eyworks Privacy Policy
PRIVACY AT A GLANCE
- We only collect personal information necessary to provide and improve our services.
- We process children’s information only on behalf of authorised childcare providers and educational organisations.
- We never sell personal information.
- Customer data is hosted securely within the United Kingdom.
- We use encryption, access controls, monitoring, and regular security testing to protect information.
- We work with carefully selected service providers who are required to protect personal information.
- You can exercise your privacy rights at any time.
- If you have questions about privacy, please contact us at dpo@eyworks.co.uk.
INTRODUCTION
- What information we collect
- How we use it
- Who we share it with
- How we protect it
- Your privacy rights
For detailed information about our processing activities, third-party suppliers, legal bases, and security controls, please refer to our Full Privacy Policy.
WHO WE ARE
Address
Acorn House
381 Midsummer Boulevard
Milton Keynes
United Kingdom
Data Protection Officer
Rachit Chawla
Contact
dpo@eyworks.co.uk
WHAT INFORMATION WE COLLECT
Contact Information
- Name
- Email address
- Telephone number
- Job title
- Organisation name
- Postal address
Account Information
- User account details
- Login credentials
- Subscription information
- Customer account records
Technical Information
- IP address
- Browser type
- Device information
- Website usage information
- Application activity logs
Communications
- Support requests
- Customer service enquiries
- Emails and correspondence
- Meeting recordings where appropriate
Financial Information
- Billing details
- Transaction records
- Payment information processed by authorised payment providers
UNDERSTANDING OUR ROLE
Data Controller vs Data Processor
- When we collect information directly through our website, marketing activities, customer support interactions, or supplier relationships, Eyworks acts as the Data Controller and determines how that information is used.
- When nurseries, childcare providers, or early years organisations use our software to manage children’s records, parent information, attendance, observations, and related data, those organisations act as the Data Controller and Eyworks acts as the Data Processor.
CHILDREN’S DATA
- Name
- Date of birth
- Attendance information
- Development records
- Educational information
- Photographs and videos
- Parent and guardian details
- Medical, dietary, allergy, and welfare information where required by the nursery or childcare provider
We recognise that children’s personal information requires additional care and protection. We process children’s information only:
- To provide our services to authorised customers
- In accordance with customer instructions
- Under appropriate contractual safeguards
- Using strict security controls and access restrictions
HOW WE USE INFORMATION
Deliver Our Services
- Create and manage accounts
- Provide software and services
- Deliver customer support
- Process payments and subscriptions
Communicate With You
- Respond to enquiries
- Provide service updates
- Notify users about important operational changes
Improve Our Products
- Monitor performance and reliability
- Investigate issues and bugs
- Develop and improve features
- Analyse service usage trends
Meet Legal Obligations
- Accounting and taxation requirements
- Fraud prevention
- Security monitoring
- Regulatory compliance
Marketing
You may unsubscribe from marketing communications at any time.
OUR LEGAL BASIS FOR PROCESSING
Contract
Legitimate Interests
Legal Obligation
Consent
WHO WE SHARE INFORMATION WITH
- Cloud hosting
- Payment processing
- Email delivery
- Customer support services
- Analytics
- Security and monitoring services
- Amazon Web Services (AWS)
- Stripe
- Google Analytics
- Mailchimp
- Zoom
INTERNATIONAL TRANSFERS
- UK International Data Transfer Agreements (IDTA)
- Standard Contractual Clauses
- Transfers to countries recognised as providing adequate protection
COOKIES AND SIMILAR TECHNOLOGIES
- Ensure our websites function correctly
- Improve website performance and usability
- Analyse visitor behaviour and usage trends
- Support security and fraud prevention measures
- Remember user preferences where appropriate
HOW LONG WE KEEP INFORMATION
| Information Type | Typical Retention Period |
|---|---|
| Customer account information | Duration of the customer relationship plus up to 7 years |
| Customer support enquiries | Up to 3 years after closure |
| Marketing contacts | Until consent is withdrawn or after 2 years of inactivity |
| Website analytics data | Up to 26 months |
| Financial and transaction records | 7 years |
| Supplier records | Duration of relationship plus up to 7 years |
| Employee records | In accordance with employment and legal requirements |
| System logs and security records | Typically between 12 and 24 months |
| Children’s records stored by customers | In accordance with customer instructions and applicable regulations |
| Backups | In accordance with our backup retention schedule |
Customer Data and Children's Records
SECURITY AND COMPLIANCE
Security Measures
- Encryption of data in transit using HTTPS and SSL/TLS
- Secure cloud hosting infrastructure
- Role-based access controls
- Multi-factor authentication
- Security monitoring and logging
- Automated backups and disaster recovery procedures
- Regular vulnerability scanning
- Independent penetration testing
- Staff security and data protection training
Hosting and Data Storage
Compliance
- UK GDPR
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
- Data Protection Impact Assessments (DPIAs) where appropriate
- Supplier due diligence and contractual reviews
- Regular policy and procedure reviews
- Staff privacy and security training
- Incident response and breach management procedures
- Ongoing monitoring of regulatory developments and industry best practices
We also provide customers with a Data Processing Agreement (DPA) that clearly defines how personal information is processed on their behalf and the responsibilities of both parties.
Certifications and Standards
- Cyber Essentials Plus Certification
- Regular independent penetration testing
- ISO 27001
- ISO 27017
- ISO 27018
Artificial Intelligence (AI)
YOUR RIGHTS
- Access your personal information
- Correct inaccurate information
- Request deletion of information
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent where consent is the legal basis for processing
COMPLAINTS
CONTACT US
eyworks Limited
Email: dpo@eyworks.co.uk
Data Protection Officer: Rachit Chawla
REVIEWS AND UPDATES
Last Updated: June 2026
Next Scheduled Review: June 2027
RELATED DOCUMENTS
These documents provide further information about our services, data processing practices, security measures, and compliance commitments