Privacy Policy Our privacy statement

Updated: 5 Dec 2023

The purpose of this policy is to explain what data we collect about you and why, how we use your personal data and your rights when you use Staff Leave both via an app store, or when you visit our website. When we refer to the "data controller" or "Staff Leave", and when we say "we", “us”, “our”, we mean Redbeck Ltd, trading as Staff Leave (Registered in England 07321821).

Why do We Collect Personal Information?

Staff Leave collects and uses your personal information to allow us to provide you with the features and services available in our app and website. We also use your personal data to carry out critical business functions such as accounting, opt-in marketing, product updates and helping you with support.

What Personal Information Do We Collect?

We collect your personal information when you sign-up via the StaffLeave app, or via our website, or when you interact with us through our support helpdesk (Zendesk) or request a demo.

The type of information we collect depends on your user profile. If you’ve been invited to use Staff Leave by your administrator and when using the Staff Leave app or website, we collect personal information including: -

  • Personal Identifiable Information: including your first and last name
  • Contact Information: this includes your email address, and your phone number. Phone numbers are optional.
  • Your Profile Picture: this is optional and securely stored if you opt to take a selfie with your mobile phone camera or select an image from your photo library. For privacy, you can also choose from a pre-existing avatar rather than take a selfie.

Additionally, we collect other information such as: -

  • Profile Information: such as your privacy options, account preferences
  • Technical Information: we collect information such as your IP address, device, and operating system. Apart from your IP address, this information is collected anonymously and only linked to your personal information if you report a bug or technical issue. We collect IP addresses to help identify security threats from malicious users. An IP address can give the approximate location of a user narrowed down to a city or region; however, this is classed as a non-precise location and doesn’t expose your exact location. We may also collect more detailed technical logs if you report an issue that we need more help with, again we will let you know if there is a requirement to collect this information during your support request.
  • Other Information: we record any data you input into the app for the purpose of the apps function, such as recording holiday leave. This data is then shared with your manager or team based on account privacy controls.
  • Anonymous Data: We collect and use analytical data for statistics and reporting, this is data that is collected and aggregated to show trends, such as how people use Staff Leave, and is not considered personal data. We use Google Analytics for Firebase to help collect this information.

In addition, if you’re a Staff Leave Administrator, that is someone who created a team, we may collect the following (via our website only) if applicable to your plan: -

  • Financial Data: such as payment details and address information needed to carry out accounting functions such as raising invoices and processing payments.

When Do We Collect Personal Information, and How Do We Use It?

We’re committed to providing you with the best Staff Leave booking experience – to do that, we have a legitimate interest to collect and use your information in the following ways: -

  • When you sign-up: we ask for personal identifiable information such as your first name, last name and optionally, your phone number. We use this information to send you personal email notifications and account updates as well as mobile notifications. If you’re a Staff Leave administrator, we’ll additionally ask for your Team or Company name.
  • When you use Staff Leave: we collect information about the holiday requests you make so you can use this information to keep track of your requests submitted to date, and at the point of the request, we inform your administrator, manager, or approver of this request.
  • When you contact support: if you contact us via our website, you’ll provide your name, email and support enquiry via a contact form. When you send the same support request via our mobile app, your email and name from your account will be used for your support request, as this was provided when you signed up. This information is then sent to our external service provider Zendesk to create a ticket. We use Zendesk for all our support.
  • When you submit a bug report (via our app): When you send a bug report via the mobile app, you’ll provide your email, name, details of the bug report. We automatically send supporting technical details such as your mobile device model, and operating system version. This information is then sent to our external service provider Zendesk to create a ticket. We use Zendesk for all our support. We also exclusively use any additional technical details for the purpose of fixing the reported bug.
  • When you arrange a demo (via our website): when you book a demo with us, we collect your name, email, and optionally your phone number. We then contact you with a link to join a video call on an arranged date. We only use your personal for the purpose of this call and we use an external service provider; Motion to plan and arrange the meeting.
  • When you optionally pay for StaffLeave (via our website): we’ll ask you for your billing address, optional tax ID and payment information, such as your card details. Your card details will be captured directly by our third-party payment provider: Stripe. The only details we store are the last 4 digits of your payment card and expiry date; this is so we can show you which card you used to pay us with.
  • When you import data via a spreadsheet: our systems will need to access your file to import data into your account. Only you have access to this data, and it is not shared with anyone else. Once an import has completed, the file is then deleted from our systems.

Who Do We Share Information With?

We do not share your Personal Data that we have collected from you or regarding you expect in limited circumstances where we engage external service providers to help us provide our services, or if our business was to be sold or developed.

These third parties include: -

External Service Providers (Sub Processors): For example, you may interact with third parties such as Stripe when making a payment, or you may interact with Zendesk when making a support request. When information is passed to a third party, we make sure that your data is processed in accordance with instructions set out by us, and we only share the minimum required level of information to allow the third-party service to be provided. You also have the option to manage your data with these third parties in the same way you would with us. You can learn more about which external service providers we share data with in the next section.

Business Transferees: As we grow and develop our business, we might sell or buy business assets. In the event of a corporate sale or merger, Personal Data may be disclosed as part of the transfer of assets. As a user, you will be fully notified of our intention in this instance before any transfer was to take place.

External Service Providers (Sub Processors)

This section identifies the sub-processors we use and where they are located as well as the services, they provide to us. Before engaging any Sub-processor, we perform extensive due diligence, including detailed security and legal analysis. Our sub-processors are all subject to applicable data protection laws.

  • Stripe - Card Payment Processing - United States
  • Zendesk - Customer Service, telephone, live chat and email communications - United States
  • Cloudflare Inc – CDN, manage web traffic - United States
  • Google Analytics for Firebase – Data Analytics, anonymous user trends - United States
  • Motion – Work planning, and arranging meetings - United States

Where Is My Data Stored?

Your data currently resides in the UK at our dedicated hosting facility in Leeds. We also store additional data with our hosting partner Amazon AWS on servers located in London, UK. Additionally, we use the services of CloudFlare to securely transmit user data across the internet, however no personal data is stored with CloudFlare, only transmitted.

How Do You Protect My Information?

We take certain measures to make sure your personal data always stays secure. We work hard to protect your information from unauthorised access or disclosure, and have specific protocols in place including: -

  • Sending all data over a 256bit SSL encryption so your data is always encrypted in transit. We use this connection standard for all our services, including our website and our mobile apps. When using our website, you can also validate our SSL connection by clicking on the padlock, where you can view the details of our digitally signed certificate
  • Operate a secure datacentre facility with authorized access only
  • Maintaining industry standard PCI compliance scans and quarterly audits at our Leeds datacentre. This standard is optional, and normally applicable for businesses processing card data. We use it as our internal standard to maintain a high level of security
  • Utilising firewalls that restrict access and ban users that make repeated login attempts to website administration services
  • Conducting regular monitoring of servers that house personal data
  • Restricting access to personal data on a need-to-know basis by named employees

We have an internal data protection policy that outlines procedures our staff should follow in the unlikely event of a data breach. It also outlines timeframes for notifying regulators such as the ICO in line with our legal obligations and UK law.

We also strive to ensure security on our systems. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, or altered or destroyed by breach of our administrative or technical safeguards. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your StaffLeave password with anyone.

How Long Do We Keep Your Information?

  • We store your basic account information such as your name, email and phone number until you either ask us to delete them, or your account becomes dormant.
  • If your account is dormant for 18 months or more, we will send you an email asking if you’d still like to keep your account. If we don’t hear from you, your account will automatically be deleted 60 days from the date of this notice.
  • We store other information such as holiday request data for the life of your account, unless you either ask us to delete it, or your account becomes dormant.
  • We also store temporary data, such as notifications, and this data automatically expires based on the number of new notifications you have in your notification queue.

Keep in mind, that while our systems are built to automatically delete data based on our given timeframes, that we cannot promise that deletion will occur within this time frames. There may be legal requirements to store your data and we may need to suspend any deletion practices if we receive valid legal instructions asking us to preserve content. We may also retain certain information in backup for a limited period of time, or if required to do so by law.

If applicable, from the point of your last invoice date, some of your personal data may be retained to meet certain regulatory requirements. For example, we are required by UK tax law to keep your billing details such as your name, address, email address and phone number for a minimum of 6 years, after which this data will be destroyed. Some data may be kept for longer but only under your strict instructions.

Only Staff Leave administrators will share their billing details with us; being the owner of the team or company account, they will be responsible for any payments and will look after the billing process.

If applicable, data relating to direct marketing will be kept until you instruct us not to do so. When you withdraw your right to use your data for direct marketing, your email address and name will be removed from our mailing list.

Access to Your Personal Information & Your Rights

You control the personal data you share with us, and you always have full access to the information we have about you. You can access or rectify this data at any time. You can also completely remove some of your data at any time, such as your phone number if you no longer wish to use it. To review and update your personal information, simply log into your Staff Leave account to make the required changes. You can also contact us directly to request additional information about:-

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe any of the information we hold about you is incorrect, you have the right to request us to correct it as soon as possible.

Your rights also extend to asking us to erase all your personal data and to restrict how it is processed in line with data protection laws.

If you wish to contact us to discuss your data, see a copy of your data, or would like to submit a removal request, you can do so by contacting us here

.

Do Not Track Disclosure

Your browser may offer you a “Do No Track” option, which allows you to inform operators of websites and web services that you do not want them to track your online activities. Staff Leave does not currently support Do Not Track requests at this time.

Collecting Other Information

Generally, we don't collect additional personal information when you browse or use the StaffLeave app, unless you have already disclosed this information to us. Any information you have disclosed to us if fully accessible to you via our app or website.

Your browser, however, does automatically tell us the type of computer and operating system you are using, or if using one of our apps, again anonymously, what type of mobile device and operating system version you’re using.

We collect this information to help us understand more about what type of hardware technology is being used to access our services, and in turn, help us improve our software and user experience.

When using our website, or a supporting webpage accessed via the StaffLeave app, like many websites, our website uses "cookie" technology. When you first connect to our site, the cookie identifies your browser with a unique, random number. The cookies we use do not reveal any personal information about you, except perhaps your first name so we can welcome you on your next visit. Cookies are used to store information while you visit, such as your shopping cart contents etc.

How We Use Cookies

Cookies are very small text files that are stored on your computer when you visit some websites. When you access webpages via our website, help desk, or supporting webpages via the Staff Leave app, you’ll also be exposed to cookies.

We use cookies to help identify your computer so we can tailor your user experience, as well as anonymously track user habits and usage, for example, to tell us how many users have visited a certain page on our website.

You can disable any cookies already stored on your computer using your browser settings, but these may stop our website from functioning properly.

To explain what cookies we use, we have outlined these below.

The following is strictly necessary in the operation of our website.

Our Website Will:

  • Remember which services you are using
  • Remember which devices have access to our services
  • Remember that you are logged in and that your session is secure.  You need to be logged in to use your account.

The following are not Strictly Necessary, but are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).

Functional Cookies

Our Website Will:

  • Offer Live Chat Support (If available)
  • Track the pages you visits via Google Analytics

Targeting Cookies

Our Website Will:

  • Allow you to share pages with social networks such as Facebook (If available)

Our website will not

  • Share any personal information with third parties apart from those listed in our sub-processor list.

How We Collect Your Card Information

When you place an order with us using your credit card, your information is passed for processing to one of our online card processing agencies using a 256 bit SSL secure connection. Currently we work with Stripe for all card payments, but we also use PayPal for some additional payments.

For added piece of mind, we do not store your card number locally on our servers. We use a third-party data processor called Stripe to process card payments. You can read their privacy policy here. If paying via your PayPal account, you’ll be using PayPal’s services, you can read their privacy policy here

Changes and Questions

We keep this privacy policy under regular review. Any changes will be published and dated on this page, and if they’re significant we’ll send you an email to let you know.

If you have any questions, comments or requests regarding our privacy policy or your rights, you can get in touch with us by sending a message here

Also, learn more about our Data Deletion Policy. If you'd like to request removal of your data, you can submit a data deletion request here.