We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified; you can be assured that it will only be used in accordance with this privacy statement.
We may change this policy from time to time. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 1st September 2010; the latest revision date is located at the foot of each page.
1. WHAT WE COLLECT
When you visit our website and/or our online operating system you may be asked to provide us with information as follows:-
1.1. OPERATING SYSTEM
The information we collect during the registration process through our operating system is product specific and includes:-
Employment details, including name of employer, pay frequency and payroll number
Personal details, including name, gender, National Insurance Number
Contact details, including home address, email address, home, mobile and work telephone numbers
Salary information, including tax code, annual salary, details of any bonuses and other salary sacrifice agreements, number of hours worked per week and age group
Order information, including salary sacrifice amount and type of vouchers to receive
Childcare provider details, including name, address, contact details, registration number
Child details including name, gender and date of birth
Bank details for your organisation to allow us to collect payment via Direct Debit
Bank details for childcare providers to allow us to make payments
Bank details for individuals (in relation to our mobile phone service only)
1.1.1. HOW WE HANDLE PERSONAL DATA THROUGH OUR OPERATING SYSTEM
Our site will only be accessible via HTTPS, we require the use of a username, password and PIN number combination to access the site. Users passwords are hashed when stored (not plain text) and are never known (even by ourselves) by anyone except the customer. This is based on Microsoft's security best practice guidelines. All data is stored in a secure data centre and only approved individuals (currently two people only) can access the data centre site. All data centre site visits must be formally requested 48 hours before visiting.
1.1.2. CONTROL OF INFORMATION HELD WITHIN OUR ORPERATING SYSTEM
Data handling is always transmitted in an encrypted state and is never posted. We always use signed for couriers to handle any transmission of physical media.
1.1.3. BACKED-UP AND ARCHIVED CUSTOMER DATA HELD WITHING THE OPERATING SYSTEM
We have a secondary backup of all data held on our operating system onsite. Offsite backups are encrypted and only in the possession of a single individual.
1.1.4. REFUSAL TO GIVE INFORMATION
For all our products/services, refusal to give information during the registration process may result in the user being unable to complete their order.
The information we request during the employee registration process for Childcare Vouchers is required by HMRC in line with the Childcare Voucher Scheme regulations.
1.2. OUR WEBSITE - WWW.BUSYBEESBENEFITS.COM
The following is information we may collect as you and others browse our website:
Contact information where provided (i.e. email address etc)
1.2.1. WEBSITE SECURITY
We maintain the highest standards of security; however the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your Information, we cannot ensure the security of your data transmitted to our website.
Any information you submit is sent at your own risk. Once we have received your Information we will use strict procedures and security features to minimise the risk of unauthorised access.
Similar to other commercial websites, our website uses a technology called "cookies" (see explanation below, "What Are Cookies?") and web server logs to collect information about how our website is used.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website.
1.2.2. WHAT ARE COOKIES?
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site's web server/computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites, therefore private information supplied to one website cannot be read by another organisation.
1.2.3. HOW DO WE USE INFORMATION WE COLLECT FROM COOKIES?
Cookies, in conjunction with our web server's log files, allow us to calculate the aggregate number of people visiting our website and which parts of the website are most popular. This helps us gather feedback so that we can improve our website and better serve our customers.
Cookies do not allow us to gather any personal information about you and we do not generally store any personal information that you provided to us in your cookies.
2. WHAT WE DO WITH THE INFORMATION WE GATHER
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Email is not recognised as a secure medium of communication. For this reason, we request that you do not send private information to us by email.
4. LINKS TO OTHER WEBSITES
Our website and operating system may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
5. CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information in the following ways:
We may pass your Information to carefully selected third party organisations:
If we are under a duty to disclose or share your personal data to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements or protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to:-
Busy Bees Benefits Ltd
Shenstone Business Park
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
5.1. ACCESS CONTROL
Access to information shall be restricted to authorised employees only and shall be protected by appropriate physical and logical authentication and authorisation controls.
Employees shall be granted access to information only on the basis that they have a specific need to know, or need to access that information.
Access privileges shall be allocated to employees, based on the minimum privileges required to fulfil their job function.
All passwords used to access information assets shall conform to Busy Bees Benefits requirements.
Detailed processes have been developed and shall be followed for terminating, modifying or revoking an employee's access to information.
5.2. DATA QUALITY
We recognise the importance of data quality and will develop and maintain up to date information.
In order to be confident in the data that both Busy Bees Benefits holds and our customers provide us with, we need to be assured that the data we hold is:
Accurate (in terms of correctness)
Comprehensive (all relevant data has been captured)
Valid (in a format which conforms to recognised council and national standards)
Timely (available when needed and up to date)
Stored securely and confidentially (where appropriate)
Maintained (e.g. data retention procedures).
This requires work at all levels of the organisation. All employees, members, contractors and partners involved in data management know what is expected of them in terms of standards of data quality. Systems, policies, procedures and controls are agreed to ensure the highest possible data quality.
We believe that continued initiatives in relation to data quality should be proportionate to risk. Data testing is a key part of our normal internal audit procedures and the annual audit plan is based on assessing the risk involved in different areas.
We use our data collection techniques and validation through our online operating system to ensure that data is identified and correctly entered at its source to ensure accuracy from the beginning.
6. REMOVAL OF DATA
We will ensure that all data will be removed from our system after a 7 year period of non-ordering. Any records which are no longer required and are held on hardware that is not due for disposal will be anonymised when it reaches its expiration period.
We also ensure that any equipment which holds data that falls under the data protection act is destroyed and rendered inoperable before disposal of the hardware it is saved on.
7. YOUR CONSENT
8. STATUTORY INFORMATION ABOUT BUSY BEES BENEFITS
Busy Bees Benefits is registered in England and Wales.
Registered Company Number: 06758298
Data Protection Registration Number: Z2411286
Registered Office: Busy Bees Benefits Ltd
Shenstone Business Park