← Back to Home

Privacy Policy

Last Updated: January 2025

1. Introduction

RosterIQ ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workforce management software and services (the "Service") operated by RosterIQ, accessible at rosteriq.co.uk.

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all users of our Service, including care home managers, staff members, and visitors to our website.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when:

• Creating an Account: Name, email address, phone number, care home name, role
• Using the Service: Staff information, shift schedules, leave requests, attendance records, qualifications, and other workforce data
• Contacting Us: Information provided in support requests, demo requests, or other communications
• Payment Information: Billing details (processed securely through payment processors, we do not store full card details)

2.2 Information Automatically Collected

• Usage Data: How you interact with our Service, pages visited, features used
• Device Information: Device type, operating system, browser type, IP address
• Location Data: General location based on IP address (for security and compliance purposes)
• Cookies and Tracking: See our Cookie Policy for details

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Service
• Process your account registration and manage your subscription
• Generate and optimize staff schedules using AI algorithms
• Ensure CQC compliance and generate compliance reports
• Send notifications via WhatsApp, email, or push notifications
• Provide customer support and respond to your inquiries
• Process payments and manage billing
• Improve, personalize, and enhance our Service
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and protect our rights

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide the Service you have subscribed to
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Consent: Where you have given clear consent (e.g., marketing communications)
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interests: To protect health and safety in care home environments

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (e.g., cloud hosting, payment processing, email services) - all bound by strict confidentiality agreements
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law, court order, or regulatory authority
• Safety and Security: To protect the rights, property, or safety of RosterIQ, our users, or others
• With Your Consent: When you have explicitly agreed to the sharing

International Transfers: Your data is primarily stored in the UK/EU. Any transfers outside the UK/EU are protected by appropriate safeguards (e.g., Standard Contractual Clauses) as required by UK GDPR.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (SSL/TLS) and at rest
• Secure access controls and authentication
• Regular security audits and assessments
• Employee training on data protection
• Backup and disaster recovery procedures
• Monitoring for security breaches and incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 7 years after closure (for legal/compliance purposes)
• Workforce Data: Retained while your subscription is active and for 7 years after termination (for audit/compliance)
• Marketing Data: Retained until you opt out or request deletion
• Support Communications: Retained for 3 years after last contact

We may retain certain data longer if required by law or for legitimate business purposes (e.g., legal claims, compliance audits).

8. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Request human review of automated decisions (e.g., AI scheduling)
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at jay@rosteriq.co.uk. We will respond within one month (may be extended by two months for complex requests).

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. For detailed information, please see our Cookie Policy.

11. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services (e.g., WhatsApp via Twilio, payment processors). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Notifying you via email (for material changes)

You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

RosterIQ
Email: jay@rosteriq.co.uk
Website: rosteriq.co.uk

14. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113