeguarding concerns or to address emergencies.
  • Usage data about your use of our Site and Platform, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use.

Personal data we handle relating to your children

In liaising between you and your chosen Childminder, and providing you both with access to the features of our Platform, we may handle the following data relating to your children:

  • Child passport data, which means the key information you record (or the Childminder records) in the child passport feature of the Platform. This includes the child’s: name; date of birth; address; health information including allergies, required medications, and permissions for the Childminder to administer medications; educational needs, including special needs or disabilities; favourite books, toys or activities; emergency contact information; pick-up information (i.e. names of parents / guardians who perform the daily pickup), and any marketing consents (e.g. whether you as a parent have consented to the use of pictures of your child for marketing purposes). tiney does not typically review the content of child passport data, but will only check whether key information is present for quality and safeguarding purposes consistent with our role as a CMA. We might review the child passport for quality or safeguarding purposes or in case of emergency (e.g. to contact emergency contacts).
  • Journal data, which means entries the Childminder may make in the learning journal, or other journals or logs on the Platform, comments you may add to the learning journal, or other journals or logs in which the Childminder makes notes of your child’s progress against the Early Years Foundation Stage or otherwise make notes in relation to childminding services provided.
  • Register data, which means records of children being signed in / signed out at the Childminder’s setting.
  • Messaging data, which is information contained in messages sent between you and Childminders via the Platform, the subject matter of which will likely be your children. We do not normally see or read messages between you and childminders and would only access these in connection with quality or safeguarding concerns or to address emergencies.
  • Photos of your child, to the extent they are included in the messaging data, journal data or child passport data, or if you have provided express consent for the use of those photos to promote our, or any Childminder’s services.

What we do with it

Here’s what we do with your personal data, and personal data relating to your children, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)

We may process personal data on more than one legal basis depending on the specific purpose for which we are using it.

Type of Data Purpose/Activity Legal Basis for Processing
Account data, contracts data, payment data Operating our Platform, providing our services and the features of our Platform, making and receiving payments, verifying logins, and communicating with you. Performance of a contract with you (i.e. delivering our services) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications.
Child passport data Maintaining the child passport feature helps Childminders meet their legal obligations to maintain records in relation to children in their care. Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents, and providing assistance to Childminders in meeting their legal obligations.
Register data Maintaining the register helps Childminders meet their legal obligations to maintain records in relation to children in their care. It also helps us check billing and payments and fulfil our safeguarding and quality roles as a CMA. Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents, and providing assistance to Childminders in meeting their legal obligations.
Journal data Reviewing journal entries and other logs in our role as a CMA, as part of our quality assurance and safeguarding processes. Legitimate interest in providing assurance of a safe and high-quality service to families. Compliance with our legal obligations (Art 6.1(c) GDPR, Art 9.2(b) GDPR). Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR).
Messaging data Investigating safeguarding and quality concerns. Legitimate interest in ensuring a safe and positive user experience.
Photos Where included in messaging data, passport data or journal data, the same uses as above. Where you have consented to use for marketing purposes, for marketing. Legitimate interest and performance of contract, as above. Consent (Article 6.1(a) GDPR).
Usage Data Analyzing the use of, and improving, our Platform and Site, security monitoring and fraud detection. Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy.
Any personal data For the purposes of legal compliance (e.g. maintaining tax records). Compliance with our legal obligations.
Any personal data Bringing and defending legal claims. Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights.
Any personal data Record-keeping and hosting, back-up and restoration of our systems. Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data.

Where it goes

Child passport data, journal data, messaging data, register data and some contract data will be available to the Childminders who provide you with services. Otherwise, your personal information may be transferred to our suppliers and third parties as described in the section headed providing your personal data to others below.


Information for everyone else

Overview

While our core business involves working with childminders and families, we will also receive personal data from others connected with our business like suppliers, commercial partners, journalists, or people who get in touch with us for any other reason. We may also receive personal data from our users which relates to you – for instance, if you are a providing a reference for one of our childminders, if you are authorized to pick up children in our childminders’ care, if you are a doctor providing a health statement, or if you are an emergency contact.

#### Personal data we handle relating to you

We may handle any of the following personal data:

  • Correspondence data: this is information contained in or relating to any enquiry or communication that you send to us or that we send to you, or intended to help us communicate with you if needed. This may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us such as your name, email address, phone number, job title, address or social media handle.
  • Partner data: If we have some other commercial relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship) then we may handle your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, POs and invoices, proposals and so on).
  • Usage data: about your use of our Site, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use.

What we do with it

Here’s what we do with your personal data, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)

We may process personal data on more than one legal basis depending on the specific purpose for which we are using it

Type of Data Purpose/Activity Legal Basis for Processing
Correspondence data Communicating with you, keeping records in relation to our business. Performance of a contract with you (if the correspondence relates to possible services you or we may provide) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications.
Partner data Administering our commercial relationship with you. Performance of a contract with you. Legitimate interest in properly administering our business, services and communications.
Usage data Analyzing the use of, and improving, our Platform and Site, security monitoring and fraud detection. Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy.
Any personal data For the purposes of legal compliance (e.g. maintaining tax records). Compliance with our legal obligations.
Any personal data Bringing and defending legal claims. Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights.
Any personal data Record-keeping and hosting, back-up and restoration of our systems. Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data.

Providing your personal data to others

In the ordinary course of our business we will disclose some information to third parties like our suppliers or advisors. This section explains when we might share your personal data with others.

Our advisors. We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.

Disclosures designated by you. We may disclose your personal data to third parties designated by you, such as other users of the Platform (like when we liaise between parents and Childminders).

Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:

  • any personal data in our possession to suppliers which host the servers on which our data is stored, or to freelance staff whose duties involve handling the relevant personal data;
  • contact details to providers of email, email marketing or physical delivery/courier services;
  • payments data to our payment processing service providers (such as Stripe);
  • usage data to providers of analytics services; and
  • information relating to our childminders, like correspondence, account or check data, to third parties who provide benefits for those childminders (for example, insurers) or who provide check services (like criminal record, local authority or credit checks).

We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.

Compliance. We may also disclose your personal data where necessary to comply with law (in particular if we become aware of any criminal activity or serious safeguarding concerns).

Restructuring If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations.

International transfers of your personal data

Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the UK and the EEA or may transfer your personal data to their own service providers located outside the UK and the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission). You may contact us if you would like further information about these safeguards.

Personal data that you submit for publication on the Site or Platform or otherwise make visible to other users may be available, via the internet, to others around the world. We cannot prevent the use (or misuse) of such personal data by others.

Data security

We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.

Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.

Retaining and deleting personal data

We don’t keep personal data any longer than is needed to fulfil the purposes for which we collected it in the first place. This section describes how we retain and delete personal data.

We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not kept for longer than is necessary for the relevant purposes. We maintain a retention policy, details of which are available on request.

We may retain your personal data longer where necessary to comply with law or in connection with any legal claim.

Our use of cookies

This section describes the cookies we use and how you can adjust your cookie settings.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use these kinds of cookies:

  • Strictly Necessary Cookies: These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Functionality Cookies: These cookies allow our Site to remember choices you make when you use our Site, such as remembering your login details and remembering the changes you make to other parts of our Site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
  • Analytical/Performance Cookies: These cookies are used to collect information about traffic to our Site and how users use our Site. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages that they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
  • Social Media Cookies: These cookies are used when you share information using a social media sharing button or “like” button on our Site or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
  • Google Analytics: The Sites use Google Analytics (an analytical/performance cookie) to help analyse how users use the Sites, collecting standard internet log information and visitor behaviour information in an anonymised form from which no user is identifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Sites. These reports allow us to optimise our user experience. Google provide a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/.
  • Third Parties: Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages made available by your browser operator.

Your rights

It’s important that you know your rights in relation to your personal data. This section should help you understand and exercise your legal rights.

You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at https://ico.org.uk/ for a fuller explanation of your rights. In summary, though:

  • the right to withdraw consent: where our processing is based on your consent (as described above) you have the right to withdraw that consent at any time by notifying us, in which case we will stop the relevant use;
  • the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information;
  • the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
  • the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes);
  • the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
  • the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law; and
  • the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.

Third Parties

The Site and App may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.

Amendments

We may update this Notice from time to time by publishing a new version on the Site and App. You should check occasionally to ensure you are happy with any changes to this Notice, although we may notify you of significant changes to this Notice using the contact details you have given us.

Data protection registration

We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA451440.

Contact Us

If you have any questions, comments or requests regarding this Privacy and Cookie Policy or our use of any personal data you provide to us, please contact us at Tiney Limited, International House, 12 Constance Street, London, E16 2DQ or at community@tiney.co


Last updated: 29th April 2021.

Child-friendly privacy notice

Who are we?

We are tiney, a company which connects childminders with parents and guardians. We also provide an online platform which helps the childminder and parent or guardian make arrangements, make payments, and share information more easily when the childminder looks after the parent or guardian’s children.

We are registered as a childminder agency, which means we have to obey laws which apply to those sorts of agencies. Childminders also have to obey laws which apply to childminders.

If you have any questions about this notice you can contact us at community@tiney.co – if you’re under 13 you should ask a parent or guardian to do this.

What is personal data?

“Personal data” means any information which relates to you. This could be your name or address, or it could be notes which relate to you (like a record of any allergies you may have, or your learning progress).

Why does tiney have your personal data?

We might receive personal data from your parent or guardian, or from the childminder who helps looks after you.

What personal data might tiney have?

We might have a few different kinds of personal data. Some of this is personal data which childminders are required to keep in order to comply with law. Our platform helps childminders and parents manage their childminding arrangements, and it’s helpful for that personal data to be stored on our platform. Some of this is personal data which might not be required by law, but which is useful to us when we provide our services connecting your parent or guardian and childminder. Here’s what we might have:

  • Your name;
  • Your date of birth;
  • Your address;
  • Health information, such as details of any allergies or special learning or physical requirements you may have;
  • Details of your likes and dislikes, like favourite books, toys or activities (or things you don’t like or want to do);
  • Information relating to your parents or guardians, or friends or family members who have permission to drop you off and pick you up from your childminder;
  • Records relating to your learning and other activities at your childminder, and when you were dropped off and picked up;
  • Notes and messages which your parents or childminders might make or send on our platform, which might be about you;
  • Photos which your parents or childminders might send each other through our platform, which might include you. If you or your parent or guardian have given consent for us, or for childminders, to use photos for marketing purposes, we will have a record of that consent.

What do we do with your personal data, and why?

We mostly hold your personal data to help your childminder and parent or guardian make arrangements, make payments, and share information more easily when the childminder looks after you. Most of the time, we don’t look at that personal data ourselves because we don’t have any reason to. For example, if your parent sends a message to your childminder which says “Alex has a sore arm today, so please don’t do any physical exercise,” or if your childminder maintains a record of your allergies and emergency contact details, we won’t normally look at that information. However, we might review that information:

  • if we have any reason to worry that childminding is not being conducted safely or properly. Because we are a registered childminder agency, we have to make sure that our childminders act properly. We also want to make sure that parents and guardians are happy with the childminding service.
  • to help resolve any disagreements or questions between your parent or guardian and childminder.
  • If there is an emergency. For instance we might need to check records relating to your health or who we can call in an emergency if you are hurt.

It is legal for us to hold and use this data for three main reasons:

  • To comply with our legal obligations as a childminder agency.
  • To provide our services and our platform to parents, guardians and childminders, which is useful to us (because that is what we do in our business) and to them (because our service is helpful to them). The childminder has to keep records to comply with their own obligations, and we help them manage that. The parents and guardians want to be able to set up and manage childminding arrangements easily, and we help them with that, too.
  • If you or your parents have given consent (in relation to our use of photos, or some information relating to your health).

Where does your personal data go?

Your personal data will be shared between your parent or guardian and your childminder. We may also share it with companies who provide services to us, if needed for them to provide those services to us. Some of those companies might be located outside the UK, and even outside Europe. Finally, we may share personal data if we are required to by law.

How long do we keep your personal data?

We keep your personal data only as long as it is needed in order for us to use it for the purposes we’ve described. We have a detailed policy setting out different timings to delete different kinds of personal data.

Your rights. You and your parents or guardians both have the right to:

  • be told how we use your personal data;
  • ask to see the personal data we hold;
  • ask us to change personal data if you think it is wrong;
  • ask us to delete personal data when it’s not needed anymore;
  • ask us to only use your personal data in certain ways; and
  • complain to the regulator in charge of data handling in the UK, which is the ICO.

We have kept this notice short and clear. We have also provided a longer notice to your parent or guardian describing how we handle your personal data, and if you have any queries you can talk to them as well as us.


Last updated: 29th April 2021


Global Goals LogosMeaningFul Business Logos

Business with a deep rooted social purpose

As part of our commitment to social impact we have pledged to play our part in meeting the 2030 Global Goals initiative around Quality Education set by World Leaders. We are also proud to be part of the Meaningful Business Network. Learn more.


© 2024 International House, 12 Constance Street, London, E16 2DQ

Tiney Limited (Firm Reference Number: 902967) is a registered EMD agent of Modulr FS Limited, a company registered in England and Wales with company number 09897919, which is authorised and regulated by the Financial Conduct Authority as an Electronic Money Institution (Firm Reference Number: 900573) for the issuance of electronic money and payment services. Your account and related payment services are provided by Modulr FS Limited. Whilst Electronic Money products are not covered by the Financial Services Compensation Scheme (FSCS) your funds will be held in one or more segregated accounts and safeguarded in line with the Electronic Money Regulations 2011 – for more information please see here.