Privacy Policy

This is the Privacy Policy for Salvus Group Ltd. (Salvus Group). Salvus Group trades as Parent Scheme, Chadwick Consulting and Concision.

Salvus Group takes privacy rights seriously. We respect the privacy of all individuals we deal with, including our website and platform visitors, employers and employees who use our services, customers and clients, suppliers, enquirers and anyone else we encounter in our business.

Salvus Group owns and operates several websites: salvusgroup.co.uk, parentscheme.com, parentscheme.app, chadwickconsult.com, and concision.co.uk (for the sake of ease of reading we’ll call these separately the Site or together the Sites). One of the Sites is a web-based platform that supports working parents and their employers (Parent Scheme platform).

If you are a user of the Parent Scheme platform, we offer you the opportunity to store information. This is confidential to you, will not be shared with your employer and is encrypted so it cannot be accessed by others. Overall user patterns across the platform are collated to enable us to enhance and expand the site in ways that will be valuable to our users. We may also share these high-level data patterns with employers to inform their overall working parent offering.

That covers the key headlines. If you want more information, this is the full privacy policy:

This Policy sets out information about how we use, store and transfer personal data which we receive through the Sites (mentioned above) or otherwise. We’re a data controller in relation to that personal data, which means we determine the purposes and means of the processing of that personal data.

This Policy also contains information about our use of cookies. We will ask you to consent to our use of cookies in accordance with the terms of this Policy when you first visit our Sites.

We or us means Salvus Group Ltd, trading as Parent Scheme, a company registered in the England and Wales under registration number 9611823. Our registered offices are at Salvus House, Aykley Heads, Durham England DH1 5TS.

Summary

Full details are set out in the relevant sections of this Policy below, but keeping it brief:

1. Personal Data we Collect

We collect various kinds of personal data in providing our services and in our normal day-to-day business interactions. This section describes the kinds of data we collect, and the kinds of individuals to whom it might relate (such as parents, childminders or family members).

In this Section we have set out the kinds of personal data that we may collect, use, store and transfer. We have grouped that data together into different categories based on its subject matter, and based on the kinds of individuals to whom they relate.

Data relating to almost everyone we deal with: eg Site users, enquirers, suppliers

Data relating to clients, suppliers and other commercial partners

Data relating to registered users of our Parent Scheme platform

Personal data we obtain from others

We want you to fully understand what we do with your personal data. This section explains the purposes for which we use it.
  1. We have set out below, in table format, a description of all the ways we may use your personal data. We’re also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the basis of our legitimate interests then we also need to identify those legitimate interests and have done so below.
  2. Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we’re using your data. Feel free to contact us for further information.
Usage data Purpose/Activity Analysing the use of, and improving, our Site and services, security monitoring and fraud detection and to ensure each Site is presented in the most effective manner. Legal Basis for Processing Our legitimate interests (Art 6.1(f) GDPR), namely delivering and improving our Sites, informing marketing strategy, and ensuring the security of the Sites.
Correspondence data Purpose/Activity To communicate with you. If you have indicated your interest in our services then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time). Legal Basis for Processing Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries.
Where correspondence data relates to marketing, our legitimate interests in developing our business.
Where correspondence relates to registered use of our Site, or to any contract or potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Art 6.1(b) GDPR).
Account data and Parent Scheme data Purpose/Activity Operating our Site, providing our services, ensuring the security of our Sites and services, verifying logins, and communicating with you. Legal Basis for Processing Performance of a contract with you (ie delivering our services through the account).
Our legitimate interests, namely properly administering our business, services and communications.
Special category data contained in Parent Scheme data Purpose/Activity Operating our Site, providing our services. Legal Basis for Processing Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR)
Commercial data Purpose/Activity Administering our commercial relationship with those with whom we do business. Legal Basis for Processing Performance of a contract with you.
Our legitimate interests, namely properly administering our business and communications, and developing commercial relationships.
Payments data Purpose/Activity Making and receiving payments to and from our users. Legal Basis for Processing Performance of a contract with you.
Our legitimate interests, namely making and receiving payments.
Any personal data Purpose/Activity For the purposes of legal compliance (eg maintaining tax records) Legal Basis for Processing Compliance with our legal obligations (Art 6.1(​c) GDPR)
Any personal data Purpose/Activity For the purposes of bringing and defending legal claims Legal Basis for Processing Our legitimate interests, namely being able to conduct and defend legal claims to preserve our rights and those of others.
Any personal data Purpose/Activity Record-keeping and hosting, back-up and restoration of our systems, Legal Basis for Processing Our legitimate interests, namely ensuring the resilience of our IT systems and the integrity and recoverability of our data.

3. Providing your personal data to others

In the ordinary course of our business we will disclose some information to third parties like our suppliers or advisors. This section explains when we might share your personal data with others.
  1. Special treatment of Parent Scheme Data: We will not use Parent Scheme data for any purposes other than providing use of the Parent Scheme Platform to you. Importantly, this means we will not read or analyse that Parent Scheme data ourselves, nor disclose it to your employer. We merely store it within the Platform for your reference. That means that any answers you give to any coaching-related questions remain private and will not be disclosed to your employer. We may however track user responses to particular questions for use in aggregate, when anonymised and not associated with any particular user account (for example, it might be useful to us to know what proportion of Platform users respond to a particular question in a particular way) and we may use that aggregated data for our business purposes.
  2. Our advisors. We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.
  3. Disclosures designated by you. We may disclose your personal data to third parties designated by you.
  4. Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:
    • any personal data in our possession to suppliers which host the servers on which our data is stored, or to freelance staff whose duties involve handling the relevant personal data;
    • correspondence data to providers of email services;
    • payments data to our payment processing service providers;
    • usage data to providers of analytics services; and
    • commercial data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
  5. We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
  6. Compliance. We may also disclose your personal data where necessary to comply with law.
  7. Restructuring. If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations, subject to appropriate safeguards.

4. Third party payment processors

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information they collect and handle for your purchase-related transactions.

  1. We accept payments through Stripe and PayPal. When processing payments, some of your data will be passed to PayPal or Stripe (as indicated in the payment link), including information required to process or support the payment, such as your name and address, the purchase total, credit card details and other billing information.
  2. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. Stripe’s policy is currently located here. PayPal’s policy is currently located here.

5. International transfers of your personal data

Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (eg to countries in respect of which the European Commission has made an “adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.

6. Data security

  1. We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.
  2. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.

7. Retaining and deleting personal data

We don't keep personal data any longer than is needed to fulfil the purposes for which we collected it in the first place. This section describes how we retain and delete personal data.
  1. We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not be kept for longer than is necessary for the relevant purposes. In particular:
    • commercial and payments data will be retained for seven years after the end of the relevant contractual relationship;
    • correspondence data will be retained for the period of the enquiry or chain of correspondence and then deleted after twelve to twenty-four months, depending on its subject matter (and to the extent it does not also comprise commercial or payments data);
    • Parent Scheme data will be deleted shortly after closure of the account with which it’s associated — normally this takes place after thirty days; and
    • any data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Typically this will be derived from usage data.
  2. We maintain system back-ups for disaster recovery purposes and may retain those back-ups for up to six months. That means that information which is deleted from our live systems may still remain in back-up for up to six months.
  3. We may retain your personal data longer than set out above where necessary to comply with law or in connection with any legal claim.

8. Your rights

It's important that you know your rights in relation to your personal data. This section should help you understand and exercise your legal rights.

You have rights under data protection law — they’re complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at www.ico.gov.uk for a fuller explanation of your rights. In summary, though:

9. Our use of cookies

This section describes the cookies we use and how you can adjust your cookie settings.
  1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
  2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
  3. Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.
  4. We use these kinds of cookies:
    • Strictly Necessary Cookies: these cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
    • Functionality Cookies: These cookies allow our Site to remember choices you make when you use our Site, such as remembering your login details and remembering the changes you make to other parts of our Site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
    • Analytical/Performance Cookies: These cookies are used to collect information about traffic to our Site and how users use our Site. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages that they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information.  We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
    • Social Media Cookies: These cookies are used when you share information using a social media sharing button or “like” button on our Site or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
    • Google Analytics: The Sites use Google Analytics (an analytical/performance cookie) to help analyse how users use the Sites, collecting standard internet log information and visitor behaviour information in an anonymised form from which no user is identifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Sites. These reports allow us to optimise our user experience. Google provide a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/.
    • Third Parties: Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
  5. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages made available by your browser operator.

10. Third Parties

The Site may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we’re not responsible for their use of any personal data which you may provide to them.

11. Amendments

We may update this Policy from time to time by publishing a new version on the Sites. You should check occasionally to ensure you’re happy with any changes to this Policy, although we may notify you of significant changes to this Policy using the contact details you have given us.

12. Data protection registration

We’re registered as a data controller with the UK Information Commissioner’s Office. Our data protection registration number is ZA433195.

13. Contact Us

If you have any questions, comments or requests regarding this Privacy Policy or our use of any personal data you provide to us, please contact us at Salvus Group Ltd, Salvus House, Aykley Heads, Durham England DH1 5TS or at website@parentscheme.com.

Last updated: 4 November 2019