We will continue to build and execute on our existing security practices to ensure we take all reasonable measures to secure and protect your data in accordance with all applicable laws, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (“Data Protection Laws”).
Rotageek obtains Personal Data about you from various sources to provide our Services and to manage our Sites. “You” may be a visitor to one of our websites, a user of one or more our Services (“User” or “Organisation”) or an employee of a user (“Employee”). If you are an Employee, Rotageek will generally not collect your Personal Data directly from you. Your agreement with the relevant Organisation should explain how the Organisation shares your personal data with Rotageek, and if you have questions about this sharing, then you should direct those questions to the Organisation.
If at any time you are concerned or have questions about how we might be handling your data, please reach out to our Data Protection Officers at firstname.lastname@example.org
Personal data that Rotageek collects
Things that you create or provide to us
- When you create a Rotageek Account, you or your Organisation provide us with personal information that includes your name, personal/business email, job title, business location, payroll ID, and pay rate. The organisation may provide us with your Date of Birth to ensure you are scheduled according to regulations of the country you are resident in.
- When your account is created, you are provided with a Rotageek username and sent an email to set your Rotageek password. You can also choose to add or remove a phone number and email address.
- When you fill in our online form to contact our sales team, we collect your full name, work email and anything else you tell us about your project, needs and timeline.
Information that we collect as you use Rotageek
- Browser and device data
We collect information about the browsers and devices that you use to access Rotageek services, such as IP address, device type, operating system name and version, device manufacturer and model, and language.
- Usage data
We collect information about your usage of our services. This includes time spent on the Sites, pages visited, links clicked, language preferences and the pages that led or referred you to our Sites.
- Your location information
We collect information about your location via GPS when you use our Time and Attendance service, which helps us offer features such as geofenced Check-In.
Why Rotageek collects data
We use the information that we collect from all our services for the following purposes:
- Provide our products and services
We use your information to deliver Rotageek Services and facilitate the business relationships we have with our Users, such as scheduling staff, receiving notifications about scheduling, leave and swaps and processing timesheets for payroll.
- Maintain and improve Rotageek
We use your information to ensure that our services are working as intended, such as tracking downtime or troubleshooting issues with specific features. We also use your information to make improvements to our services - for example, understanding how you use a feature like the scheduler to make it faster for you to schedule shifts and notify your staff.
- Develop new services
We use the information we collect in existing Rotageek services to help us develop new ones. For example, understanding how people used Rotageek’s original version 1 of our autoscheduling tool, helped us in designing and launching the most recent version 3.
- Measure performance
Rotageek is committed to delivering a resilient and efficient service. We use data for analytics and measurement to understand how Rotageek is used. For example, we analyse data about your use of certain features in order to develop improvements to that feature.
- Communicate with you
We use information we collect, such as your email address, to interact with you directly. We may send you notifications about your schedule updates or shifts that become available via email, SMS or push notification as well as information about our latest updates.
Sharing your information
We do not share you personal information with companies, organisations or individuals outside of Rotageek except in the following cases:
- With your consent
We’ll share Personal Data outside of Rotageek when we have your consent.
- With Organisation administrators
Your organisation administrators will have access to your Rotageek account. They may be able to:
- Access and retain information stored in your account such as your email
- View data and statistics regarding your account such as how many times you’ve logged in and approved schedules
- Suspend or terminate your Rotageek account access
- Receive your Rotageek account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
- Change your Rotageek account password
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing
We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer support, email delivery and SMS delivery.. These service providers may need to access Personal Data to perform their services. We authorise such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America. For a full list of our sub-processors, see here.
- For legal reasons
We will share personal information outside of Rotageek if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Comply with applicable law
- Enforce our contractual rights
- Protect the rights, privacy, safety and property of Rotageek, you or others
- Respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities, which may include authorities outside of your country of residence.
Security and Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organisational, technical and administrative measures designed to protect Personal Data within our organisation against unauthorised access, destruction, loss, alteration or misuse.
Your Personal Data is only accessible to a limited number of Rotageek personnel who need access to the information to perform their duties. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately at email@example.com.
If you are a Rotageek User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your Rotageek account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
We review our information collection, storage and processing practices, including physical security measures, to prevent unauthorised access to our systems.
You have a choice regarding our use and disclosure of your Personal Data:
Opting out of receiving electronic communications from us
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or email firstname.lastname@example.org. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
How you can review, correct or update your personal data
If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by signing in to your Rotageek account or by contacting us.
Your data protection rights
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Rotageek processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that Rotageek rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Rotageek erase your Personal Data in certain circumstances provided by law;
- The right to request that Rotageek restrict the use of your Personal Data in certain circumstances, such as while Rotageek considers another request that you have submitted (including a request that Rotageek make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
In some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes.
We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when you delete something and when copies are deleted from our active and backup systems.
Process for exercising data protection rights
In order to exercise your data protection rights, you may contact Rotageek as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Employee of a Rotageek Organisation, please direct your requests directly to the Organisation. For example, if you are employed or were previously employed by an Organisation using Rotageek as a scheduling provider, and you have a request that is related to the information that you provided, then you should address your request directly to the Organisation.
Use by Minors
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.
Updates to this policy
We update this policy from time to time. We will always indicate the date when the latest changes were published. If changes are significant, we’ll provide a more prominent notice by email.
Links to other websites
We may at times provide links on our Website to third party websites, including without limitation those owned or managed by our partner networks, affiliates or advertisers. These websites have separate privacy policies, and we therefore cannot accept any responsibility for the content. As such, choosing to follow these links is a choice you make at your own risk, and we advise that you check these websites' individual privacy policies before submitting any personal data.
If you have questions, you can contact Rotageek and our Data Protection Officers at email@example.com. And you can contact your local data protection authority (in the UK, this is the Information Commissioner’s Officer) if you have concerns regarding your rights under local law.