Datamove Cloud Limited take the GDPR seriously and actively work to keep your staff’s and your customer’s personal data as secure as possible. While we can take no responsibility for the personal information you decide to store, we can ensure that the data is secured and managed lawfully.
Datamove Cloud Limited have created a standard Data Processing Agreement to which we assume our customers agree unless an alternative agreement is in place.
We have examined the Data Protection Principles published by the Information Commissioner’s Office with regards to computer software in general and the childcare industry specifically, and have come to the following conclusions:
The Six Data Protection Principles
1. Lawfulness, fairness and transparency
This is the first data protection principle. In practice, it means that you must:
• have legitimate grounds for collecting and using any personal data you store
• not use the data in ways that have unjustified adverse effects on the individuals concerned
• be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data
• handle people’s personal data only in ways they would reasonably expect
• make sure you do not do anything unlawful with the data
Datamove Cloud Limited will not use your data for marketing or any purpose other than administration of our business and/or support of your business.
2. Purposes
This means that you must:
• be clear from the outset about why you are collecting personal data and what you intend to do with it
• comply with the Act’s fair processing requirements – including the duty to give privacy notices to individuals when collecting their personal data
• comply with what the Act says about notifying the Information Commissioner
• ensure that if you wish to use or disclose the personal data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair
Datamove Cloud Limited will only use any information obtained for the original stated purpose.
3. Data minimisation
You need to ensure that:
• you hold personal data about an individual that is sufficient for the purpose you are holding it for in relation to that individual
• you do not hold more information than you need for that purpose
Datamove Cloud Limited will only hold the data necessary to perform our role as service providers.
4. Accuracy
To comply with these provisions you must:
• take reasonable steps to ensure the accuracy of any personal data you obtain
• ensure that the source of any personal data is clear
• carefully consider any challenges to the accuracy of information
• consider whether it is necessary to update the information.
Datamove Cloud Limited always take care when entering personal data. We actively manage the data we hold, checking customer details are up to date if we are in any doubt.
5. Storage limitation
This means you will need to:
• review the length of time you keep personal data
• consider the purpose or purposes you hold the information for in deciding whether (and for how long) to retain it
• securely delete information that is no longer needed for this purpose or these purposes
• update, archive or securely delete information if it goes out of date
Datamove Cloud Limited do not hold sensitive information on any of our customers beyond contact details. Any customer data used during problem resolution and/or testing is deleted once it is no longer required.
6. Integrity and confidentiality
This means you must have appropriate systems and procedures in place to prevent the personal data you hold from being accidentally or deliberately compromised. In particular, you will need to:
• design and organise your prodecures to fit the nature of the personal data you hold and the harm that may result from a security breach
• be clear about who in your organisation is responsible for ensuring information security
• make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff
• be ready to respond to any breach of security swiftly and effectively
All personal data held by Datamove Cloud Limited is encrypted and password protected by default.
We encrypt all data stored on and sent to and from the servers to prevent snoopers seeing any details.
We recommend that you protect Instant Nursery Manager using ‘strong’ passwords of at least 8 characters and a mixture of UPPER and lower case and numerics (A-Z, a-z, 0-9). For maximum security include punctuation as well. Don’t use easily guessable passwords such as ‘password1’.
We will be enforcing the use of stronger passwords for all new customers in the near future and will be happy to update the system for existing customers once the coding is complete. We will let you know when this can be implemented for your copy of the software.
Individual Rights
The rights of individuals referred to are:
• the right to be informed of the personal data being collected, how it will be used, who it will be shared with, for how long it will be kept and the purpose if it's processing
• the right of confirmation that their data is being processed, access to that data as well as further informatiuon regarding any automated decision making, or the envisioned period of retention
• the right to have personal data rectified should it be inaccurate or incomplete
• the right to request erasure of any data held if there is no compelling reason for it's continued processing or availability
• the right to restrict processing (e.g. viewing, alterring or deleting) of data if the data held is inaccurate, unlawfully held or is subject to a pending objection by the data subject.
• the right to data portability, allowing individuals to obtain and reuse their personal data across different services
• the right to object to the processing of personal data for certain reasons including a duty to notify an individual of this right at the first time of communication
• the right to opt out of, challenge, and/or have automated decisions reviewed by a human being
Datamove Cloud Limited can produce a letter with all the details we hold for an individual on request. We reserve the right to make a small charge for this service to cover costs.
