Privacy Policy
Welcome to the edays Privacy Policy.
edays, a trading name of edays Absence Management Limited and its affiliated companies, respects your privacy and is committed to protecting your personal data. We aim to comply fully with UK, EU and other applicable data privacy laws around the world where we do business. This Privacy Policy applies to all personal data that we collect, disclose, store, use, and/or process from visitors to our website, prospective customers, our customers and end users of our customers who use our applications.
Keeping the data stored by edays safe is our highest priority and we work hard to ensure we do. We have put in place extensive security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, or third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. The transmission of information via the internet is not completely secure; this risk is not specific to our services and is common across the internet. Unfortunately, we cannot guarantee the security of the transmission of the data to us which is outside our control; any data you send is at your own risk.
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This policy is split into three sections, each describing our practices regarding specific types of data subject
Visitors to our website, marketing/events (prospective customers) and user community members
End Users who use our applications
IMPORTANT INFORMATION AND WHO WE ARE
edays Absence Management Ltd is a company with registered office at 6 Canal Street, Canalside House, Nottingham, NG1 7EH, Nottinghamshire, United Kingdom (company number 09458918). We are registered under the Data Protection Act 2018 in the UK under number ZA194796
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Policy including any requests to exercise your legal rights, please contact the DPO using the details set out below.
CONTACT DETAILS
Our full details are:
Full name of data controller legal entity: edays Absence Management Limited
FAO Data Protection Officer
Email address: dpo@e-days.com
Postal address: 6 Canal Street, Canalside House, Nottingham, NG1 7EH, Nottinghamshire, United Kingdom
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We consider that the ICO would also be the lead supervisory authority for edays since the UK is the place of the majority of our operations. For data protection issues in other countries, you have the right to complain at any time to the supervisory authority for that country. We would always prefer that you come to us to help address any concerns of a privacy nature however before you go to the ICO or other applicable supervisory authority, so please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR INFORMATION
This version was last updated September 2022 and historic versions can be obtained by contacting us. We may from time to time change the Privacy Policy. Any changes we may make in the future will be posted on this page. Please check back frequently to see any such updates or changes. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
THIRD-PARTY LINKS ON OUR WEBSITE OR COMMUNICATIONS
Our website and communications from us may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website or link to third party websites, we encourage you to read the privacy notice of every website you visit.
COOKIES
Our website and services (including some of our service providers) utilise “cookies”, anonymous identifiers, pixels, container tags and other tracking technologies to provide our service and ensure that it performs properly, to analyse our performance and marketing activities, and to personalize your experience. For more information, such cookies and similar files or tags may also be temporarily placed on your device. Certain cookies and other technologies serve to recall personal data, such as an IP address, previously indicated by a user. You do not have to accept cookies on our website – you can reject cookies or select the ones you wish to accept. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly.
GLOSSARY
We use certain terminology in this Policy:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting our DPO.
Contractual necessity means processing your data where it is necessary for the performance of a contract to which you are a party or to take preliminary pre-contractual steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
TYPES OF PERSONAL DATA THAT WE COLLECT
Visitors to our website, marketing/events (prospective customers) and user community members:
Types of personal information we collect:
In this scenario, we are the Controller of the personal data. The type of information we collect includes information that you provide by filling in forms for us, including the website registration form (this information may consist of your name, address, contact details (including email address and mobile phone number), postcode, password, and other data); details of your visits to our website, for example, traffic data, location data (including the country and telephone area code where your computer or access device is located) and the resources that you access (including the pages/areas of our website that you view); and information concerning your marketing preferences. We collect, use and store different types of personal information about you, which we have grouped together as follows:
Type or Personal Data | Description |
Publicly Available Data | Details about you that are publicly available, such as on Companies House |
Marketing Data | Details about your preferences in receiving marketing communications from us |
Consents Data | Any permissions, consents or preferences that you give us |
Usage Data | Information about how you use our website, products and services |
Where we collect your personal information from:
We may collect personal information about you from the following sources:
- Directly from you
- Cookies or tracking tools – see our cookie statement which can be accessed from our website
- Analytics providers, such as Google Analytics
- Third party providers where you have consented to give your personal data
Who we share your information with:
We may share your personal information with the following third parties:
- Our agents and service providers who we use to help us with marketing
- Event organisers (if we are organising an event you are attending)
- The police and other law enforcement agencies if so required
- Relevant regulators, including the Information Commissioner’s Office in the event of a personal data breach
- Other companies owned by edays or within the edays group of companies
- Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business.
We do not sell your data to any third parties.
How we use your personal data:
The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.
What we use your Personal Data for | Our reasons | Our legitimate interests |
To provide you with information you may ask for | Consent Legitimate interests | To fulfil enquires you might make of us |
To allow you to register for updates or for notifications of blog posts or other information on our website or communications | Consent Legitimate interests | To provide you with information that you may request from us |
To allow you to register for events that we may be hosting | Consent Legitimate interests | To hold events, such as seminars, webinars, open days or corporate hospitality to promote our business and its services |
To allow you to register as a member of our user community | Consent Legitimate interests | To operate and develop our user community and the activities of our user community programme |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Legitimate interests | To provide efficient client care and services To ensure that our technology operates efficiently and without error To assess which of our services may be of interest to you and to tell you about them To develop new products and services and improve existing ones |
To manage our relationship with you which will include notifying you about changes to our privacy policy and our website terms and conditions | Legitimate interests Contract performance | To provide efficient client care and services To keep you updated about changes in the legal terms that apply to the use of our website and our policy For record keeping and firm management |
To manage the systems that contain our marketing database To manage marketing preferences and keep our records up to date | Legitimate interests | For data management for marketing and business development purposes To improve our systems and services To seek feedback To seek your consent when we need it to contact you |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Legitimate interests Consent | To improve our marketing strategy and the services that we provide |
Sharing information with third parties – to facilitate data-gathering to improve our educational services, our website, and our marketing efforts. | Legitimate interests | For the purposes of edays’ legitimate business interests such as managing and developing its business |
How long we keep your personal information
Where we use your personal information for marketing purposes, we will retain your personal information for so long as we have your consent to do so (where we use your personal information with your consent in order to send you marketing messages) or, in other cases, for so long as we have a legitimate business or commercial reason to do so (unless you ask us to stop).
Where you withdraw your consent to receiving marketing materials or otherwise ask us to stop marketing, we will add your details to a suppression list which ensures that we remember not to contact you again.
If you withdraw your consent to receiving marketing materials or ask us to stop our marketing activities, we may still communicate with you for other purposes in the normal course of any other relationship we may have with you.
International transfers
We hold personal data within the United Kingdom. We work with agents and service providers who may process your personal information on our behalf outside the UK. If your information is processed outside the UK, we will ensure that it is protected to the same standards as if it were being processed within the UK by putting in place a contract with our agents and service providers that provides adequate safeguards, such as Standard Contractual Clauses or equivalent measures. If you require more information or have any queries, please contact our Data Protection Officer by emailing dpo@e-days.com
Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data processed by us:
- To gain access to your personal data.
- To rectify inaccuracies or where appropriate, given the purposes for which your data is processed, the right to have incomplete data completed.
- To have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required, consent has been withdrawn and/or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest.
- To object to the processing of your personal data for marketing purposes. You may also object when the processing is based on the public interest or other legitimate interests, unless we have compelling legitimate grounds to continue with the processing.
- To restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period.
- To obtain a copy of your data in a commonly used electronic form if the data is processed by automated means and the processing is based on your consent or contractual necessity.
- To not have decisions with legal or similar effects made solely using automated processing, unless certain exceptions apply.
In order to exercise your data subject rights please contact us by email to: dpo@e-days.com
Customers of edays
Types of personal information we collect:
In this scenario, you are the data controller and we are the data processor. We collect, use and store different types of information about your company or organisation and any administrators or representatives appointed by you to manage our services, which we have grouped together as follows:
Types of personal information | Description |
Identity Data | ID information including your primary contacts’ names and titles, |
Contact Data | Your address, email address, phone numbers, fax numbers and any social media details relevant to contact your administrator |
Transactional Data | Details about payments from you and services you purchase from us |
Communications Data | What we learn about you from letters, emails and conversations between us |
Publicly Available Data | Details about you that are publicly available, such as on Companies House or elsewhere |
Consents Data | Any permissions, consents or preferences that you give us |
Usage data | Information about how you use our website, products and services. |
Special category Data | none |
Where we collect your personal information from
We may collect personal information about you from the following sources:
- Directly from you, through your appointed representatives/administrators and when you register for our services
- Publicly available resources, such as Companies House
- Third parties with whom we deal with during the course of carrying on our business
- Market researchers
- Intermediaries with whom you are also a client
- Credit reference agencies and fraud prevention agencies
Who we share your information with
We may share your personal information with the following third parties:
- Agents and service providers that we use during the course of providing services,
- Our professional advisors
- The police and other law enforcement agencies where it is necessary to do so for the purpose of providing you with our services, or where we have a legal or regulatory obligation to do so
- Relevant regulators, including the Information Commissioner’s Office in the event of a personal data breach
- Other companies owned by edays or within the edays group of companies
- Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business.
We do not sell your personal data to any third parties.
How we use your information
The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.
What we use your information for | Our reasons | Our legitimate interests |
To facilitate, operate and provide you with services and fulfil our contractual obligations
To provide you with other products or services that you may acquire from us
To provide advice or guidance about our products or services | Contractual performance
Legal obligation
Legitimate interests | To exercise our rights under contract and provide you with services agreed
To exercise our rights under contract
To keep our records up to date, including your client file |
To monitor, study and analyse the use of our services
To provide customer service and technical support | Legitimate Interest
Contractual performance | Performance of the contract (to the extent applicable)
To provide the agreed services to you |
To run our business in an efficient and proper way. This includes managing financial administration, business capability, planning, communications, corporate governance and audit
To improve our products and services and develop new ones | Contractual performance
Legitimate interests
Consent
Legal obligation | To manage credit control and debt recovery
To bill for the services we provide and deal with funds transfers
For financial reporting and credit checks
To manage complaints and claims
To be efficient about how we manage our relationship with you and fulfil our responsibilities generally
To improve our efficiency and provide clients with new or improved products and service |
For marketing and business development activities, including seeking new business, promoting our business and events management. | Consent
Legitimate interests | To develop our relationship with you and others
To attract new business
To promote our business
To hold events, such as seminars or corporate hospitality to promote our business and its services
To seek your consent if we need it to contact you |
To comply with court orders and applicable laws
Take legal proceedings to protect our IP or enforce contractual commitments
| Legal Obligations
Legitimate Interest
Contractual Performance
| Compliance with the law
Protecting out IP to provide the service
Enforcing the contract terms |
To create aggregated, anonymised and/or pseudonymised data to update and improve our services | Legitimate Interest | Provide improved services and offerings to our customers generally |
If you choose not to give your personal information
If you choose not to give us your personal information, it may delay or prevent us from being able to comply with our legal and contractual obligations. It may also result in us being unable to provide the service you have contracted.
Automated decisions
We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.
How long we keep your personal information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general terms, we will hold certain information for so long as we continue to provide you with products and services and for an additional period of up to 6 years thereafter for legal and accounting purposes but your customer data within the edays application will be removed within 60 days after your contract ends with us. As between edays and the customer, the customer exclusively owns all rights, title and interest in and to all customer data. Customer data is deemed to be your Confidential Information under your agreement with us. edays shall not access your users’ accounts except to respond to service or technical problems; or at your request or as otherwise permitted under applicable data protection laws to allow us to access and process customer data (aggregated and anonymised) for our legitimate interest in developing and improving the services we offer and providing customers with more relevant content and service offerings.
Your rights: Your rights in respect of the personal data we process on your behalf are set out in our agreement with you including rights to be notified of breach, to audit us and other rights set out in applicable data protection laws
International transfers
We hold personal data concerning our customers and their affairs within the United Kingdom. We work with agents and service providers who may process your personal information on our behalf outside the UK. If your information is processed outside the UK, we will ensure that it is protected to the same standards as if it were being processed within the UK by putting in place a contract with our agents and service providers that provides adequate safeguards, such as Standard Contractual Clauses or equivalent measures. If you require more information or have any queries, please contact our Data Protection Officer
End Users who use our application
Types of personal information we collect:
In this scenario, the company or organisation you work for or with (for example as a contractor) has contracted to use our service and is the Data Controller of your personal data (we will call them “your employer” from now on). Our customer (your employer) is responsible for ensuring that it has all applicable rights to process your personal data and to allow us to process your personal data on their behalf and in accordance with their instructions. We receive information from your employer and we also collect information through the edays application in order to manage attendance such as employment dates, working schedule, company team/department/location, leave entitlements, dates, times and reasons for absences from work and overtime worked. Optionally we can also store extended HR information such as Job title, salary, next of kin, home address and contact details. All the data stored within the edays application can be securely accessed from within the application by yourself and your system administrators with the required permission to do so. We may collect, use and store different types of personal information about you, which we have grouped together as follows:
Type or Personal Data | Description |
Service Data | All personal data you or your employer inputs into our application in order to manage absences and other employee services including any sensitive data collected by your employer within the application |
Notifications Data
| Details about your preferences in receiving notifications from us in the service or about the service |
Consents Data
| Any permissions, consents or preferences that you give us |
Usage Data
| Information about how you use our services
|
Special Category Data | Information you input into our system to track your absences such as health data, doctor’s notes, sickness details and so on. |
Where we collect your personal information from:
We may collect personal information about you from the following sources:
- Directly from you or your employer
- Cookies or tracking tools – see our cookie statement which can be accessed from our website
- Analytics providers, such as Google Analytics
- Third party providers where you have consented to give your personal data
Who we share your information with:
We may share your personal information with the following third parties:
- Our agents and service providers who we use to help us with providing the service
- Your employer (including any administrator(s) of the system appointed by them who may have access to your personal data as approved by your employer)
- The police and other law enforcement agencies if so required
- Relevant regulators, including the Information Commissioner’s Office in the event of a personal data breach
We do not sell your data to any third parties.
How we use your information
The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.
What we use your information for | Our reasons | Our legitimate interests |
To facilitate, operate and provide your employer with services and fulfil our contractual obligations to them
To provide your employer with other products or services that they may acquire from us
To provide advice or guidance about our products or services | Contractual performance
Legal obligation
Legitimate interests | To exercise our rights under contract and provide your employer with services agreed
To exercise our rights under contract
To keep our records up to date, including your employer’s client file |
To monitor, study and analyse the use of our services
To provide customer service and technical support to your employer | Legitimate Interest
Contractual performance | Performance of the contract with your employer (to the extent applicable)
To provide the agreed services to your employer |
To improve our products and services and develop new ones | Legitimate interests | To manage complaints and claims
To be efficient about how we manage our relationship with your employer and fulfil our responsibilities to them generally
To improve our efficiency and provide clients with new or improved products and service |
To comply with court orders and applicable laws
Take legal proceedings to protect our IP or enforce contractual commitments
| Legal Obligations
Legitimate Interest
Contractual Performance
| Compliance with the law
Protecting out IP to provide the service
Enforcing the contract terms |
To create aggregated, anonymised and/or pseudonymised data to update and improve our services | Legitimate Interest | Provide improved services and offerings to our customers generally |
Automated decisions
We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements. In general terms, we will hold your personal data for so long as we continue to provide your employer with services and your personal data within the edays application will be removed within 60 days after your employer’s contract ends with us. edays will not access your end user account, except to respond to service or technical problems; or at your employer’s request or as otherwise permitted under applicable data protection laws to allow us to access and process personal data (aggregated and anonymised) for our legitimate interest in developing and improving the Services and providing customers with more relevant content and service offerings.
Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data processed by us:
- To gain access to your personal data.
- To rectify inaccuracies or where appropriate, given the purposes for which your data is processed, the right to have incomplete data completed.
- To have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required, consent has been withdrawn and/or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest.
- To object to the processing of your personal data for marketing purposes. You may also object when the processing is based on the public interest or other legitimate interests, unless we have compelling legitimate grounds to continue with the processing.
- To restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period.
- To obtain a copy of your data in a commonly used electronic form if the data is processed by automated means and the processing is based on your consent or contractual necessity.
- To not have decisions with legal or similar effects made solely using automated processing, unless certain exceptions apply.
In the first instance, as Data Controller, it is the responsibility of your employer to deal with any requests to exercise your data subject rights. Accordingly, please direct all such requests to your employer. If we receive such a request, we will forward it to your employer to deal with as we can only take actions with their specific instructions.
International transfers
As a global company, we hold your personal data within the United Kingdom. We do work with agents and service providers who may process your personal information on our behalf outside the UK. If your information is processed outside the UK, we will ensure that it is protected to the same standards as if it were being processed within the UK by putting in place a contract with our agents and service providers that provides adequate safeguards, such as Standard Contractual Clauses or equivalent measures.
If you require more information or have any queries, please contact our Data Protection Officer.
If we are unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the UK Information Commissioner’s Office. Full details may be accessed on the complaints section of the ICO’s website