Record Customer

Comply with test and trace







You, me, I, we, who?

'We' are Askew Brook and 'you' are the business user of our app. We have taken some common questions that you may have and we have answered them here, but if you have any other questions you can email us at Please read this FAQ notice first before you send us any emails as that could save us both a lot of time!

Though we have set this up to generically cover Covid-19 track and track data collection, it is not that simple unfortunately, you'll have to do a few things yourself:

  1. Create a privacy policy (or check ours to make sure it works for you). If you don’t have one, you can use our temporary one for track and trace but you should check that this accurately reflects your processing and you cannot use this document as a substitute for getting your own independent legal advice and you probably still need a privacy policy to cover your other day to day processing operations which our policy definitely does not cover you for;
  2. Register as a Controller. See below, if you aren't registered as a Data Controller you'll have to do that in order to sign up.
  3. Designate a Data Manager. You'll need to decide who you can trust to handle data and not abuse it. We will communicate with the person you nominate for this purpose and you should usually make sure that this person is either a Director/Owner or a person who reports directly to those with overall responsibility for the business.
  4. Figure out how you will tell customers about the App. Are you going to print off the privacy notice? If so, where will it go? Will that be prominent enough to be noticed? What about orally? Have you trained your staff and given them the script to explain why you have the app? Whilst we include our privacy notice in the App, that is no substitute for raising awareness as best you can in the circumstances taking into account the tools you have at your disposal. The more you do to raise awareness and provide information about this kind of processing, the lower your risk of someone complaining about it.

How can I cancel after I've signed up? How often do I have to pay?

Once you sign up, you'll be asked to set up payments and you will have to pay for the first month up front. Payments are non-refundable and we won't give pro-rata refunds. Our contract with you automatically renews on a monthly rolling basis and you can serve notice to terminate the auto-renewal at any time. If you sign up and then cancel on day two, for example, you'll still have to pay us for the first month but you won't have to make any further payments. If you do cancel, we will stop collecting data as soon as possible from the time you give us notice, if you need the data please download it prior to canceling. You must then ensure that you delete that data in accordance with the data retention periods set by the Government, or, you can simply ask us to delete all the data.

Do I need to use this App or can I use something else?

You are free to use any other application, and you could potentially just use pen and paper (although we wouldn’t recommend it) we have designed this App specifically for Covid-19 and the UK Government's request that companies collect personal data for the purpose of contact tracing. This App is targeted at those companies who do not have legal advisors to hand and a software development team they can use to create their own system and we have created the App in order to try and help smaller businesses comply where they might otherwise be processing paper documents which is not ideal when considering the scale of track and trace and the need to act quickly when tracing outbreaks.

Am I a Data Controller?

If you are reading this notice, then the answer is probably always going to be YES! Every organisation or sole trader who processes personal information will be a Data Controller and you usually need to pay a data protection fee to the ICO, unless they are exempt. If you are just processing track and trace data and NOTHING ELSE then you may not have to pay a fee, although you will still have to register with the ICO to let them know that you are acting as a Data Controller.

If you processed payroll data or had CCTV in place, it is likely that you are already registered as a Data Controller with the ICO. You can use this self-assessment tool to figure it out but if you use our App then you're a Data Controller.

Do I have to pay a fee?

Maybe, if you are only processing personal data for the purpose of track and trace then you will have to register but you probably won't have to pay a fee (unless you already use CCTV for crime prevention purposes). You can use the Information Comissioner's Office self-assessment tool.

Can I use a trading name to register as a Data Controller?

You need to register using the precise legal entity name that you would use to submit your taxes or as you would put on your annual returns. If your customers know you by a different trading name, you should adjust your privacy notice to mention that you are "MadeUpCompany (UK) Limited (also trading as 'InsertCatchyTradingName Co')". You should use your full and proper legal entity name on any notices and registrations relevant to your acting as a Data Controller.

What is Askew Brook's role as Data Processor and what does that mean?

Askew Brook Limited are the company that designed the app and they only process data when you instruct them to do so. As a Data Controller you have a choice as to how you process data and Askew Brook have designed an App that gives you the tools you need to take steps toward compliance when collecting personal data for track and trace during the Covid-19 pandemic. That means that you are responsible for making sure it is collected properly and Askew Brook are responsible for making sure that data is kept securely on servers located within the UK. Askew Brook uses a specialist third party hosting services provider for this purpose and they act as a Sub-Processor of Askew Brook in this context.

How is the data protected?

Askew Brook's third party hosting services provider accords to industry best practice which also meets the ISO270001 certification level which is an internationally recognised certification ensuring an adequate level of information security. For more details, please contact us.

Do I have any legal liability for being a Data Controller?

Yes, as a Data Controller you are responsible for ensuring that you inform customers of why you are processing their data and you are ultimately accountable to each individual for your use of their data. If you use their data for a purpose other than one which it was supplied for, then you could be fined and even face imprisonment as the misuse of data can lead to criminal liability for company directors (it is an offence for regular individuals to misuse personal data too). You need to make sure you limit access to the data to either just yourself or only to your most trusted employees (such as those you would trust to open your safe and deal with your cash).

Can I use the data collected for any other purpose? (Can I add this data to my marketing list?)

No, you can't use the data for any other reason apart from the strict purpose of track and trace during the Covid-19 pandemic. You definitely cannot use the data collected by the App for marketing unless the customer has specifically been informed of the fact that you will use their data to send marketing to them. If you want to use data for any purpose other than track and trace, you'll need to make sure you comply with the GDPR and provide a suitable privacy notice with an opt-out mechanism explaining for legitimate interests or you'll need to ask for specific consent.

Who gets to see the data collected, can I get a copy of it?

Although we provide the hosting (hardware such as servers and the internet network access to those servers) we don't access this data unless either we need to check things are working properly (or fix faults) or when we receive a request from you for a copy of the data. You should only ask us for a copy of the data when the Government has made a similar request of you. We may withhold data from you if we have asked you to prove that the government has requested this data of you but at the end of the day, as the Data Controller, you are ultimately responsible for this data and we will act on your instructions unless we suspect that your request would breach Data Protection Laws.

Do I need wifi?

You will need wifi or a good 3G or 4G signal. The amount of data the customer needs is minimal.

Should I create a paper alternative?

We would always recommend that you have a fallback plan in place just in case there is a problem with the mobile networks, but you should avoid creating any unnecessary copies of the data wherever possible. If you do create any copies of personal data for any reason, you should limit the amount of copies to the fewest possible number that still lets you achieve the thing you’re trying to do. For the purpose of track and trace data, our hosting services provider has their own back-up policy, but you can make back-up copies of your own data at any time using the export function in the app. If you do make any other copies, they should be kept securely and ideally only accessible by a single person, using strong password protection and further encryption if possible. We recommend following and staying up to date with the ICO’s guidance on this topic available here:

Where is my portal? How do I get a QR code?

When you created your account you will have been asked for a website address (, you just need to direct your customer there. if you need a QR code you will find one in the dashboard.

How on earth do customers check-out?

When they checked-in they will have received a success screen on their device. There is a button on their that will check them out. If they have closed the browser don't worry, they just need to scan the QR code again.

What if they don't check-out?

We will just leave it set to nothing although this may change when we get more guidance. It's in their best interest to check-out or they may be forced to self-isolate.

How do I get data?

In your dashboard you will see recent check-ins. Very, very soon we will add a way to export the data you need; we're just waiting to hear more from Government.

How do I try it for free?

When you sign-up you will be asked to provide your billing details, we need to do this to get you onto our platform. You won't be billed for seven days, giving you plenty of time to cancel.

Is this the NHS test and trace app?

No, this isn't the offical app but covers visitors that can't, or won't use the NHS system and stops you from having to use pen an paper. Read more.

Thanks to our legal partners: