'We' are Askew Brook and 'you' are the business user of our app. We have taken some common questions that you may have and we have answered them here, but if you have any other questions you can email us at firstname.lastname@example.org. Please read this FAQ notice first before you send us any emails as that could save us both a lot of time!
Once you sign up, you'll be asked to set up payments and you will have to pay for the first month up front. Payments are non-refundable and we won't give pro-rata refunds. Our contract with you automatically renews on a monthly rolling basis and you can serve notice to terminate the auto-renewal at any time. If you sign up and then cancel on day two, for example, you'll still have to pay us for the first month but you won't have to make any further payments. If you do cancel, we will stop collecting data as soon as possible from the time you give us notice, if you need the data please download it prior to canceling. You must then ensure that you delete that data in accordance with the data retention periods set by the Government, or, you can simply ask us to delete all the data.
You are free to use any other application, and you could potentially just use pen and paper (although we wouldn’t recommend it) we have designed this App specifically for Covid-19 and the UK Government's request that companies collect personal data for the purpose of contact tracing. This App is targeted at those companies who do not have legal advisors to hand and a software development team they can use to create their own system and we have created the App in order to try and help smaller businesses comply where they might otherwise be processing paper documents which is not ideal when considering the scale of track and trace and the need to act quickly when tracing outbreaks.
If you are reading this notice, then the answer is probably always going to be YES! Every organisation or sole trader who processes personal information will be a Data Controller and you usually need to pay a data protection fee to the ICO, unless they are exempt. If you are just processing track and trace data and NOTHING ELSE then you may not have to pay a fee, although you will still have to register with the ICO to let them know that you are acting as a Data Controller.
If you processed payroll data or had CCTV in place, it is likely that you are already registered as a Data Controller with the ICO. You can use this self-assessment tool to figure it out but if you use our App then you're a Data Controller.https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
Maybe, if you are only processing personal data for the purpose of track and trace then you will have to register but you probably won't have to pay a fee (unless you already use CCTV for crime prevention purposes). You can use the Information Comissioner's Office self-assessment tool.
You need to register using the precise legal entity name that you would use to submit your taxes or as you would put on your annual returns. If your customers know you by a different trading name, you should adjust your privacy notice to mention that you are "MadeUpCompany (UK) Limited (also trading as 'InsertCatchyTradingName Co')". You should use your full and proper legal entity name on any notices and registrations relevant to your acting as a Data Controller.
Askew Brook Limited are the company that designed the app and they only process data when you instruct them to do so. As a Data Controller you have a choice as to how you process data and Askew Brook have designed an App that gives you the tools you need to take steps toward compliance when collecting personal data for track and trace during the Covid-19 pandemic. That means that you are responsible for making sure it is collected properly and Askew Brook are responsible for making sure that data is kept securely on servers located within the UK. Askew Brook uses a specialist third party hosting services provider for this purpose and they act as a Sub-Processor of Askew Brook in this context.
Askew Brook's third party hosting services provider accords to industry best practice which also meets the ISO270001 certification level which is an internationally recognised certification ensuring an adequate level of information security. For more details, please contact us.
Yes, as a Data Controller you are responsible for ensuring that you inform customers of why you are processing their data and you are ultimately accountable to each individual for your use of their data. If you use their data for a purpose other than one which it was supplied for, then you could be fined and even face imprisonment as the misuse of data can lead to criminal liability for company directors (it is an offence for regular individuals to misuse personal data too). You need to make sure you limit access to the data to either just yourself or only to your most trusted employees (such as those you would trust to open your safe and deal with your cash).
No, you can't use the data for any other reason apart from the strict purpose of track and trace during the Covid-19 pandemic. You definitely cannot use the data collected by the App for marketing unless the customer has specifically been informed of the fact that you will use their data to send marketing to them. If you want to use data for any purpose other than track and trace, you'll need to make sure you comply with the GDPR and provide a suitable privacy notice with an opt-out mechanism explaining for legitimate interests or you'll need to ask for specific consent.
Although we provide the hosting (hardware such as servers and the internet network access to those servers) we don't access this data unless either we need to check things are working properly (or fix faults) or when we receive a request from you for a copy of the data. You should only ask us for a copy of the data when the Government has made a similar request of you. We may withhold data from you if we have asked you to prove that the government has requested this data of you but at the end of the day, as the Data Controller, you are ultimately responsible for this data and we will act on your instructions unless we suspect that your request would breach Data Protection Laws.
You will need wifi or a good 3G or 4G signal. The amount of data the customer needs is minimal.
We would always recommend that you have a fallback plan in place just in case there is a problem with the mobile networks, but you should avoid creating any unnecessary copies of the data wherever possible. If you do create any copies of personal data for any reason, you should limit the amount of copies to the fewest possible number that still lets you achieve the thing you’re trying to do. For the purpose of track and trace data, our hosting services provider has their own back-up policy, but you can make back-up copies of your own data at any time using the export function in the app. If you do make any other copies, they should be kept securely and ideally only accessible by a single person, using strong password protection and further encryption if possible. We recommend following and staying up to date with the ICO’s guidance on this topic available here: https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/contact-tracing-protecting-customer-and-visitor-details/
When you created your account you will have been asked for a website address (yourvenue.recordcustomer.com), you just need to direct your customer there. if you need a QR code you will find one in the dashboard.
When they checked-in they will have received a success screen on their device. There is a button on their that will check them out. If they have closed the browser don't worry, they just need to scan the QR code again.
We will just leave it set to nothing although this may change when we get more guidance. It's in their best interest to check-out or they may be forced to self-isolate.
In your dashboard you will see recent check-ins. Very, very soon we will add a way to export the data you need; we're just waiting to hear more from Government.
When you sign-up you will be asked to provide your billing details, we need to do this to get you onto our platform. You won't be billed for seven days, giving you plenty of time to cancel.