Here at tiney, we take privacy rights seriously. We respect the privacy of all individuals we deal with, including our website visitors, childcare providers and parents who use our services, suppliers, enquirers and anyone else we encounter in our business.
This Policy sets out information about how we use, store and transfer personal data which we receive through our website tiney.co and our mobile application (for the sake of ease of reading we’ll call both of these together the Site) or otherwise. We are a data controller in relation to that personal data, which means we determine the purposes and means of the processing of that personal data.
We or us means Tiney Limited, trading as tiney, a company registered in the United Kingdom under number 11194291 whose registered offices are at International House, 12 Constance Street, London, E16 2DQ.
Full details are set out in the relevant sections of this Policy below, but keeping it brief:
- we normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted (e.g. other users of the Site);
- if you are a parent, then we will process very little, or no, personal data relating to your children – typically we might have only their first name and/or age;
- we use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
- we only provide your personal data to third parties for our business purposes or as permitted by law. We don’t share your data with third party advertisers;
- we store personal data for specified periods; you have legal rights in relation to your personal data which you can exercise on request;
- you can contact us to enquire about any of the contents of this Policy.
Importantly, this Policy relates only to the persona data which we receive and use. If you’re a parent engaging a childcare provider, then you will likely provide personal data to the childcare provider relating to yourself and your family. The childcare provider’s use of that personal data will be governed by your own contract with the childcare provider and by any privacy notice issued by him or her.
1. Personal Data we Collect
We collect all sorts of personal data in providing our services and in our normal day-to-day business interactions. This section describes the kinds of data we collect, and the kinds of individuals to whom it might relate (such as parents, childcare providers or family members).
In this Section we have set out the kinds of personal data that we may collect, use, store and transfer. We have grouped that data together into different categories based on its subject matter, and based on the kinds of individuals to whom they relate.
Data relating to almost everyone we deal with: e.g. Site users, enquirers, suppliers
1.1 We may process data about your use of our Sites (usage data), which we obtain through our analytics tracking systems. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
1.2 We may process information contained in or relating to any enquiry or communication that you send to us or that we send to you (correspondence data). This could for example include customer support queries from our users (whether parents or childcare providers), enquiries from journalists or any other correspondence. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us such as your name, email address, phone number, job title, address or social media username.
Data relating to registered users of our Site:
1.3 We may process the account data (account data) you provide to us in setting up or using an account via the Site, or in engaging with us offline to provide services to you. The account data may include your name, email address, phone number, postal address, username and password. If you use a third-party application like Facebook to log into your account on our website then we may receive and process account data from the relevant third party. Account data may also include account-related records (for instance, the record of the engagement of a childcare provider by a parent).
1.4 If you are a childcare provider then we may process personal data provided by you relating to your experience, qualifications, registration with OFSTED or Childminding Agency, references and criminal record (all of which we’ll call check data). We may also conduct credit checks (as some of the suppliers of the benefits we offer to our childcare providers, like insurance, may require these). If you are a referee providing a reference for a childcare provider then the check data may include your name and the contents of your reference. We may also process personal data relating to your health, such as information provided through a health declaration form (which we will call childcare provider health data).
1.5 We may process any personal data which you include in any advert, comment, message, feedback or other submission you upload or post to our Site or provide to us for publication on our Site. We call all of this user-submitted content data. We do not pre-moderate or have any control over what you include in user-submitted content data, so we ask that you carefully consider your own privacy in deciding what to include in it. Because user-submitted content data is determined by you, it could potentially include special categories of data, such as data about race, ethnic origin, politics, religion, health, sex life or sexual orientation, although we ask that you avoid including any such data unless utterly necessary.
Data relating to family
1.7 We may receive personal data from parents or childcare providers relating to the family which is either looking for or receiving childminding services. We call this family data. Typically this information is extremely limited, and covers only the names and contact details of parents, or the names and ages of children, as may be necessary to administer our services. For example, if we provide a billing service to a childcare provider, and that childcare provider wishes to raise an invoice for looking after John and Jane Smith’s children, Jimmy and Janet, then it is possible that we may have a record of Jimmy and Janet’s names to enable clear billing. Where the parent or guardian has consented to us doing so, we may receive photos taken during childminding which may feature the children who are being looked after, which may be used for promotional and marketing purposes. Those photos constitute personal data relating to the children. If you provide us with information relating to your family, then you must do so as their parent or guardian in relation to children, or with their permission in relation to adults (such as your spouse or partner).
Data relating to suppliers and other commercial partners
1.8 If we have some other commercial relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship) then we may handle your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, POs and invoices, proposals and so on). We call all of this partner data, and we process it for the purposes of administering our commercial relationship with you.
Personal data we obtain from others
1.9 Your personal data may be provided to us by someone other than you. We might be introduced to you in correspondence by a mutual acquaintance, or we might receive personal data through your social media account if you use it to log in, or we might receive personal data through other users of the Site (for instance, if a parent sends us feedback in relation to a childcare provider or vice versa). Normally this data will be correspondence data, user-submitted content data or partner data as described above. Childcare provider health data may be provided to us by your doctor through a health declaration form.
2. Our purposes and legal bases of processing
We want you to fully understand what we do with your personal data. This section explains the purposes for which we use it.
2.10 We have set out below, in table format, a description of all the ways we may use your personal data. We’re also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the basis of our legitimate interests then we also need to identify those legitimate interests and have done so below.
2.11 Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data. Feel free to contact us for further information.
|Type of Data||Purpose/Activity||Legal Basis for Processing|
|Usage Data||Analyzing the use of, and improving, our Site and services, security monitoring and fraud detection and to ensure each Site is presented in the most effective manner.||Our legitimate interests (Art 6.1(f) GDPR), namely delivering and improving our Sites, informing marketing strategy, and ensuring the security of the Sites.|
|Correspondence Data||To communicate with you. If you have indicated your interest in our services then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time).||Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries. Where correspondence data relates to marketing, our legitimate interests in developing our business. Where correspondence relates to registered use of our Site, or to any contract or potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Art 6.1(b) GDPR).|
|Account Data||Operating our Site, providing our services, ensuring the security of our Sites and services, verifying logins, and communicating with you.||Performance of a contract with you (i.e. delivering our services through the account). Our legitimate interests, namely properly administering our business, services and communications.|
|Check data||Confirming the suitability of childcare providers to provide childminding services.||Performance of a contract with you. Our legitimate interests, namely providing assurance of a safe user experience to parents.|
|Criminal record information contained in check data||Confirming the suitability of childcare providers to provide childminding services||Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR)|
|Childcare provider health data||Confirming the suitability of childcare providers to provide childminding services. We have a duty to ensure this suitability under the Childcare Act 2006 and Childcare (Childminder Agency) (Registration, Inspection and Supply and Disclosure of Information) Regulations 2014||Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR), Compliance with our legal obligations (Art 6.1(c) GDPR, Art 9.2(b) GDPR)|
|User-submitted content data.||Operating our Sites, providing our services, publishing user comments and feedback.||Our legitimate interests, namely operating our Site and ensuring a good user experience through comments, listings and feedback.|
|Special category data contained in user-submitted content data||Operating our Sites, providing our services, publishing user comments and feedback.||Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR)|
|Payments data||Making and receiving payments to and from our users.||Performance of a contract with you.|
|Family data||Administering our services, liaising between parents and childcare providers.||Performance of a contract with you (i.e. delivering our services). Our legitimate interests, namely properly administering our business, services and communications.|
|Partner data||Administering our commercial relationship with those with whom we do business.||Performance of a contract with you. Our legitimate interests, namely properly administering our business and communications, and developing commercial relationships.|
|Any personal data||For the purposes of legal compliance (e.g. maintaining tax records)||Compliance with our legal obligations (Art 6.1(c) GDPR)|
|Any personal data||For the purposes of bringing and defending legal claims||Our legitimate interests, namely being able to conduct and defend legal claims to preserve our rights and those of others.|
|Any personal data||Record-keeping and hosting, back-up and restoration of our systems,||Our legitimate interests, namely ensuring the resilience of our IT systems and the integrity and recoverability of our data.|
|Photos featuring children||Promotional uses relating to our business and services, and those of the childminder, in any medium||The consent of the parent or guardian|
3. Providing your personal data to others
In the ordinary course of our business we will disclose some information to third parties like our suppliers or advisors. This section explains when we might share your personal data with others.
3.10 Our advisors. We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.
3.11 Disclosures designated by you. We may disclose your personal data to third parties designated by you, such as other users of the Site to whom you show public information such as user-submitted content data, or between parents and childcare providers or information relating to our childcare providers which we disclose to providers of certain benefits offered through us.
3.12 Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:
- any personal data in our possession to suppliers which host the servers on which our data is stored, or to freelance staff whose duties involve handling the relevant personal data;
- correspondence data to providers of email or email marketing services;
- payments data to our payment processing service providers (such as Stripe);
- usage data to providers of analytics services; and
- information relating to our childcare providers, like correspondence, account or check data, to third parties who provide benefits for those childcare providers (for example, insurers); and
- partner data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
3.2 We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
3.21 Compliance. We may also disclose your personal data where necessary to comply with law.
3.22 Restructuring. If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations.
4. International transfers of your personal data
4.1 Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.
4.2 Personal data that you submit for publication through our Site or services or otherwise make visible to other users may be available, via the internet, to others around the world. We cannot prevent the use (or misuse) of such personal data by others.
4.3 Other Site users may be located outside the EEA and if you message them using the messaging functions of the Site then your personal data will necessarily leave the EEA.
5. Data security
5.1 We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.
5.2 Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.
6. Retaining and deleting personal data
We don’t keep personal data any longer than is needed to fulfil the purposes for which we collected it in the first place. This section describes how we retain and delete personal data.
6.1 We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not be kept for longer than is necessary for the relevant purposes. In particular:
- partner and payments data will be retained for seven years after the end of the relevant contractual relationship;
- correspondence data will be retained for the period of the enquiry or chain of correspondence and then deleted after twelve months;
- most data associated with any account on our Site (including account data) will be kept during the life of the account and then deleted no more than twelve (12) months after account closure. However, we may retain account data relating to introductions made through the Site for up to seven years following closure as this may be relevant to any ongoing contract, complaint or potential legal claim;
- usage data will be retained for twelve months;
- any data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Typically this will be derived from usage data.
6.2 We maintain system backups for disaster recovery purposes and may retain those backups for up to six months. That means that information which is deleted from our live systems may still remain in backup for up to six months.
6.3 We may retain your personal data longer than set out above where necessary to comply with law or in connection with any legal claim.
7. Your rights
It’s important that you know your rights in relation to your personal data. This section should help you understand and exercise your legal rights.
7.1 You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at www.ico.gov.uk for a fuller explanation of your rights. In summary, though:
- the right to withdraw consent: where our processing is based on your consent (as described in section 2.11 above) you have the right to withdraw that consent at any time by notifying us, in which case we will stop the relevant use;
- the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information;
- the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
- the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes);
- the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
- the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law;
- the right to data portability: you have the right to receive your personal data from us if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means; and
- the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.
This section describes the cookies we use and how you can adjust your cookie settings.
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.
8.4 We use these kinds of cookies:
- Strictly Necessary Cookies: these cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
- Functionality Cookies: These cookies allow our Site to remember choices you make when you use our Site, such as remembering your login details and remembering the changes you make to other parts of our Site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
- Analytical/Performance Cookies: These cookies are used to collect information about traffic to our Site and how users use our Site. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages that they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
- Social Media Cookies: These cookies are used when you share information using a social media sharing button or “like” button on our Site or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
- Google Analytics: The Sites use Google Analytics (an analytical/performance cookie) to help analyse how users use the Sites, collecting standard internet log information and visitor behaviour information in an anonymised form from which no user is identifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Sites. These reports allow us to optimise our user experience. Google provide a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/.
8.5 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages made available by your browser operator.
9. Third Parties
The Site may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.
We may update this Policy from time to time by publishing a new version on the Site. You should check occasionally to ensure you are happy with any changes to this Policy, although we may notify you of significant changes to this Policy using the contact details you have given us.
11. Data protection registration
We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA451440.
12. Contact Us
Last updated: 29th October 2019