Privacy Policy

1. Who we are

iStaffRota is a trading name of iStaffRota Ltd, a company registered in England and Wales. We provide home care management software to domiciliary care agencies and related organisations in the United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, iStaffRota Ltd is the data controller for personal data collected through this website (www.istaffrota.com) and for personal data processed by our software on behalf of our customers.

You can contact us about data protection matters at: [email protected]

2. What data we collect and why

Website visitors

When you visit this website, we collect: pages visited, referral source, device and browser type, and approximate location (country/city level). This data is collected via Google Analytics (GA4) and is used to understand how people find and use our website. It is not linked to any identifiable individual.

Demo and contact requests

When you submit a contact or demo request form, we collect your name, email address, phone number, agency name and any information you include in your message. We use this to respond to your enquiry and, where you have indicated interest, to follow up about our services. Legal basis: legitimate interests.

Customers and their data

Customers of iStaffRota process personal data about their staff and service users within our platform. For this data, iStaffRota Ltd acts as a data processor on behalf of the customer (who is the data controller). Our Data Processing Agreement governs this relationship and is incorporated into our Terms of Service.

3. How long we keep your data

Contact and demo enquiry data is retained for up to 3 years after last contact, or until you request deletion. Website analytics data is retained for 14 months in line with Google Analytics default settings. Customer account data is retained for the duration of the contract and deleted within 90 days of contract termination, unless a longer retention period is required by law.

4. Who we share data with

We do not sell personal data. We share data only with the following categories of service provider, where necessary to deliver our services:

• Cloud hosting providers (data hosted in the UK)
• Email and CRM platforms (for managing customer communications)
• Analytics platforms (Google Analytics)
• Payment processors (for subscription billing)

All sub-processors are contractually required to process data in accordance with UK GDPR.

5. Your rights

Under UK GDPR you have the right to: access your personal data; rectify inaccurate data; request erasure; restrict processing; object to processing based on legitimate interests; and data portability. To exercise any of these rights, contact us at [email protected].

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookies

We use cookies on this website for analytics and to remember your preferences. See our Cookie Policy for full details.

7. Changes to this policy

We may update this privacy policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.