Little Vista Privacy Notice
Notice last updated: 21 May 2018
Quick Links to sections in this document:
Summary of updates:
- Who we are: Who is Little Vista and where we are headquartered.
- Principles: This updated privacy notice highlights our approach to data prrotection in several key areas – Transparency, Security and Accessibility.
- Collection and Use: The updates include more information about the ways we collect personal data, who we collect that data from, and how we use it.
- Security: We have reviewed our policy in relation to the ongoing protection of your personal data using the best practices and technologies available.
- Data Subject Rights: Individual rights are a kep aspect of the GDPR and we have added information about how tehse rights can be excercised.
Who is Little Vista?
Little Vista is the trading name of Crecheom Ltd. When we refer to ‘we’ (or ‘our’ or ‘us’), this means Crechecom Limited and all its wholly owned subsidiaries. Our headquarters are in Dublin, Ireland but we provide softtware services for clients in the EU and also internationally.
We provide an easy-to-use management system for the childcare industry and other care industries. Our platform connects all stakeholders seamlessly and provides rich information to families and guardians of those in care in real-time.
For more information please visit our website.
Data Protection Principles
Our approach to data protection is based on a company wide undestanding of quality practices and pricnciples in relation to daily managment of data. At the core are 3 principals:
- Transparency An ongoing and educated approach to processing and managing personal data.
- Security: The integration and implementation of best practices and technologies across our organisation.
- Accessibility: Providing the correct access in a controlled manner to users with valid access rights in line with the GDPR.
1. How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free trial, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
If you are a data controller using one of our software services and we are acting on your behalf as a data processor you can review our GDPR data map here – LV GDPR Data Map.
Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see). Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Declaration.
Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
If you’re someone who doesn’t have a relationship with us, but believe that a Little Vista subscriber has entered your personal data into our websites or services, you’ll need to contact that Little Vista subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
2. How we use your data
The primary reason we use your personal data is directly related to the provision of services that you have requested, and also to manage our relationship with you. There are some other ways that we use your personal data, which may include the following:
For support and commuincation: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise. It may also include operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services. We may also ask you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools. Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Declaration.
For Marketing purposes:In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
Finally…to analyse, aggregate and report:We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
3. How we can share your data
From time to time we may be required to share your personal data with third parties. However, we will only disclose your personal data to:
- Other Little Vista companines: other compaines within the Little Vista (Crechecom Ltd.) group
- Regulators: regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- Purchase event: an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- Other: other people where we have your consent
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information about security, please review our data protection policy.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We will retain your personal data only for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, your data will be deleted or anonymised.
The GDPR also enhances individual rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
To excercise these rights at any time please contact us on firstname.lastname@example.org. We will investigate and respond to your compaint as quickly as possible.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where some of our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
The two major services used by Little Vista are Stripe and Amazon (AWS). Little Vista currently uses Stripe to process the payment of Subscription Fees, we does not directly collect or store any payment information. Stripe data may be stored in the US but Stripe is a signatory to the EU-US Privacy Shield. Little Vista uses Amazon Web Services (AWS)for hosting of the Customer Data. Such data is currently stored within the EU but may be transferred to the AWS US servers. AWS is a signatory to the WU-US Privacy Shield. STRIPE
Other Third Party Sub-Processors include:
Sentinial (Payments Processing) AWS (Cloud Provider within EU) (edited) SendGrid (Communications – Email) (edited) Twillio (Communications – Mobile) (edited) Salesforce (Customer Relationship Management) Mailchimp (Email Marketing)
Your feedback and support
We would like to once again thank all of our customers for their ongoing support and feedback. We have an open door policy (not officially documented!) and always want to hear from you. If you would like to speak to us about anything related to your personal data or have a question or some feedback pease get in touch.
Our email is email@example.com