Updated: 19 June 2022
The purpose of this policy is to explain what data we collect about you and why, how we use your personal data and your rights when you use Staff Leave both via an app store, or when you visit our website. When we refer to the "data controller" or "Staff Leave", and when we say "we", “us”, “our”, we mean Redbeck Ltd, trading as Staff Leave (Registered in England 07321821).
Staff Leave collects and uses your personal information to allow us to provide you with the features and services available in our app and website. We also use your personal data to carry out critical business functions such as accounting, opt-in marketing, product updates and helping you with support.
We collect your personal information when you sign-up via the StaffLeave app, or via our website, or when you interact with us through our support helpdesk (Zendesk) or request a demo.
The type of information we collect depends on your user profile. If you’ve been invited to use Staff Leave by your administrator and when using the Staff Leave app or website, we collect personal information including: -
Additionally, we collect other information such as: -
In addition, if you’re a Staff Leave Administrator, that is someone who created a team, we may collect the following (via our website only) if applicable to your plan: -
We’re committed to providing you with the best Staff Leave booking experience – to do that, we have a legitimate interest to collect and use your information in the following ways: -
We do not share your Personal Data that we have collected from you or regarding you expect in limited circumstances where we engage external service providers to help us provide our services, or if our business was to be sold or developed.
These third parties include: -
External Service Providers (Sub Processors): For example, you may interact with third parties such as Stripe when making a payment, or you may interact with Zendesk when making a support request. When information is passed to a third party, we make sure that your data is processed in accordance with instructions set out by us, and we only share the minimum required level of information to allow the third-party service to be provided. You also have the option to manage your data with these third parties in the same way you would with us. You can learn more about which external service providers we share data with in the next section.
Business Transferees: As we grow and develop our business, we might sell or buy business assets. In the event of a corporate sale or merger, Personal Data may be disclosed as part of the transfer of assets. As a user, you will be fully notified of our intention in this instance before any transfer was to take place.
This section identifies the sub-processors we use and where they are located as well as the services, they provide to us. Before engaging any Sub-processor, we perform extensive due diligence, including detailed security and legal analysis. Our sub-processors are all subject to applicable data protection laws.
Your data currently resides in the UK at our dedicated hosting facility in Leeds. We also store additional data with our hosting partner Amazon AWS on servers located in London, UK. Additionally, we use the services of CloudFlare to securely transmit user data across the internet, however no personal data is stored with CloudFlare, only transmitted.
We take certain measures to make sure your personal data always stays secure. We work hard to protect your information from unauthorised access or disclosure, and have specific protocols in place including: -
We have an internal data protection policy that outlines procedures our staff should follow in the unlikely event of a data breach. It also outlines timeframes for notifying regulators such as the ICO in line with our legal obligations and UK law.
We also strive to ensure security on our systems. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, or altered or destroyed by breach of our administrative or technical safeguards. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your StaffLeave password with anyone.
Keep in mind, that while our systems are built to automatically delete data based on our given timeframes, that we cannot promise that deletion will occur within this time frames. There may be legal requirements to store your data and we may need to suspend any deletion practices if we receive valid legal instructions asking us to preserve content. We may also retain certain information in backup for a limited period of time, or if required to do so by law.
If applicable, from the point of your last invoice date, some of your personal data may be retained to meet certain regulatory requirements. For example, we are required by UK tax law to keep your billing details such as your name, address, email address and phone number for a minimum of 6 years, after which this data will be destroyed. Some data may be kept for longer but only under your strict instructions.
Only Staff Leave administrators will share their billing details with us; being the owner of the team or company account, they will be responsible for any payments and will look after the billing process.
If applicable, data relating to direct marketing will be kept until you instruct us not to do so. When you withdraw your right to use your data for direct marketing, your email address and name will be removed from our mailing list.
You control the personal data you share with us, and you always have full access to the information we have about you. You can access or rectify this data at any time. You can also completely remove some of your data at any time, such as your phone number if you no longer wish to use it. To review and update your personal information, simply log into your Staff Leave account to make the required changes. You can also contact us directly to request additional information about:-
If you believe any of the information we hold about you is incorrect, you have the right to request us to correct it as soon as possible.
Your rights also extend to asking us to erase all your personal data and to restrict how it is processed in line with data protection laws.
If you wish to contact us to discuss your data, see a copy of your data, or would like to submit a removal request, you can do so by contacting us here.
Your browser may offer you a “Do No Track” option, which allows you to inform operators of websites and web services that you do not want them to track your online activities. Staff Leave does not currently support Do Not Track requests at this time.
Generally, we don't collect additional personal information when you browse or use the StaffLeave app, unless you have already disclosed this information to us. Any information you have disclosed to us if fully accessible to you via our app or website.
Your browser, however, does automatically tell us the type of computer and operating system you are using, or if using one of our apps, again anonymously, what type of mobile device and operating system version you’re using.
We collect this information to help us understand more about what type of hardware technology is being used to access our services, and in turn, help us improve our software and user experience.
When using our website, or a supporting webpage accessed via the StaffLeave app, like many websites, our website uses "cookie" technology. When you first connect to our site, the cookie identifies your browser with a unique, random number. The cookies we use do not reveal any personal information about you, except perhaps your first name so we can welcome you on your next visit. Cookies are used to store information while you visit, such as your shopping cart contents etc.
Cookies are very small text files that are stored on your computer when you visit some websites. When you access webpages via our website, help desk, or supporting webpages via the Staff Leave app, you’ll also be exposed to cookies.
You can disable any cookies already stored on your computer using your browser settings, but these may stop our website from functioning properly.
To explain what cookies we use, we have outlined these below.
The following is strictly necessary in the operation of our website.
Our Website Will:
The following are not Strictly Necessary, but are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).
Our Website Will:
Our Website Will:
Our website will not
When you place an order with us using your credit card, your information is passed for processing to one of our online card processing agencies using a 256 bit SSL secure connection. Currently we work with Stripe for all card payments, but we also use PayPal for some additional payments.