Please read the following carefully as it tells you about Routine One Ltd's approach to privacy and the handling of your personal data. You should read this thoroughly and make sure you're happy before using any of Routine One Ltd's services.
| 1
|
UK GDPR Compliance Statement
|
| 1.1
|
The data privacy and security of users of Routine One Ltd's web services is taken very seriously, and this document sets out the ways in which the requirements of the GDPR are complied with.
|
| 2
|
Contact Details
|
| 2.1
|
Please email The Data Controller at info@routine.one if you have any questions, concerns, or actions you wish carried out with regards to the GDPR, and Routine One Ltd’s compliance with it.
|
| 3
|
Background
|
| 3.1
|
In the United Kingdom, The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). It sets out the key principles, rights and obligations for most processing of personal data in the UK.
|
| 4
|
Routine One Ltd and Your Personal Data
|
| 4.1
|
In the context of the GDPR, Personal data is information that relates to an identified or identifiable individual, such as your name. In Routine One Ltd's web services, the following pieces of potentially personal information are collected:
|
| (a)
|
Your name:
Routine One Ltd's web services will ask you for your name in order to be able to address you by your chosen name when using the services, to identify you to your other colleagues also using the services, and to attach to output you or your colleagues may choose to generate (such as PDF Reports). This information does not need to be accurate, and you are at liberty to choose any collection of alphanumeric characters by which you wish to be addressed. For example, if you prefer to use an alias, there will be no detriment to the functionality which you will experience as a Routine One Ltd's web services user.
|
| (b)
|
Your email address:
Routine One Ltd's web services require an email address primarily as a means to correlate the correct the user's details with the user when logging into the service. It can also be used to send notifications to the user, however this functionality can be disabled within the platform.
|
| 4.2
|
Other than the information and purposes for collecting it outlined above, Routine One Ltd's web services do not collect any other personal data. No data processing is undertaken other than that specifically required to provide the functionality outlined above. This is reflected in our Terms and Conditions, for example in section 4.1 under User Data, the following is stated:
|
|
|
"The User hereby grants to the Provider a non-exclusive license to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the User Data
to the extent reasonably required for the performance of the Provider's obligations and the exercise of the Provider's rights under the Agreement.
"
|
| 4.3
|
The first part of this paragraph describes to processes necessary to make a web-based platform function by allowing us on behalf of the user to add, edit and remove from a database the user’s information, and create a PDF containing it on behalf of the user for example. The text in bold makes clear that this is only done for Routine One Ltd (the Provider) to provide the functionality (the performance of our obligations) which we have said we will provide, along with any rights Routine One Ltd has (such as the need to satisfy any statutory obligations).
|
| 4.4
|
Paragraph 4.1 goes on to say:
|
|
|
"The User also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in the Agreement."
|
| 4.5
|
This is necessary as Routine One Ltd does not own any servers itself, and so in order to provide the functionality of the platform we need to be able to pass these rights to a web-hosting company for example. In this regard, Routine One Ltd uses web-hosting companies that are ISO 27001 certified, and is able to facilitate websites being fully compliant with the GDPR by hosting data in centers located in EEA (European Economic Area) countries. Hosting data in an EEA country means that a data transfer between it and the UK is deemed compliant under the GDPR. Have a look here for more information:
ICO.org.uk International Transfers After UK Exit
|
| 4.6
|
For the avoidance of any doubt, the only purpose Routine One Ltd collects personal information is to provide users with the functionality that they or their colleagues have sought by registering to use Routine One Ltd's web services.
|
| 5
|
Legal Basis for Collection
|
| 5.1
|
The GDPR requires anyone processing personal data (such as your name) to have a legal basis for doing so. In the case of Routine One Ltd, the relevant legal basis is that of consent, i.e. the user explicitly gives consent for us to do so, so that we are able to provide the functionality that our web services provide.
|
| 5.2
|
In our case, the consent is given by the individual at the time of registration or initial log-in. As per the requirements, we don’t use any pre-ticked boxes or any other mechanisms which avoid the need for explicit consent to be given. We have made every effort to make clear to a user registering to use Routine One Ltd's web services that that they are explicitly giving consent for us to process their personal information so that we can provide the functionality that our web services provide.
|
| 5.3
|
As our basis is consent, this can also be withdrawn by the individual at any time. Closing your organisation's account or removing a user from it by using the tools provided on our platforms will be taken as an immediate withdrawal of your consent. At this time, any personal information held about the individual will be permanently removed from the servers powering our platforms. If a user is unable to gain access to the platform for whatever reason, they can email us at info@routine.one to request their personal information be removed. We will then do it for you, and confirm to you that it has been done.
|
| 5.4
|
The GDPR asks that we avoid making consent a precondition of a service. In this regard, we only seek your consent as necessary to provide the core functionality of our web services. Where this can be avoided it has been.
|
| 6
|
Individual Rights
|
| 6.1
|
Under data protection law, you have rights including:
|
| (a)
|
Your right to be informed
-
You have the right to be informed about the collection and use of your personal data.
|
|
|
Please see Section 4.
|
| (b)
|
Your right of access
-
You have the right to ask us for copies of your personal information
.
|
|
|
In the case of Routine One Ltd's web services, all personal information held about you is visible by logging into Routine One Ltd's web services using your account details, and navigating to the settings areas of the platform. Routine One Ltd does not collect any personal information that you have not explicitly entered into our platforms, and all of it is visible to you, and can be instantly and permanently edited and deleted by you. If you have any issues obtaining access, the just contact us using the contact details at the top of this document and we will help you to regain access however we can.
|
| (c)
|
Your right to rectification
-
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
|
|
|
As mentioned above, all personal information held about you can be instantly and permanently edited and deleted by you. If there is any information you think is incomplete that you think we are best placed to complete, then by all means contact us using the contact details at the top of this document and we will endeavour to assist wherever possible.
|
| (d)
|
Your right to erasure
-
You have the right to ask us to erase your personal information in certain circumstances.
|
|
|
If for any reason you experience any issues erasing your personal information using the tools available on the platform (such as clicking the ‘delete’ icons found throughout the platform, or closing your account to delete everything), then by all means contact us using the contact details at the top of this document and we will delete anything you ask us to.
|
| (e)
|
Your right to restriction of processing
-
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
|
|
|
Routine One Ltd doesn’t undertake any processing of your person information except that explicitly initiated by you or your colleagues using the tools available on the platform. If however there is any restriction of the processing of your personal information that you feel needs to be discussed with us, then please contact us using the contact details at the top of this document so we can assist.
|
| (f)
|
Your right to object to processing
-
You have the right to object to the processing of your personal information in certain circumstances.
|
|
|
As mentioned previously, Routine One Ltd doesn’t undertake any processing of your person information except that explicitly initiated by you using the tools available on the platform. If however there is any processing of your personal information that you wish to object to, then please contact us using the contact details at the top of this document so we can assist.
|
| (g)
|
Your right to data portability
-
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
|
|
|
As Routine One Ltd only collects your name and email address as part of the operation of our platforms, data portability is not expected to require a specific operation to address. If however there is any personal information that you believe we are able to provide to you, then please contact us using the contact details at the top of this document so we can assist.
|
| (h)
|
Rights related to automated decision making including profiling
|
|
|
Routine One Ltd does not undertake any automated decision making or profiling processes.
|
| 6.2
|
Cost and Timescales
|
|
|
As per the GPDR, you are not required to pay any charge for exercising any of the rights set out above. If you make a request, under the GDPR we have one month to respond to you, but would always endeavour to assist as soon as possible.
|
| 7
|
How to complain
|
| 7.1
|
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this document.
|
| 7.2
|
You can also complain to the ICO if you are unhappy with how we have used your data.
|
|
|
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
|
|
|
Helpline number: 0303 123 1113.
|
|
|
ICO website: https://www.ico.org.uk.
|