DPA

GDPR Data Processing Agreement (DPA)

GDPR Data Processing Agreement (DPA)

(hereinafter ā€œAgreementā€)

Concluded by and between

The Customer

(hereinafter ā€œCustomerā€ or ā€œData Controllerā€)

And

Cheqdin Childcare Software

(Cheqdin is the Trading name of Databotix Limited)

6 International Avenue, Cirrus Building,

ABZ Business Park, Dyce, Aberdeen, AB21 0BH, United Kingdom

Telephone: +44 333 987 4252, Website: https://cheqdin.com, Email: security@cheqdin.com

(hereinafter ā€œCheqdin Childcare Softwareā€ or ā€œCheqdinā€ or ā€œData Processorā€) on the processing of personal data on behalf of a controller in accordance with Article 28 (3) of the EU General Data Protection Regulation (GDPR) (hereinafter ā€œData Processing Agreementā€).

Preamble

This annex details the partiesā€™ obligations on the protection of personal data, associated with the processing of personal data on behalf of the Customer as a data controller, and described in detail in the Terms of use (hereinafter, the ā€œAgreementā€). Its regulations shall apply to any and all activities associated with the Agreement, in whose scope Cheqdinā€™s employees or agents process the Customerā€™s personal data (hereinafter, ā€œDataā€) on behalf of the Customer as a controller (hereinafter, ā€œContract Processingā€).

1. Scope, Duration and Specification of Contract Processing of Data

The scope and duration and the detailed stipulations on the type and purpose of Contract Processing shall be governed by the Agreement. Speciļ¬cally, Contract Processing shall include, but not be limited to, the following Data:

Except where this annex stipulates obligations beyond the term of the Agreement, the term of this annex shall be the term of the Agreement.

2. Scope of Application and Responsibilities

2.1 Cheqdin shall process Data on behalf of the Customer. Such Contract Processing shall include all activities detailed in the Agreement. Within the scope of this annex, the Customer shall be solely responsible for compliance with the applicable statutory requirements on data protection, including, but not limited to, the lawfulness of disclosing Data to Cheqdin and the lawfulness of having Data processed on behalf of the Customer. the Customer shall be the controller in accordance with Article 4 no. 7 of the GDPR.

2.2 The Customerā€™s individual instructions on Contract Processing shall, initially, be as detailed in the Agreement. The Customer shall, subsequently, be entitled to, in writing or in a machine-readable format (in text form), modifying, amending or replacing such individual instructions by issuing such instructions to the point of contact designated by Cheqdin. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes to the Agreement. The Customer shall, without undue delay, conļ¬rm in writing or in text form any instruction issued orally.

3. Cheqdinā€™s Obligations

3.1 Except where expressly permitted by Article 28 (3)(a) of the GDPR, Cheqdin shall process data subjectsā€™ data only within the scope of the Agreement and the instructions issued by the Customer. Where Cheqdin believes that an instruction would be in breach of applicable law, Cheqdin shall notify the Customer of such belief without undue delay. Cheqdin shall be entitled to suspending performance on such instruction until the Customer conļ¬rms or modiļ¬es such instruction.

3.2 Cheqdin shall, within Cheqdinā€™s scope of responsibility, organise Cheqdinā€™s internal organization so it satisļ¬es the speciļ¬c requirements of data protection. Cheqdin shall implement technical and organisational measures to ensure the adequate protection of the Customerā€™s Data, which measures shall fulļ¬l the requirements of the GDPR and speciļ¬cally its Article 32. Cheqdin shall implement technical and organisational measures and safeguards that ensure ongoing conļ¬dentiality, integrity, availability and resilience of processing systems and services. the Customer is familiar with these technical and organisational measures, and it shall be the Customerā€™s responsibility that such measures ensure a level of security appropriate to the risk. Cheqdin reserves the right to modify the measures and safeguards implemented, provided, however, that the level of security shall not be less protective than initially agreed upon.

3.3 Cheqdin shall support the Customer, to the extent reasonably possible for Cheqdin and only where the Customer cannot do so without Cheqdinā€™s assistance, in fulļ¬lling data subjectsā€™ requests and claims, as detailed in chapter III of the GDPR and in fulļ¬lling the obligations enumerated in Articles 33 to 36 of the GDPR (provided that this support does not result in any breach of Cheqdinā€™s conļ¬dentiality obligations towards third parties).

3.4 Cheqdin warrants that all employees involved in Contract Processing of the Customerā€™s Data and other such persons as may be involved in Contract Processing within Cheqdinā€™s scope of responsibility shall be prohibited from processing Data outside the scope of the instructions. Furthermore, Cheqdin warrants that any person entitled to process Data on behalf of Controller has undertaken a commitment to secrecy or is subject to an appropriate statutory obligation to secrecy. All such secrecy obligations shall survive the termination or expiration of such Contract Processing.

3.5 Cheqdin shall notify the Customer, without undue delay, if Cheqdin becomes aware of breaches of the protection of personal data within Cheqdinā€™s scope of responsibility. Cheqdin shall implement the measures necessary for securing Data and for mitigating potential negative consequences for the data subject; the Cheqdin shall coordinate such efforts with the Customer without undue delay.

3.6 Cheqdin shall notify to the Customer the point of contact for any issues related to data protection arising out of or in connection with the Agreement.

3.7 Cheqdin warrants that Cheqdin fulļ¬lls its obligations under Article 32 (1)(d) of the GDPR to implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

3.8 Cheqdin shall correct or erase Data if so, instructed by the Customer and where covered by the scope of the instructions permissible. Where an erasure, consistent with data protection requirements, or a corresponding restriction of processing is impossible, Cheqdin shall, based on the Customerā€™s instructions, and unless agreed upon differently in the Agreement, destroy, in compliance with data protection requirements, all carrier media and other material or return the same to the Customer. In speciļ¬c cases designated by the Customer, such Data shall be stored or handed over. The associated remuneration and protective measures shall be agreed upon separately, unless already agreed upon in the Agreement.

3.9 Cheqdin shall, upon termination of Contract Processing and upon the Customerā€™s instruction, return all Data, carrier media and other materials to the Customer or delete the same. In case of testing and discarded material no instruction shall be required. The Customer shall bear any extra cost caused by deviating requirements in returning or deleting data.

3.10 Where a data subject asserts any claims against the Customer in accordance with Article 82 of the GDPR, Cheqdin shall support the Customer in defending against such claims, where possible.

4. The Customerā€™s Obligations

4.1 The Customer shall notify Cheqdin, without undue delay, and comprehensively, of any defect or irregularity with regards to provisions on data protection detected by the Customer in the results of Cheqdinā€™s work.

4.2 Section 3 para. 10 above shall apply, mutatis mutandis, to claims asserted by data subjects against Cheqdin in accordance with Article 82 of the GDPR.

4.3 The Customer shall notify to Cheqdin the point of contact for any issues related to data protection arising out of or in connection with the Agreement.

5. Enquiries by Data Subjects

5.1 Where a data subject asserts claims for rectiļ¬cation, erasure or access against Cheqdin, and where Cheqdin is able to correlate the data subject to the Customer, based on the information provided by the data subject, Cheqdin shall refer such data subject to the Customer. Cheqdin shall forward the data subjectā€™s claim to the Customer without undue delay.

Cheqdin shall support the Customer, where possible, and based upon The Customerā€™s instruction insofar as agreed upon. Cheqdin shall not be liable in cases where the Customer fails to respond to the data subjectā€™s request in total, correctly, or in a timely manner.

6. Audits and Documentation

6.1 Cheqdin will on a regular basis audit the security of the computers and computing environment that it uses in processing the Customerā€™s personal data when performing the services under the Agreement. Cheqdin shall document Cheqdinā€™s compliance with the technical and organizational measures agreed upon in this Data Processing Agreement by appropriate measures.

6.2 If the Customer requests in writing, Cheqdin will provide the Customer with a conļ¬dential summary of the results of this audit (ā€œSummary Reportā€) so that the Customer can reasonably verify Cheqdinā€™s compliance with the security obligations under this Data Processing Agreement. The Summary Report is Cheqdinā€™s conļ¬dential information.

6.3 The Customer agrees to exercise its audit right by instructing Cheqdin to execute the audit as described in sections 6.2 of this Data Processing Agreement. If the Customer reasonably concludes that an onsite audit is necessary to monitor the compliance with the technical and organisational measures in an individual case, the Customer shall also have the right to carry out respective onsite inspections in individual cases or to have them carried out by an auditor (that is no competitor of Cheqdin) provided that such audits and inspections will be conducted (i) during regular business hours, and (ii) without interfering with Cheqdinā€™ business operations, (iii) upon prior notice (observing an appropriate notice period) and further consultation with Cheqdin, (iv) all subject to (if not covered already by the Agreement) the execution of a conļ¬dentiality undertaking, in particular to protect the conļ¬dentiality of the technical and organisational measures and safeguards implemented.

6.4 In case of an onsite audit the Customer will bear its own expenses and compensate Cheqdin the cost for its internal resources required to conduct the onsite audit (based on time and material according to the then current price list), the latter only if the audit does not reveal that Cheqdin has in fact breached its obligations under the Agreement (in that case Cheqdin will promptly remedy the breach at its own cost).

7. Subcontractors (Further Processors or Sub processors On Behalf of the Customer)

7.1 Cheqdin shall use subcontractors as further processors on behalf of the Customer only where approved in advance by the Customer.

7.2 A subcontractor relationship shall be subject to such consent of Cheqdin commissioning further Cheqdin or subcontractors with the performance agreed upon in the Agreement, in whole or in part. Cheqdin shall conclude, with such subcontractors, the contractual instruments necessary to ensure an appropriate level of data protection and information security. Cheqdin will conduct the performance agreed upon, or the parts of the performance identiļ¬ed below, using the subcontractors enumerated below:

 

Cheqdin shall, prior to the use of new subcontractors or replacement of subcontractors, inform the Customer thereof with at least thirty (30) days prior notice. The Customer shall be entitled to reasonably contradict any change notiļ¬ed by Cheqdin promptly in writing within ten (10) days after receipt of the Customerā€™s notice. Cheqdin will evaluate the concerns and discuss with the Customer possible resolutions. If these resolutions are reasonably not possible in Cheqdinā€™s discretion and the Customer continues to not approve the change (such approval may not be unreasonably withheld), the Customer may terminate the Agreement upon fourteen (14) days written notice after having received Cheqdinā€™s aforementioned decision. If the Customer does not terminate the Agreement within this timeframe, the Customer is deemed to accept the respective sub processor. The Customer shall receive a refund of any prepaid fees for the period following the effective date of termination in respect of such terminated services. No other claims of the Customer against Cheqdin and of the Cheqdin against the Customer may be based on reason of such termination.

The Customer accepts that an exchange of a sub processor may be required in cases where the reason for the change is outside of Cheqdinā€™s reasonable control (emergency replacement). Cheqdin will notify the Customer respectively. If the Customer reasonably objects to the use of this sub processor, the Customer may exercise its right to terminate the Agreement as described in the section above.

7.3 Where Cheqdin commissions subcontractors, Cheqdin shall be responsible for ensuring that Cheqdinā€™s obligations on data protection resulting from the Agreement and this exhibit are valid and binding upon subcontracting.

7.4  Processing Agreement shall not apply in cases where Cheqdin or sub processors subcontracts ancillary services/deliverables from third parties which are not speciļ¬c to the provision of the services under the Agreement. Such ancillary services/deliverables shall, for example, include (but not be limited to) general infrastructure services like telecommunications services or facility management services. Cheqdin and sub processors shall nevertheless conclude, with such third parties, agreements necessary to ensure applicable data protection standards.

8. Obligations to Inform, Mandatory Written Forms, Applicable Law

8.1 Where the Data becomes subject to search and seizure, an attachment order, conļ¬scation during bankruptcy or insolvency proceedings, or similar events or measures by third parties while in Cheqdinā€™s control, Cheqdin shall notify the Customer of such action without undue delay. Cheqdin shall, without undue delay, notify to all pertinent parties in such action, that any data affected thereby is in the Customerā€™s sole property and area of responsibility, that data is at the Customerā€™s sole disposition, and that the Customer is the responsible body in the sense of the GDPR.

 8.2 No modiļ¬cation of this annex and/or any of its components ā€“ including, but not limited to, Cheqdinā€™s representations and warranties, if any ā€“ shall be valid and   binding unless made in writing or in a machine-readable format (in text form), and furthermore, only if such modiļ¬cation expressly states that such modiļ¬cation applies to the regulations of this annex. The foregoing shall also apply to any waiver or modiļ¬cation of this mandatory written form.

8.3 In case of any conļ¬‚ict, the data protection regulations of this annex shall take precedence over the regulations of the Agreement. Where individual regulations of this annex are invalid or unenforceable, the validity and enforceability of the other regulations of this annex shall not be affected.

8.4 This annex is subject to the laws of the United Kingdom.

8.5 We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.

9. Liability and Damages

9.1 The regulations on the partiesā€™ liability contained in the Agreement shall be valid also, for the purposes of Contract Processing, unless expressly agreed upon otherwise.

Exhibit on technical and organizational security measures in accordance with Article 32 of the GDPR

The technical and organisational security measures that Cheqdin has in place with regards to prevent improper destruction, alteration, disclosure, access, and other improper forms of processing of information exported by the Customer to Cheqdin including the following:

1. Confidentiality (Article 32 Paragraph 1 Point b ā€“ GDPR)

Physical Access Control

Unauthorized access (in the physical sense) must be prevented. Technical and organizational measures to control access to premises and facilities, particularly to check authorization:

  • Cheqdinā€™s ofļ¬ces are protected with ļ¬re detection as well as electronic security and intrusion alarms. No customer data is stored at Cheqdinā€™s ofļ¬ces or on local employee computers. All data is accessed from Cheqdinā€™s ofļ¬ces via secure encrypted connections with the data center.
  • The data centers used by Cheqdin are state of the art, utilizing innovative architectural and engineering approaches. Our provider has many years of experience in designing, constructing, and operating largescale data centers. This experience has been applied to the platform and infrastructure. Data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center ļ¬‚oors. All visitors and contractors are required to present identiļ¬cation and are signed in and continually escorted by authorized staff. All physical access to data centers by is logged and audited routinely.
  • Physical Media: Physical media (e.g. transcripts) that contains personal data from the Cheqdin IT solution shall be stored in locked cabinets when they are not in use and up to the time of destruction, cf. the section on Physical Media below. Only employees with a speciļ¬c requirement may access such physical media.

Electronic Access Control

Unauthorized access to IT systems must be prevented.

Technical (ID/password security) and organizational (user master data) measures for user identiļ¬cation and authentication:

  • Firewalls: Updated ļ¬rewalls are applied to protect the network at Cheqdinā€™s ofļ¬ce against unauthorized access. The same standards are applied at the Operations Center, where ļ¬rewalls and other technical methods are used to protect the Operations Center network against unauthorized access.
  • Anti-virus/anti-malware: IT devices used by Cheqdin to access the Cheqdin IT solution, including servers that are used in the operation are, to the extent possible and relevant, protected with updated anti-virus- and anti-malware software.
  • Encryption: In relation to the transfer of data within the Cheqdin IT solution through public communication connections, including when the IT solution is accessed by users, secure encryption is applied, based on generally recognized algorithms that as a minimum will be equivalent to SSL 256bit. All Wiļ¬ connections used at the Cheqdin ofļ¬ce and in the Operations Center are secured through use of encryption in the form of WPA or better.
  • Cheqdinā€™s Remote Access: When Cheqdinā€™s employees access the Cheqdin IT solution through remote access, such connections are secured through encryption e.g. in the form of VPN. Any access to the Cheqdin IT systems requires that the Cheqdin employees register a username and a password. Cheqdin complies with the conditions in this Data Processing Agreement, irrespective of the use of remote access.
  • Cheqdinā€™s Password Policy: Cheqdin Employees with access to Cheqdinā€™s IT Solution are covered by a strict password policy. Passwords must be minimum 10 characters and contain: Upper case as well as lower case letters, numerals and special characters. Passwords are changed at least every 3 months. Passwords can not contain any names or usernames.

Internal Access Control

Activities in IT systems not covered by the allocated access rights must be prevented. Requirements-driven deļ¬nition of the authorization scheme and access rights, and monitoring and logging of accesses:

a) Authorization

  •  All Cheqdin employees with access to personal data are authorized by Cheqdin. Such authorizations specify which access and for what purpose each employee can access the personal data. The Cheqdin employees are solely authorized to access the Customerā€™s personal data for operational or technical purposes. The Cheqdin employees do not have access to personal data that is not included in their authorization. All access to personal data by Cheqdin employees are logged.
  • Cheqdin checks and updates all employee authorizations on a regular basis, as a minimum semiannually. The authorizations are adapted or withdrawn in relation to employees changing job positions, responsibilities or resigning.
  • Employees within the Operations Center are solely authorized to access personal data with an operational purpose. Such accesses are logged, cf. section ā€œLoggingā€ and the authorization is withdrawn when it has outdated its operational purpose.
  • Cheqdinā€™s IT system is conļ¬gured so that the Customer can authorize its employees on the basis of roles. The Customer assigns its employee authorizations through the web module provided by Cheqdin. Other users of the Solution shall in addition be subjected to authorization that provides relevant access.
  • All Cheqdin employees with access to personal data are informed of this Data Processing Agreement and are obliged to comply with the employee targeted requirements of this Data Processing Agreement. The Cheqdin employees do not have access to personal data that is not included in their authorization.
  • All Cheqdin employees with access to personal data have their criminal record checked by Cheqdin in connection with their employment.

b) Login, Username and Passwords

  • All employees at Cheqdin and at the Operations Center have unique usernames and passwords. Usernames and passwords are created and altered from generally recognized principles and no username is reused within a period of at least six months since the username was last in use. Provided that a Cheqdin employee has not used their username within a period of three months, the username will automatically be suspended.
  • After multiple successive failed login attempts with the same username, the login with the respective username will be blocked. This applies to both employees of Cheqdin and the Customer. Provided that the successive failed login attempts occurred from the same IP- address, the access from the respective IP-address will be blocked. The blocking of access in the previously mentioned scenarios can not cause any liability towards Cheqdin. In case a block of a Cheqdin employee account occurs, Cheqdin will conduct a follow-up on the matter as soon as possible.
  • It is not possible to log into the Cheqdin IT systems by using an anonymous user account or guest account.

c) Conļ¬dentiality

  • All Cheqdin employees with access to personal data are subject to conļ¬dentiality throughout their employment contracts and all employees within the Operations Center are subject to conļ¬dentiality.
  • The conļ¬dentiality is maintained beyond the termination of the Cheqdin Agreement or if the Cheqdin Agreement with sub-data processors ceases. Employees are also subject to the conļ¬dentiality obligation upon cessation of their employment.

Isolation Control

Data collected for different purposes must also be processed separately. Measures to provide for separate processing (storage, amendment, deletion, transmission) of data for different purposes:

  • Storing of Data: Within the Cheqdin IT solution, all data is stored in the Operations Center. The Customerā€™s data is stored logically separated from other customersā€™ data for whom Cheqdin is carrying out data processing for. All data is tagged with unique ids which can identify which end-user or Customer the data belongs to.

2. Integrity (Article 32 Paragraph 1 Point b ā€“ GDPR)

Aspects of the disclosure of personal data must be controlled: electronic transfer, data transport, transmission control, etc. Measures to transport, transmit and communicate or store data on data media (manual or electronic) and for subsequent checking:

  • IT Storage Media: In case of recycling, discarding, repairs or service on storage media used for personal data; it is ensured that third parties cannot gain access to data on such media. Such security procedures are conducted either through encryption or by thorough deletion or overwriting to ensure that all previously stored personal data cannot be recovered by using a generally recognized speciļ¬cation (e.g. DOD 5220-22- M).
  • Physical Media: All physical media that may contain personal data from the Customerā€™s IT solution (e.g. prints), will be discarded in a safe manner when the physical media has fulļ¬lled its purpose. This can be executed through shredding or through other means that ensures that access to personal data is not possible.
  • Virtual Private Network: When Cheqdinā€™s employees access the Cheqdin IT solution, such connections are secured through encryption e.g. in the form of VPN. Any access to the Cheqdin IT systems requires that the Cheqdin employees register a username and a password.
  • Electronic signature: Cheqdin uses 256-bit SSL certiļ¬cates to the authenticity of Cheqdin towards the end-users.
  • Transport Security: Cheqdin utilizes end-to-end SSL encryption from end-user device all the way to the database as well as between internal services on the servers.

Data Entry Control

Full documentation of data management and maintenance must be maintained. Measures for subsequent checking whether data have been entered, changed or removed (deleted), and by whom:

  • Any access to personal data related to the use of Cheqdinā€™s IT solution is automatically logged (ā€ Application Logā€). By logging the time, username, type of application and the person that the data is concerning, or the used search criteria is registered. The log is kept for a minimum of six months and is deleted after a maximum of seven months.
  •  The Customer can gain access to the Application Log by special request.
  • Provided that access to the Cheqdin IT solution is made in connection with technical issues e.g. support, error correction or other technical causes, such access will be logged in dedicated logs. In cases where the use of the Cheqdinā€™s IT solution is similar to the way other users are using the Cheqdin IT solution, the access will be logged in the Application Log.

3. Availability and Resilience (Article 32 Paragraph 1 Point b & C ā€“ GDPR) Availability Control

The data must be protected against accidental destruction or loss. Measures to assure data security (physical/logical):

  • Fire, Power Outages: Cheqdinā€™s ofļ¬ce and Operations Center is secured in the usual manner to protect against ļ¬re. The Operations Center is furthermore secured so that the operations can continue even during power outages of a certain duration, protection against loss of communicative connections to the Operations Center has also been established.
  • Backup: Cheqdin secures data stored in the Cheqdin IT solution through continuous backup of stored data several times daily. The backup is conducted as a mix of full backup and incremental (whereby the changes are stored) backup. Cheqdin regularly conducts restore-tests of previously completed backups in order to make sure that the backup routines function as intended. Backups are for safety reasons also duplicated and stored in another data center from the same provider in the same country and region.
  • Uninterruptable Power Supply (UPS): The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
  • Climate and Temperature: Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. Electrical, mechanical, and life support systems and equipment are monitored so that any issues are immediately identiļ¬ed. Preventative maintenance is performed to maintain the continued operability of equipment.

Rapid Recovery

In case of an incident Cheqdin has the ability to quickly recover access to personal data by restoring recent backed up ļ¬les to production environments on new booted servers. This can be done in a matter of minutes and ensures that any potential downtime is minimised.

4. Procedures for regular testing, assessment and evaluation(Article 32 Paragraph 1 Point d ā€“ GDPR; Article 25 Paragraph 1 ā€“ GDPR) Incident Response Management Security Breach Procedure at Cheqdin

  • Provided that Cheqdin detects a security breach or threat hereof in relation to the Cheqdin IT solution, Cheqdin will seek to locate and identify such breach or threat as well as the scope of the issue as soon as possible, seek to limit the potential or occurred damage to the extent possible, seek to hinder such a security breach in the future and to the extent possible, restore any lost data.
  • In the case of a security breach where unauthorized people gain access to the Customerā€™s data or where loss of data has occurred, Cheqdin will, when possible, cf. e.g. the section ā€œProcedureā€, notify the Customer in a written notice about the security breach. Such notiļ¬cations will contain information about which data Cheqdin deems to have been accessed unauthorized, whether Cheqdin has initiated special precautions, and the notiļ¬cation will inform whether the Customer, according to Cheqdinā€™s evaluation, must take special precautions.

Order or Contract Control

Cheqdin has entered into market standard GDPR data processing agreements with suppliers in order to comply with the terms under this agreement.

Audit

Cheqdin will have an external auditor verify that the procedures speciļ¬ed in this agreement are followed.

Your rights as a data subject

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time. If we are processing your personal data for reasons of consent or fulfilling a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider. If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased. You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully. Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.

To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the Who Are We section of this policy.

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissionerā€™s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissionerā€™s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

United Kingdom

Data Protection Registration

https://cheqdin.com/ the website, web portal and its mobile applications are powered by Databotix Limited. Cheqdin Childcare Software (Cheqdin) is the trading name of Databotix Limited. The company is registered as a data controller with the UK Information Commissionerā€™s Office (ICO). Our data protection registration number is ZA250858.

Our details

This website https://cheqdin.com is owned and operated by Databotix Limited.

Cheqdin Childcare Software (Cheqdin) is the trading name of Databotix Limited and the software ā€“ Cheqdin is developed, designed and powered by Databotix Limited.

Our company is registered in Scotland, United Kingdom under registration number SC545249, and our registered office is at Cirrus Building, ABZ Business Park, Dyce Drive, Dyce, Aberdeen, AB21 0BH, Scotland, United Kingdom. VAT No. GB 266944265

Our principal place of business is at Cirrus Building, ABZ Business Park, Dyce Drive, Dyce, Aberdeen, AB21 0BH, Scotland, United Kingdom.

You can contact us:

      1. by post, using the postal address given above;
      2. using our website contact form;
      3. by telephone, on the contact number published on our website from time to time; or
      4. by email, using the email address published on our website from time to time.

 

Entire Agreement

The Agreement constitutes the entire agreement between you and Cheqdin Childcare Software regarding your use of the platform, mobile apps, the web Application and supersedes all prior and contemporaneous written or oral agreements between you and Cheqdin Childcare Software.

You may be subject to additional terms and conditions that apply when you use or purchase other Cheqdin Childcare Softwareā€™s services, which Cheqdin Childcare Software will provide to you at the time of such use or purchase.

Ā© Copyright 2017-2024 Cheqdin ā€“ All rights reserved.