Giltbyte Limited place an extremely high priority on the protection and management of data in accordance with the General Data Protection Regulation (GDPR).  As a business we are committed to high standards of information security, privacy and transparency.  

This statement sets out what we are doing to ensure compliance with the General Data Protection Regulation.

What is GDPR?

The European Union has updated its data protection regulations to protect its citizens. The General Data Protection Regulation (GDPR) regulates how companies access and process the data of people in the European Union (EU). This applies to all companies who do business with people that are EU citizens, regardless of where the company is based.

You can review details of how GDPR requires protection of personal data on the Information Commissioners website.

What is the EASY System?

The EASY system is used by NHS Organisations to enable them to manage aspects of their business related to manpower planning and the payment of staffs' salaries and/or the reimbursement of business expenses.  Staff may also have access to the system to enable them to complete their timesheets or expense claims.

Who is the Data Controller?

The Data Controller, in the context of the EASY system, is the NHS Organisation who employs the staff whose data is shared with Giltbyte.

Who is the Data Processor?

Giltbyte Limited is the Data Processor.  We are limited liability company registered in England and Wales, company registration number 02518823. Our registered address is Prospect House, 28 Great Melton Road, Hethersett, Norwich NR9 3AB.

Are there any sub processors?

Giltbyte uses trusted companies as sub processors to assist us in supporting the EASY system and our customers.  These companies have been assessed to be compliant with our Privacy Policy and any other appropriate confidentiality and security measures. 

What data do we collect?

When someone registers as a user of the EASY system, the data controller supplies the information necessary for that person to use the system. This includes personal data such as the person's:

  • name
  • email address
  • home address
  • employee number
  • date of birth
  • national insurance number

Additional information may be received that on its own may not identify an individual, such as where they work or their job title.

Dependent upon the programs licenced to the NHS Organisation sensitive personal data such as an individual's ethnic origin or sickness details may be included.

In accordance with the terms of use prescribed by the data controller, employees may directly provide details of the hours worked or business expenses incurred.

We automatically collect details of users' internet connection.

Why do we collect this information?

We will use the information collected to enable employees and their employer to use the licenced features and functionality of the EASY system.

The information collected will allow us to operate, maintain and support the EASY system.

The data collected will enable NHS Organisations to manage aspects of their business related to manpower planning and the payment of staffs' salaries and/or the reimbursement of business expenses.   As such there is a lawful basis for processing employees' personal data.

What do we do with this information?

The information is securely stored in a database and we will not share the data with any third parties.  The data is not sent outside of the EU.  Nor will we use the information to make any automated decisions that might affect individuals.

Access to the data held in the EASY system is strictly controlled, and only designated system support staff can access the data to provide services which include, but are not limited to, phone and email support; response, diagnosis and resolution services; incident tracking; and responding to customer queries.

We may use cookies or browser storage to temporarily store information on the device used to access the EASY system. This information will be used to secure the login session, remember the application state, and to cache data when the device is without an Internet connection. 

How long is the information kept for?

The information is kept for six years to enable employers to meet their obligations to Her Majesty's Revenue and Customs (HMRC) in accordance with UK regulations.