eyworks Privacy Policy

PRIVACY AT A GLANCE

We believe privacy should be easy to understand.
  • We only collect personal information necessary to provide and improve our services.
  • We process children’s information only on behalf of authorised childcare providers and educational organisations.
  • We never sell personal information.
  • Customer data is hosted securely within the United Kingdom.
  • We use encryption, access controls, monitoring, and regular security testing to protect information.
  • We work with carefully selected service providers who are required to protect personal information.
  • You can exercise your privacy rights at any time.
  • If you have questions about privacy, please contact us at dpo@eyworks.co.uk.

INTRODUCTION

At eyworks Limited, we are committed to protecting the privacy, security, and confidentiality of the personal information entrusted to us.
This Privacy Notice explains:
  • What information we collect
  • How we use it
  • Who we share it with
  • How we protect it
  • Your privacy rights
This notice applies to visitors to our websites, customers, suppliers, business contacts, and users of our products and services.

For detailed information about our processing activities, third-party suppliers, legal bases, and security controls, please refer to our Full Privacy Policy.

WHO WE ARE

eyworks Limited is the data controller responsible for the personal information described in this Privacy Notice.

Address
Acorn House
381 Midsummer Boulevard
Milton Keynes
United Kingdom

Data Protection Officer
Rachit Chawla

Contact
dpo@eyworks.co.uk

WHAT INFORMATION WE COLLECT

Depending on how you interact with us, we may collect the following types of information.

Contact Information

  • Name
  • Email address
  • Telephone number
  • Job title
  • Organisation name
  • Postal address

Account Information

  • User account details
  • Login credentials
  • Subscription information
  • Customer account records

Technical Information

  • IP address
  • Browser type
  • Device information
  • Website usage information
  • Application activity logs

Communications

  • Support requests
  • Customer service enquiries
  • Emails and correspondence
  • Meeting recordings where appropriate

Financial Information

Where required for billing and payment processing:
  • Billing details
  • Transaction records
  • Payment information processed by authorised payment providers
We do not store full payment card details directly.

UNDERSTANDING OUR ROLE

Data Controller vs Data Processor

Depending on how our services are used, Eyworks may act as either a Data Controller or a Data Processor.
  • When we collect information directly through our website, marketing activities, customer support interactions, or supplier relationships, Eyworks acts as the Data Controller and determines how that information is used.
  • When nurseries, childcare providers, or early years organisations use our software to manage children’s records, parent information, attendance, observations, and related data, those organisations act as the Data Controller and Eyworks acts as the Data Processor.
As a Data Processor, we only process information in accordance with our customers’ instructions, contractual obligations, and applicable data protection laws.

CHILDREN’S DATA

As explained above, when nurseries, childcare providers and early years organisations use our software, they act as the Data Controller and determine what information is collected and how it is used. In these circumstances, eyworks acts as a Data Processor on their behalf.
Our customers may choose to store information relating to children and their families within our systems, including:
  • Name
  • Date of birth
  • Attendance information
  • Development records
  • Educational information
  • Photographs and videos
  • Parent and guardian details
  • Medical, dietary, allergy, and welfare information where required by the nursery or childcare provider

We recognise that children’s personal information requires additional care and protection. We process children’s information only:

  • To provide our services to authorised customers
  • In accordance with customer instructions
  • Under appropriate contractual safeguards
  • Using strict security controls and access restrictions
We do not use children’s information for advertising purposes and we do not sell children’s personal information.
Where special category information is processed, such as health or welfare information, additional safeguards are applied to protect confidentiality and security.

HOW WE USE INFORMATION

We use personal information to:

Deliver Our Services

  • Create and manage accounts
  • Provide software and services
  • Deliver customer support
  • Process payments and subscriptions

Communicate With You

  • Respond to enquiries
  • Provide service updates
  • Notify users about important operational changes

Improve Our Products

  • Monitor performance and reliability
  • Investigate issues and bugs
  • Develop and improve features
  • Analyse service usage trends

Meet Legal Obligations

  • Accounting and taxation requirements
  • Fraud prevention
  • Security monitoring
  • Regulatory compliance

Marketing

Where permitted by law, we may send information about products, services, events, or updates.

You may unsubscribe from marketing communications at any time.

OUR LEGAL BASIS FOR PROCESSING

We process personal information using one or more of the following lawful bases:

Contract

Where processing is necessary to provide products or services requested by you or your organisation

Legitimate Interests

Where processing is necessary to operate, improve, secure, and develop our business and services.

Legal Obligation

Where processing is necessary to comply with legal or regulatory requirements.

Consent

Where you have provided clear consent for a specific purpose.

WHO WE SHARE INFORMATION WITH

We only share personal information where necessary to operate our services and meet our legal obligations.
  • Cloud hosting
  • Payment processing
  • Email delivery
  • Customer support services
  • Analytics
  • Security and monitoring services
Examples include:
  • Amazon Web Services (AWS)
  • Stripe
  • Google Analytics
  • Mailchimp
  • Zoom
All third-party providers are contractually required to protect personal information and only process it for authorised purposes.
We do not sell personal information.

INTERNATIONAL TRANSFERS

Some of our suppliers may process information outside the United Kingdom. Where this occurs, we implement appropriate safeguards including:
  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses
  • Transfers to countries recognised as providing adequate protection
These safeguards help ensure personal information receives an appropriate level of protection wherever it is processed.

COOKIES AND SIMILAR TECHNOLOGIES

Our websites use cookies and similar technologies to:
  • Ensure our websites function correctly
  • Improve website performance and usability
  • Analyse visitor behaviour and usage trends
  • Support security and fraud prevention measures
  • Remember user preferences where appropriate
You can manage cookie preferences through your browser settings or through any cookie management tools made available on our websites.
For more information about the cookies we use and how to manage them, please refer to our Cookie Policy.

HOW LONG WE KEEP INFORMATION

We retain personal information only for as long as necessary to provide our services, fulfil contractual obligations, meet legal requirements, resolve disputes, and protect our legitimate business interests.
The retention period depends on the type of information and the purpose for which it was collected.
Information Type Typical Retention Period
Customer account information Duration of the customer relationship plus up to 7 years
Customer support enquiries Up to 3 years after closure
Marketing contacts Until consent is withdrawn or after 2 years of inactivity
Website analytics data Up to 26 months
Financial and transaction records 7 years
Supplier records Duration of relationship plus up to 7 years
Employee records In accordance with employment and legal requirements
System logs and security records Typically between 12 and 24 months
Children’s records stored by customers In accordance with customer instructions and applicable regulations
Backups In accordance with our backup retention schedule

Customer Data and Children's Records

Eyworks primarily acts as a Data Processor for customer data stored within our systems. The retention period for children’s records, parent information, observations, attendance data, and related information is determined by the nursery, childcare provider, or organisation acting as the Data Controller.
We process and retain this information only in accordance with our customers’ instructions and contractual obligations.
When personal information is no longer required, it is securely deleted or anonymised in accordance with our retention and disposal procedures.

SECURITY AND COMPLIANCE

Protecting children’s data, family information, and nursery records is one of our highest priorities.

Security Measures

Our security controls include:
  • Encryption of data in transit using HTTPS and SSL/TLS
  • Secure cloud hosting infrastructure
  • Role-based access controls
  • Multi-factor authentication
  • Security monitoring and logging
  • Automated backups and disaster recovery procedures
  • Regular vulnerability scanning
  • Independent penetration testing
  • Staff security and data protection training
Access to customer information is restricted to authorised users and controlled through permissions based on business need.

Hosting and Data Storage

Our platform is hosted using Amazon Web Services (AWS), with customer data stored within the United Kingdom.
Our infrastructure is designed to provide high levels of availability, resilience, and security, with secure backup and disaster recovery processes in place.

Compliance

We are committed to maintaining compliance with applicable data protection and privacy legislation, including:
  • UK GDPR
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
To support these obligations, we maintain documented policies, procedures, technical controls, and contractual safeguards designed to protect personal information throughout its lifecycle.
Our compliance activities include:
  • Data Protection Impact Assessments (DPIAs) where appropriate
  • Supplier due diligence and contractual reviews
  • Regular policy and procedure reviews
  • Staff privacy and security training
  • Incident response and breach management procedures
  • Ongoing monitoring of regulatory developments and industry best practices

We also provide customers with a Data Processing Agreement (DPA) that clearly defines how personal information is processed on their behalf and the responsibilities of both parties.

Certifications and Standards

Our commitment to information security includes recognised certifications and industry best practices.
  • Cyber Essentials Plus Certification
  • Regular independent penetration testing
Our cloud infrastructure provider AWS also maintains internationally recognised certifications, including:
  • ISO 27001
  • ISO 27017
  • ISO 27018

Artificial Intelligence (AI)

We may use AI-powered tools to support productivity, service delivery, and business operations.
Where personal information is processed by AI-powered systems, appropriate safeguards are applied to ensure security, confidentiality, and compliance with applicable data protection laws.
We do not use customer data to train public AI models unless expressly authorised.

YOUR RIGHTS

Depending on your circumstances, you may have the right to:
  • Access your personal information
  • Correct inaccurate information
  • Request deletion of information
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where consent is the legal basis for processing
To exercise any of these rights, please contact us using the details below.

COMPLAINTS

If you have concerns about how we process your personal information, please contact us first so that we can try to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

CONTACT US

If you have any questions about this Privacy Notice or how we process personal information, please contact:

eyworks Limited

Data Protection Officer: Rachit Chawla

REVIEWS AND UPDATES

We may update this Privacy Notice from time to time to reflect changes in our services, legal obligations, technology, or business practices.
Any material changes will be published on this page and, where appropriate, communicated directly to customers.

Last Updated: June 2026

Next Scheduled Review: June 2027

We encourage users to review this Privacy Notice periodically to remain informed about how personal information is protected and managed.

RELATED DOCUMENTS

For additional information, please refer to:

These documents provide further information about our services, data processing practices, security measures, and compliance commitments

Learn more about how we help your team work.

Take your first steps today.

Scroll to Top