RG Childcare – Carer Privacy Policy

To be able to administer the RG Childcare scheme, Reward Gateway UK Ltd (“we”, “us” or “our”) will need to process personal data about you as a Carer. This privacy policy (“Policy”) explains how we process personal data about you for the purpose of administering the RG Childcare scheme.

We will be the data controller of your personal data which you provide to us or which is collected by us about you when you participate in the RG Childcare scheme. This means that we are responsible for deciding how we hold and use personal data about you and that we are required to notify you of the information contained in this Policy.

This Policy only applies to our use of ‘personal data’ about ‘data subjects’ (as defined by data protection law) which includes personal data relating to carers who are sole traders, non-limited partnerships and, where a carer is a limited company, corporate contacts at that limited company.

It is important that you read this Policy so that you are aware of how and why we are using your personal data and how we will treat it.

We have appointed a Data Protection Team, who can be contacted using the details at the end of this Notice should you have any questions, complaints or feedback about your privacy.

Ensuring The Lawful Use Of Your Personal Data

We will only use your personal data where we have a lawful basis to use it. We will usually only use your data:

Where it is necessary for us to take steps to enter into and/or perform our contract with you (for example, to register you on our carers database).
In a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, if a complaint is raised, we may use your contact details to get in touch with you to discuss and resolve that complaint. Please contact us using the details below if you would like further information about this.
To comply with our legal obligations. For example, we are under a legal obligation to check your status as a registered Carer before adding you to our database.

Further details of how we will use your personal data are provided below.

Personal Data We Process About You

The table below provides some examples of the information we collect about you and how we use it.

The personal data we collect from you	How we use it	The lawful basis
We will collect the personal data needed to identify you or the company you work for, such as your company name and address. We will also collect your contact details, such as your email address, telephone number, and address.	To register you on our database of carers.	To enter into and perform our contract with you.
	To administer the RG Childcare scheme, for example, by contacting you in relation to the scheme and in relation to reimbursing you for Childcare Vouchers provided.	To enter into and perform our contract with you.
	To deal with any complaints, concerns or issues raised.	Legitimate business purposes.
	To check your registered status as a carer.	To fulfil our legal obligation under HMRC E18, click here [LINK] for more details.
Copies of your regulatory body certificates.	To check your registered status as a carer.	To fulfil our legal obligation under HMRC E18, click here [LINK] for more details.
Your bank account details and details of the amounts owed/paid to you.	To reimburse you for Childcare Vouchers provided and for internal record keeping purposes.	To enter into and perform our contract with you and for legitimate business purposes.
Details of any complaints, concerns or issues raised.	To deal with such complaints, concerns or issues raised.	Legitimate business purposes.
Any information provided by you when you communicate with us by telephone, email or any other method.	To administer the RG Childcare scheme, to deal with any concerns or issues raised and for our internal record keeping purposes.	To enter into and perform our contract with you and for legitimate business purposes.

You don’t have to give us any of this personal data but, if you don’t provide us with the information identified in the relevant sections above, we will not be able to register you on our Carers database or reimburse you for Childcare Vouchers.

Automated Decision Making

We do not carry out any solely automated decision-making using the information we hold about you.

Change of Purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and permitted under data protection laws. If we need to use your personal data for an unrelated purpose, in most cases we will notify you and we will explain the legal basis which allows us to do so.

Disclosure Of Your Personal Data

Our database of carers is accessible by all of our clients and their employees who use Childcare services provided by Reward Gateway (UK) Ltd.. Therefore, if you register on our database of carers, the name and address you supply will be accessible by our clients and their employees who use Reward Gateway (UK) Ltd service, for the purpose of allowing employees to decide whether to take Childcare services from you.

We use service providers to help us to administer the RG Childcare scheme, such as data storage providers and telephony providers. Further details of the service providers that we share your data with are:

Google Analytics, our web analytics provider.
Hubsoft, our lead generation provider.
Formstack, our data collection provider.
The Bunker, our hosting provider.
Salesforce, our customer and prospect record management system provider.

We also share personal data with the following members of our group for the purposes of administering the RG Childcare scheme and managing our business: RG Engagement Group Ltd, Reward Gateway Pty Ltd, Reward Gateway (USA) Inc, Reward Gateway (UK) Ltd Branch, SEO Reward Gateway DOOEL Skopje, International Benefits Holdings Ltd., and Asperity Employee Benefits Group Ltd.

When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.

We will also disclose your personal data to third parties:

In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
And/or, we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of us, our users, customers, and providers. This will include sharing your information as part of a legal or official investigation if legally required to do so.

International Transfers Of Your Personal Data

A number of our service providers are based in and may access your personal data from, the US which is outside of the EU and therefore not governed by European data protection laws. However, these service providers (namely Google LLC, Hubspot, Formstack) are certified under the EU-U.S. Privacy Shield Framework which means they are required to protect your personal data in accordance with the Privacy Shield Framework¹.

You can view their certifications at www.privacyshield.gov.

Retention of Your Personal Data

Unless we need to keep your data for legal purposes (such as for tax or audit purposes or in relation to a legal claim), we will only retain your personal data for 60 days from the end of your contractual relationship with us or, if earlier, for 2 years after your last activity on the RG Childcare scheme. After this point, you will need to re-register if you wish to begin participating in the RG Childcare scheme again.

Protection Of Your Personal Data

We have implemented appropriate technology safeguards, security policies and other measures to protect data under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction or accidental loss. These include being ISO 27001 certified, implementing suitable access controls, and ensuring that encryption and hashing are used and robust physical security controls are in place. We also protect your information by requiring that all our employees who have access to or are associated with the processing of your data to respect your confidentiality.

Your Rights

Data protection laws provide you with the following rights to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Request the restriction of processing of your personal data, for example, if you want to establish its accuracy or the reason for processing it.
Obtain a copy of the personal data you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.

You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.

Changes to Our Policy

If we decide to change our Policy we will post the changes here and, where appropriate, notify you by email. Please check back frequently to see any updates or changes to our Policy.

Contacting Us

If you have any queries, comments or requests regarding this Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:

By email at privacy-requests@rewardgateway.net.
By post at Reward Gateway (UK) Ltd, 265 Tottenham Court Road, London, W1T 7RQ.

¹Article 46 of the GDPR