Datamove Cloud Limited take the GDPR seriously and actively work to keep your staff’s and your customer’s personal data as secure as possible. While we can take no responsibility for the personal information you decide to store, we can ensure that the data is secured and managed lawfully.
We have examined the Data Protection Principles published by the Information Commissioner’s Office with regards to computer software in general and the childcare industry specifically, and have come to the following conclusions:
The Eight Data Protection Principles
1. Fair & Lawful
This is the first data protection principle. In practice, it means that you must:
• have legitimate grounds for collecting and using any personal data you store
• not use the data in ways that have unjustified adverse effects on the individuals concerned
• be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data
• handle people’s personal data only in ways they would reasonably expect
• make sure you do not do anything unlawful with the data
Datamove Cloud Limited will not use your data for marketing or any purpose other than administration of our business and/or support of your business.
This means that you must:
• be clear from the outset about why you are collecting personal data and what you intend to do with it
• comply with the Act’s fair processing requirements – including the duty to give privacy notices to individuals when collecting their personal data
• comply with what the Act says about notifying the Information Commissioner
• ensure that if you wish to use or disclose the personal data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair
Datamove Cloud Limited will only use any information obtained for the original stated purpose.
You need to ensure that:
• you hold personal data about an individual that is sufficient for the purpose you are holding it for in relation to that individual
• you do not hold more information than you need for that purpose
Datamove Cloud Limited will only hold the data necessary to perform our role as service providers.
To comply with these provisions you must:
• take reasonable steps to ensure the accuracy of any personal data you obtain
• ensure that the source of any personal data is clear
• carefully consider any challenges to the accuracy of information
• consider whether it is necessary to update the information.
Datamove Cloud Limited always take care when entering personal data. We actively manage the data we hold, checking customer details are up to date if we are in any doubt.
This means you will need to:
• review the length of time you keep personal data
• consider the purpose or purposes you hold the information for in deciding whether (and for how long) to retain it
• securely delete information that is no longer needed for this purpose or these purposes
• update, archive or securely delete information if it goes out of date
Datamove Cloud Limited do not hold sensitive information on any of our customers beyond contact details. Any customer data used during problem resolution and/or testing is deleted once it is no longer required.
The rights of individuals referred to are:
• a right of access to a copy of the information comprised in their personal data
• a right to object to processing that is likely to cause or is causing damage or distress
• a right to prevent processing for direct marketing
• a right to object to decisions being taken by automated means
• a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
• a right to claim compensation for damages caused by a breach of the Act
Datamove Cloud Limited can produce a letter with all the details we hold for an individual on request. We reserve the right to make a small charge for this service to cover costs.
This means you must have appropriate security to prevent the personal data you hold from being accidentally or deliberately compromised. In particular, you will need to:
• design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach
• be clear about who in your organisation is responsible for ensuring information security
• make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff
• be ready to respond to any breach of security swiftly and effectively
All personal data held by Datamove Cloud Limited is encrypted and password protected by default.
We encrypt all data stored on and sent to and from the servers to prevent snoopers seeing any details.
We recommend that you protect Instant Nursery Manager using ‘strong’ passwords of at least 8 characters and a mixture of UPPER and lower case and numerics (A-Z, a-z, 0-9). For maximum security include punctuation as well. Don’t use easily guessable passwords such as ‘password1’.
We will be enforcing the use of stronger passwords for all new customers in the near future and will be happy to update the system for existing customers once the coding is complete. We will let you know when this can be implemented for your copy of the software.
This is the eighth data protection principle. It concerns transferring and/or holding data outside the EEA.
• Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Datamove Cloud Limited do not store or backup any data outside of the EEA.