poppet logo
Download  App

Privacy Policy

Updated  Jan 12, 2023

At Poppet, we are committed to protecting the privacy of our users. This Privacy Policy explains how the information we collect from you, or that you provide to us, is processed, used, and shared. By visiting our websites (https://www.joinpoppet.com), mobile app, or other online products and services (collectively, the "Platform") you are accepting and consenting to the practices described in this Policy.

1. Who we are and how to contact us

Poppet is a Platform, operated by Patch Tech Holdings LTD, a company incorporated and registered in England and Wales with company number 13948425, with a registered address at Suite 8,45 Salisbury Road, Cathays, Cardiff, CF24 4AB  ("Poppet", "we", "us" or "our").

2. Controller

We are the controller and responsible for controlling your personal information as set out in this Policy.

3. How to contact Poppet

If you have any questions about this policy, including any requests to exercise your legal rights, please email at [email protected] or by post at 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

4. Information we may collect about you


We may collect, and process (within the meaning of the Data Protection Legislation) different kinds of personal information about you as follows:
Identity Data. These data may include first name, surname, username or similar identifier, title, date of birth and gender, job title, education and employment history, right to work in the UK, and criminal history including criminal proceedings, convictions and involvement in litigation where you were either a plaintiff or defendant.
Financial Data. These data may include bank account and payment card details.
Contact Data. These data may include current home address, previous home addresses, email address and telephone numbers, emergency contact information.
Technical Data. These data may include internet protocol address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you
use to access the Platform.
Profile Data. These data may include username and password, interests, preferences, feedback and survey responses.
Security Data. These data may include contact details, work availability, right to work details, experience information, references’ information, experience and skills, age, gender, interview notes, training assessment data, consent responses, medical information where provided, DBS status, first-aid certification and other relevant qualification information, visa information, proof of identity and proof of address. Security Data may include some Sensitive Data, which is described below.
Usage Data. These data may include information about your use of the Platform, such as the type of content or services that you view; the features that you use; the actions you take; frequency and duration of your activities; content that you share with other users through our messaging tools
Marketing and Communications Data. These data may include your preferences in receiving marketing from us and our third parties and your communication preferences.
Aggregated Data. These data may include behavioural data like how you move through our Platform, as well as information that you give us regarding what you are looking for in terms of a match via the Platform; caregivers’ shifts data and families approving rejecting shifts; and information about the caregivers’ parental status which may be displayed on their profile. Other aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Platform feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Policy

5. Sensitive and secure data

As part of our services, we will collect and process your sensitive personal data which may include, but shall not be limited to (including activities in relation to children’s data) race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (the “Sensitive Data”). We understand that sensitive personal data requires more protection than other personal data. Collection and processing of such data is necessary in accordance with our legal obligations in connection with users. We undertake to handle personal sensitive information with care and only for as long as necessary. 

In relation to the Caregivers, as part of the recruitment process, we have the right to conduct a criminal record check which is processed by the Disclosure and Barring Service (DBS). Such checks will also include information held on the DBS’s children’s and adult’s barred lists, information held by the local police that contains data relevant for the job with the Company. We conduct DBS checks because we are under a legal obligation under the relevant legislation. DBS checks assist us in making the recruitment process safer. We may carry out DBS checks by relying on the conditions set out in Schedule 1 to the Data Protection Act 2018, pursuant to which the processing of criminal convictions data is necessary for the purpose of performing or exercising obligations or rights which are imposed or conferred by law on us in connection with employment for the purposes of carrying our business. It is a condition to processing of the criminal convictions data that we have an appropriate policy document in place. Therefore, you must read this policy in detail and contact us if you have any questions or concerns.   

In relation to Families, we collect limited personal information relating to children in order to ensure that our Caregivers provide the best and safest possible care and the support required. This entails processing personal sensitive information to such extent as may be necessary in connection with the services. Information about the types of special categories of customers’ data which we may process, purposes of processing and other relevant information is contained in the consent form which we will provide to you prior to providing the services. You may also find a list of sensitive personal information which we process in the table below. Children over the age of 13 are capable of consenting to processing of their personal sensitive data. Accordingly, we have ensured that the relevant consent form is in a child-friendly format. You are required to read the relevant consent form carefully and, if there is anything you do not understand, you may contact us at the address provided below. 

In relation to the Security Data, when we are required to process Security Data, we will ask you to upload such data through a secure platform. These data are stored securely for a period to allow the required information to be processing. We usually process these documents within three days, but we are permitted to hold such documents for as long as necessary in accordance with the legislation. 

In the event that we need to collect personal information by law and you fail to provide that data if and when requested, we may have to cancel a service you have with us, but we will notify you if this is the case at the time. 
We may process Aggregated Data in order to improve the quality of the matches that we make (in terms of caregiver and family satisfaction, and duration of the match) and also to improve the efficiency of our match making.

6. How your personal information is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal information you provide when you: request to create a user account; enquire about the services; create an account on our Platform; and/or give us some feedback or a testimonial. 

Automated technologies or interactions. As you interact with our Platform, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies.

Third parties or publicly available sources. We do not control, supervise or respond for how long third parties providing your information process your personal information, and any information request regarding the disclosure of your personal information to us should be directed to such thirds parties. 

We may receive personal information about you from various third parties and public sources as set out below: Technical Data and Usage Data; Contact, Financial and Transaction Data from providers of technical, payment and delivery services; and identity and Contact Data from publicly available sources.

We may also match personal information that you provide to us directly with other information about you obtained from or held by third party sources (such as social media platforms). This may include your contact details, demographic data, your social media interactions, preferences, shopping habits, interests, geographic location and age or age range. We may use this personal information to tailor and show advertisements more relevant to you either on our website/app or on third party websites (including social media platforms.) 

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out below (depending on the types of information we receive).

7. Legal basis for processing personal information

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

  
Type of data
Purpose of Processing
Legal Basis
Legitimate Interest
Contact details including mobile, full address, email address
ID verification, contacting you, and allowing parents who have booked you to contact you
Performance of contract
 N/A                                                  
2
Personal details including name, date of birth, images/photographs, biographic data
ID verification, background check, creating your profile on the app
Performance of contract
N/A                                                     
3
Social media IDs and phone contacts (optional)
Background check and to help connect you with families in your social circles.
Legitimate interest
For Poppet to provide a safe, secure and transparent market platform for Users

To help connect you to parents in your social circles and obtain more bookings.
4  
Payment details including credit/debit card, bank account number and sort code (via payment processor – Stripe)
To process payments between parents and caregivers securely
Performance of contract
N/A                                                     
5  
Qualifications & Certificates(DBS & First Aid)
To build & verify your profile and allow parents to assess your suitability
Legitimate interest
For Poppet to provide a safe, secure and transparent market platform for UsersTo help you build your profile and win more bookings
6  
References/Reviews
Parents leave reviews on your profile for other parents to view before choosing whether to make a booking. You may also submit references as part of your registration on the Poppet app.
Legitimate interest
For Poppet to provide a safe, secure and transparent market platform for UsersTo help you build your profiles and win more bookings. To boost security and transparency of the platform.
7  
In app chat messages
Users can communicate with each other via the app’s in-app messaging function.
Legitimate interest
Helps Poppet’s customer service team, if required, ascertain what occurred on specific sits and helps with dispute resolution.
8  
The type of mobile device you use
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
9  
A unique device identifier (e.g. IMEI number, MAC address or the mobile phone number used by the Device)
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
10 
Mobile network information
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
11
Your mobile operating system
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
12
Your IP address and HTTP referrer information
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
13
The type of mobile browser you use
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience
14
Time zone setting (e.g. GMT).
To optimise the app for your use and for customer service purposes
Legitimate interest
Provide Users with the best possible app experience

8. Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. Disclosures of your personal information

We may be asked to share your personal information with the following parties: HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances in connection with the services that we provide;

Government organisations such as Care Inspectorate Wales, Ofsted, Local Authority Councils and third parties in order to facilitate registration of candidates as a caregiver; law enforcement agencies in connection with any investigation to help prevent unlawful activity; any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; 0ur business partners in accordance with the Marketing section; third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Policy; business partners, suppliers, insurance companies and subcontractors for the performance of any contract we enter into with you; advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; or analytics and search engine providers that assist us in the improvement and optimisation of our Platform. 

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

If you are supplying us with an emergency contact’s details, you confirm that you have that person’s permission to provide us with their details. Any emergency contact information will thereafter be treated as an extension of your personal data (as Contact and Identity Data). 

For the purpose of providing our services, we use subcontractors. These include but are not limited to, Verifile, Stripe and Yoti. We only share limited and necessary personal data with these third parties on the basis of our legitimate business interests for the purposes of providing our services. 

In order to provide relevant search results, we need to share information about you with potential nannies, childminders, babysitters, assistants and families. We share the minimum information necessary to make a good decision about whether they would like to authorise bookings.

This minimum information might include the following data you have given us: 

For caregivers:
Contact details, address, student status, schedule availability, experience and qualification information, skills like languages, personal features like age and gender, our impressions, preferences for matches, medical information (only if a valid consent is given), and DBS and first aid status.

For families:
Contact details, address, days and times required, preferences (including nanny experience, personality, skills such as languages /driving /cooking), lifestyle information, children’s ages, genders, allergies or other relevant medical information, special or additional needs, schools. We ask for your child’s full date of birth to ensure our records are always accurate, as this allows us to provide a tailored service to your family, and ensure the best possible matches between you and any nannies you hire with us.

10. Marketing

Please note that if you register on our Platform, we will, as part of the service, send you periodic newsletters or other information by email, which are not marketing and advertising, but an integral part of our service.

We comply with the direct marketing requirements of the Privacy and Electronic Communications Regulations. When considering marketing directed to children, we take into account their reduced ability to recognise and critically assess the purposes behind processing and the potential consequences of providing their personal information.

If you receive marketing emails and don’t want to in future, please use the unsubscribe link within the email and we will remove you from future campaigns.

11. Cookies

All Cookies used by and on the Platform are used in accordance with the Data Protection Legislation. You can set your browser to refuse all or some browser cookies, or to alert you when platforms set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly. We may use some or all of the following types of Cookies:

Strictly Necessary Cookies. A Cookie falls into this category if it is essential to the operation of the Platform, supporting functions such as logging in and payment transactions.

Analytics and Customisation Cookies. It is important for us to understand how you use the Platform, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping us to improve the Platform and your experience of it.

Functionality Cookies. Functionality Cookies enable us to provide additional functions to you on the Platform such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category.

Targeting Cookies. It is important for us to know when and how often you visit the Platform, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make the Platform and advertising more relevant to your interests. 

Third Party Cookies. Third party Cookies are not placed by us; instead, they are placed by third parties that provide services to us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on the Platform, or by third parties providing analytics services to us (these Cookies will work in the same way as analytics Cookies described above).

Persistent Cookies. Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit the Platform.

Session Cookies. Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit the Platform until you close your browser. Session Cookies are deleted when you close your browser.

12. Personal information storage and information transfer

Our primary database is Amazon Web Services. Please visit https://aws.amazon.com/service-terms to learn how Amazon Web Services.processes personal data. 

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

We may also use other third party service providers for the following purposes: advertising, direct marketing and lead generation; customer support; communication; signing contracts; content optimization; functionality and infrastructure optimisation; invoicing and billing; web and mobile analytics; training; background checks. 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We use strict procedures and security features to try to prevent unauthorised access and will ensure that any third party receiving your personal data adopts such appropriate measures necessary to safeguard your personal data.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.

13. Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transactional Data) for 6 years after they cease being customers for tax purposes.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

15. Your legal rights 

You have rights under the relevant data protection laws in relation to your personal information. Please see the information below to learn more about your legal rights: 

Right to rectification. If your personal information is incorrect or incomplete in any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.

Right of access. You may request a confirmation from us that we are processing your personal information; access your personal information held by us and request a copy (unless providing a copy adversely affects the rights and freedoms of others);  obtain certain information about how we process your personal information, categories of personal information processed, recipients or categories of recipients who receive personal information from us; and how long we store your personal information for and the criteria we use to determine retention periods.

Right to be informed how your personal information is being processed;
how long it will be stored for; the legal basis for processing; recipients (or categories of recipients) of your personal information; and whether personal information must be provided under statute or for another reason and the consequences of not providing the personal information to ensure the fair and transparent processing of your personal information. 

Right to restrict processing under certain circumstances if you contest the accuracy of your personal information, we may restrict its processing, until we can verify its accuracy; if the processing is unlawful; if we no longer need to process your personal information, unless we still need your personal information for the establishment, exercise, or defence of legal claims; and if you object to processing that relies on public interest or our (or third party’s) legitimate interest as the lawful processing ground. right to data portability
right to receive from us a copy of your personal information in commonly used and machine-readable format and store it for further use on a private devise; and right to transmit personal information to another third party; or have your personal information transmitted directly from one third party to another where technically possible.

Right not to be subject of automated processing, decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.

Right to object to processing. You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
If we hold information about you, you can request to be provided with a copy of this and to have any inaccuracies corrected where necessary. A copy of this can be requested in writing, or in person at our trading address, which is Suite 8, 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

16. Data retention, account deactivation & deletion 

We will not store your personal information for longer than necessary. We will consistently update our records and delete any personal information which: is outdated; incorrect; or whether the grounds for processing have ceased to apply.

This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

To delete your account please contact [email protected]

17. How to opt out from our communications

When creating an account on our platform, you agree to receiving SMS, and email notifications. In certain situations, you also agree to Poppet contacting you via WhatsApp. 

You can opt-out of SMS and WhatsApp at any time by replying STOP. 

You can unsubscribe from our email communications by clicking the ‘Unsubscribe’ link at the bottom of our emails.

18. Changes to our privacy policy 

Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Policy.

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Jodi Parikh, by post to: Suite 8, 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.
 © Poppet 2022 | All Rights Reserved