Privacy Policy - myTQM Staff Rota

Last updated: April 5, 2026

1. Introduction

myTQM ("we", "our", "us") operates the myTQM Staff Rota mobile application. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

2. Information We Collect

We collect the following types of information:

• Account Information: Staff ID, name, email address, contact details
• Work Schedule Data: Shifts, rotas, leave requests, shift swaps
• Usage Data: App usage patterns, notification preferences
• Device Information: Device type, operating system, app version

3. How We Use Your Information

We use the collected data for:

• Providing and maintaining our Service
• Managing work schedules and rotas
• Sending notifications about schedule changes
• Analyzing usage to improve the Service
• Compliance with legal obligations

4. Data Security

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data transmission
• Encrypted data storage
• Regular security audits
• Access controls and authentication

5. Data Retention

We retain your data as follows:

• Active accounts: Data retained while account is active
• Historical records: 6 years for compliance (payroll, attendance)
• Deleted accounts: Personal data removed within 30 days, except where legally required

6. Your Rights

Under GDPR and UK data protection laws, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request data deletion
• Object to data processing
• Data portability

7. Account Deletion

To request account deletion, please visit our Contact page or email dean@myTQM.co.uk.

8. Third-Party Services

We may use third-party services for:

• Cloud hosting (DigitalOcean)
• Email delivery
• Analytics
• Push notifications

These services have their own privacy policies and are bound by data protection agreements.

9. Government and NHS Use

This application is designed for use by NHS organizations, Local Authorities, and care providers in the public and private sectors. We comply with:

• NHS Digital Data Security and Protection Toolkit (DSPT) - Annual compliance assessment
• NHS Digital Technology Assessment Criteria (DTAC) - Clinical safety and data protection
• Scottish Government Data Protection requirements - Public sector data handling
• Care Quality Commission (CQC) standards - Audit trails and record retention
• Care Inspectorate Scotland requirements - Quality assurance and compliance tracking
• UK Data Protection Act 2018 - Public sector data processing

For NHS or Local Authority procurement, we can provide:

• Data Processing Agreements (DPA)
• Sub-processor documentation
• Security assessment responses
• Compliance certificates

For Data Processing Agreements or NHS/public sector specific compliance documentation, please contact: dean@myTQM.co.uk

10. Security Certifications

We are committed to meeting the highest security standards for public sector use:

• ISO 27001 - Information Security Management System (in progress)
• Cyber Essentials - UK Government cyber security scheme (in progress)
• GDPR Compliance - Full compliance with UK and EU data protection regulations

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes via email or in-app notification.

12. Contact Us

If you have questions about this privacy policy, please contact us:

Email: dean@myTQM.co.uk
Website: https://therota.co.uk

myTQM - Digital Total Quality Management Systems
© 2026 myTQM Ltd. All rights reserved.