Privacy Policy

We are the controller and responsible for controlling your personal information as set out in this Policy.

If you have any questions about this policy, including any requests to exercise your legal rights, please email at [email protected] or by post at 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

As part of our services, we will collect and process your sensitive personal data which may include, but shall not be limited to (including activities in relation to children’s data) race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (the “Sensitive Data”). We understand that sensitive personal data requires more protection than other personal data. Collection and processing of such data is necessary in accordance with our legal obligations in connection with users. We undertake to handle personal sensitive information with care and only for as long as necessary. 

In relation to the Caregivers, as part of the recruitment process, we have the right to conduct a criminal record check which is processed by the Disclosure and Barring Service (DBS). Such checks will also include information held on the DBS’s children’s and adult’s barred lists, information held by the local police that contains data relevant for the job with the Company. We conduct DBS checks because we are under a legal obligation under the relevant legislation. DBS checks assist us in making the recruitment process safer. We may carry out DBS checks by relying on the conditions set out in Schedule 1 to the Data Protection Act 2018, pursuant to which the processing of criminal convictions data is necessary for the purpose of performing or exercising obligations or rights which are imposed or conferred by law on us in connection with employment for the purposes of carrying our business. It is a condition to processing of the criminal convictions data that we have an appropriate policy document in place. Therefore, you must read this policy in detail and contact us if you have any questions or concerns.   

In relation to Families, we collect limited personal information relating to children in order to ensure that our Caregivers provide the best and safest possible care and the support required. This entails processing personal sensitive information to such extent as may be necessary in connection with the services. Information about the types of special categories of customers’ data which we may process, purposes of processing and other relevant information is contained in the consent form which we will provide to you prior to providing the services. You may also find a list of sensitive personal information which we process in the table below. Children over the age of 13 are capable of consenting to processing of their personal sensitive data. Accordingly, we have ensured that the relevant consent form is in a child-friendly format. You are required to read the relevant consent form carefully and, if there is anything you do not understand, you may contact us at the address provided below. 

In relation to the Security Data, when we are required to process Security Data, we will ask you to upload such data through a secure platform. These data are stored securely for a period to allow the required information to be processing. We usually process these documents within three days, but we are permitted to hold such documents for as long as necessary in accordance with the legislation. 

In the event that we need to collect personal information by law and you fail to provide that data if and when requested, we may have to cancel a service you have with us, but we will notify you if this is the case at the time. 
We may process Aggregated Data in order to improve the quality of the matches that we make (in terms of caregiver and family satisfaction, and duration of the match) and also to improve the efficiency of our match making.

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal information you provide when you: request to create a user account; enquire about the services; create an account on our Platform; and/or give us some feedback or a testimonial. 

Automated technologies or interactions. As you interact with our Platform, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies.

Third parties or publicly available sources. We do not control, supervise or respond for how long third parties providing your information process your personal information, and any information request regarding the disclosure of your personal information to us should be directed to such thirds parties. 

We may receive personal information about you from various third parties and public sources as set out below: Technical Data and Usage Data; Contact, Financial and Transaction Data from providers of technical, payment and delivery services; and identity and Contact Data from publicly available sources.

We may also match personal information that you provide to us directly with other information about you obtained from or held by third party sources (such as social media platforms). This may include your contact details, demographic data, your social media interactions, preferences, shopping habits, interests, geographic location and age or age range. We may use this personal information to tailor and show advertisements more relevant to you either on our website/app or on third party websites (including social media platforms.) 

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out below (depending on the types of information we receive).

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may be asked to share your personal information with the following parties: HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances in connection with the services that we provide;

Government organisations such as Care Inspectorate Wales, Ofsted, Local Authority Councils and third parties in order to facilitate registration of candidates as a caregiver; law enforcement agencies in connection with any investigation to help prevent unlawful activity; any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; 0ur business partners in accordance with the Marketing section; third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Policy; business partners, suppliers, insurance companies and subcontractors for the performance of any contract we enter into with you; advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; or analytics and search engine providers that assist us in the improvement and optimisation of our Platform. 

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

If you are supplying us with an emergency contact’s details, you confirm that you have that person’s permission to provide us with their details. Any emergency contact information will thereafter be treated as an extension of your personal data (as Contact and Identity Data). 

For the purpose of providing our services, we use subcontractors. These include but are not limited to, Verifile, Stripe and Yoti. We only share limited and necessary personal data with these third parties on the basis of our legitimate business interests for the purposes of providing our services. 

In order to provide relevant search results, we need to share information about you with potential nannies, childminders, babysitters, assistants and families. We share the minimum information necessary to make a good decision about whether they would like to authorise bookings.

This minimum information might include the following data you have given us: 

For caregivers:
Contact details, address, student status, schedule availability, experience and qualification information, skills like languages, personal features like age and gender, our impressions, preferences for matches, medical information (only if a valid consent is given), and DBS and first aid status.

For families:
Contact details, address, days and times required, preferences (including nanny experience, personality, skills such as languages /driving /cooking), lifestyle information, children’s ages, genders, allergies or other relevant medical information, special or additional needs, schools. We ask for your child’s full date of birth to ensure our records are always accurate, as this allows us to provide a tailored service to your family, and ensure the best possible matches between you and any nannies you hire with us.

Please note that if you register on our Platform, we will, as part of the service, send you periodic newsletters or other information by email, which are not marketing and advertising, but an integral part of our service.

We comply with the direct marketing requirements of the Privacy and Electronic Communications Regulations. When considering marketing directed to children, we take into account their reduced ability to recognise and critically assess the purposes behind processing and the potential consequences of providing their personal information.

If you receive marketing emails and don’t want to in future, please use the unsubscribe link within the email and we will remove you from future campaigns.

All Cookies used by and on the Platform are used in accordance with the Data Protection Legislation. You can set your browser to refuse all or some browser cookies, or to alert you when platforms set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly. We may use some or all of the following types of Cookies:

Strictly Necessary Cookies. A Cookie falls into this category if it is essential to the operation of the Platform, supporting functions such as logging in and payment transactions.

Analytics and Customisation Cookies. It is important for us to understand how you use the Platform, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping us to improve the Platform and your experience of it.

Functionality Cookies. Functionality Cookies enable us to provide additional functions to you on the Platform such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category.

Targeting Cookies. It is important for us to know when and how often you visit the Platform, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make the Platform and advertising more relevant to your interests. 

Third Party Cookies. Third party Cookies are not placed by us; instead, they are placed by third parties that provide services to us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on the Platform, or by third parties providing analytics services to us (these Cookies will work in the same way as analytics Cookies described above).

Persistent Cookies. Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit the Platform.

Session Cookies. Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit the Platform until you close your browser. Session Cookies are deleted when you close your browser.

Our primary database is Amazon Web Services. Please visit https://aws.amazon.com/service-terms to learn how Amazon Web Services.processes personal data. 

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

We may also use other third party service providers for the following purposes: advertising, direct marketing and lead generation; customer support; communication; signing contracts; content optimization; functionality and infrastructure optimisation; invoicing and billing; web and mobile analytics; training; background checks. 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We use strict procedures and security features to try to prevent unauthorised access and will ensure that any third party receiving your personal data adopts such appropriate measures necessary to safeguard your personal data.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transactional Data) for 6 years after they cease being customers for tax purposes.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

You have rights under the relevant data protection laws in relation to your personal information. Please see the information below to learn more about your legal rights: 

Right to rectification. If your personal information is incorrect or incomplete in any way, you may notify a person dealing with your matter and where inaccurate or incomplete, we will correct it without delay.

Right of access. You may request a confirmation from us that we are processing your personal information; access your personal information held by us and request a copy (unless providing a copy adversely affects the rights and freedoms of others);  obtain certain information about how we process your personal information, categories of personal information processed, recipients or categories of recipients who receive personal information from us; and how long we store your personal information for and the criteria we use to determine retention periods.

Right to be informed how your personal information is being processed;
how long it will be stored for; the legal basis for processing; recipients (or categories of recipients) of your personal information; and whether personal information must be provided under statute or for another reason and the consequences of not providing the personal information to ensure the fair and transparent processing of your personal information. 

Right to restrict processing under certain circumstances if you contest the accuracy of your personal information, we may restrict its processing, until we can verify its accuracy; if the processing is unlawful; if we no longer need to process your personal information, unless we still need your personal information for the establishment, exercise, or defence of legal claims; and if you object to processing that relies on public interest or our (or third party’s) legitimate interest as the lawful processing ground. right to data portability
right to receive from us a copy of your personal information in commonly used and machine-readable format and store it for further use on a private devise; and right to transmit personal information to another third party; or have your personal information transmitted directly from one third party to another where technically possible.

Right not to be subject of automated processing, decision-making, including profiling, which has legal or other significant effects on you. This does not apply when the automated decision is necessary for entering into or performing a contract with you; or it is authorised by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.

Right to object to processing. You may object to direct marketing, including profiling related to direct marketing. We will stop processing your personal information once notified by you, except if we can demonstrate a compelling legitimate ground for processing the personal information that overrides your request; or processing is necessary to exercise or defend legal claims.
If we hold information about you, you can request to be provided with a copy of this and to have any inaccuracies corrected where necessary. A copy of this can be requested in writing, or in person at our trading address, which is Suite 8, 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

We will not store your personal information for longer than necessary. We will consistently update our records and delete any personal information which: is outdated; incorrect; or whether the grounds for processing have ceased to apply.

This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

To delete your account please contact [email protected]. 

When creating an account on our platform, you agree to receiving SMS, and email notifications. In certain situations, you also agree to Poppet contacting you via WhatsApp. 

You can opt-out of SMS and WhatsApp at any time by replying STOP. 

You can unsubscribe from our email communications by clicking the ‘Unsubscribe’ link at the bottom of our emails.

Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Policy.

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Jodi Parikh, by post to: Suite 8, 45 Salisbury Road, Cathays, Cardiff, CF24 4AB.