Privacy Policy
What does Lunchbox Systems Do?
Lunchbox provides a service to the school and the user to keep and maintain a ledger of transactions between both parties. These include the details of the user, any order and purchase transactions of goods and services that the school provides to the user.
Why Personal Data is Used
In order to provide this service, Lunchbox must hold personal data related to the user to identify who makes a transaction or registers an intent to make a transaction. The resultant ledger holds personally identifiable data which allows both the school and the user to see a history of transactions, an intent to make future transactions, an account balance and information related to those transactions (for example, allergies, dietary restrictions, spending restrictions, the subject of the transaction, the date time and location).
Lunchbox processes the data for the following reasons: –
- To provide the service under contract between the school and Lunchbox
- To verify the users’ identity for the purposes of using the services
- To improve the products and services offered to Lunchbox’s customers
- To provide ongoing administration of the service
- To facilitate prevention and detection of crime, fraud and to adhere to anti-money laundering regulations
- To comply with legal and regulatory obligations
- To ask the user their opinion of the service provided by Lunchbox in order to improve the service
- To ask the user their opinion of the service provided by the school in order that the school may improve its services offered to the user
- For research and analysis purposes (only anonymised data is used)
Special Category Data
Special category data is personal data which needs more protection because it is sensitive. Lunchbox optionally collects and processes biometric data for identification purposes.
The lawful basis for this processing is based on acquisition of consent from the user in order to provide an enhanced service on the school premises. The condition of processing is based only on this consent which may be withdrawn at any time.
When the consent is not given, no biometric data will be collected or processed and when the consent is withdrawn (and when the limit of data retention is reached) all biometric data will be permanently removed.
As with all other personal data that Lunchbox holds, biometric data is never shared with a third party, it is never transferred outside lunchbox’s systems and encryption is always used when this data is in transit and at rest.
For those users who do not wish to have their biometric data collected and used, alternative identification methods will be made available. The user will not suffer any penalty or degradation in service should they opt not to provide biometric data.
How we process the data
Lunchbox acquires the personal data either directly from the school or by authority from the school via a third party who also acts as either a data processor or data controller under contract with the school.
Lunchbox and its employees have access to the personal data and use it only for the purposes of providing the services to the school and the user.
Some of our supporting services (e.g. Sendgrid for email transmission) might use cloud platforms from third countries. Where this is the case, we ensure that adequate safeguards are put in place to protect the data.
Lawful Basis for Data Processing
Lunchbox requires that the user gives consent to use its services. Lunchbox has services which are directly for use by children. In all cases, consent must be given by an adult and where children are concerned, the consent must be given by the child’s parent or guardian.
What Data is Used
The following personally identifiable data belonging to the data subject is processed and stored: –
|
Data |
Mandatory or Optional |
Reason for holding data |
|
Customer Name |
Mandatory |
To identify the person |
|
Customer External Id |
Mandatory |
To identify the person – this may be used to identify the person on a third-party system |
|
Family Memberships |
Mandatory |
To identify which family/families the user belongs to in order to associate balance affecting transactions |
|
Consumer Classification |
Mandatory |
To group consumers together according to business need. For example: – “Grade 6” or “Faculty and Staff” |
|
Date of Birth |
Optional |
to help identify people who share a name |
|
Profile Image |
Optional |
to help identify a person at the POS |
|
Email Address |
Optional/Mandatory |
This is mandatory if the user wants to use the web application. For children who do not and only need to record transactions at the POS, it is optional |
|
Password Hash |
Optional/Mandatory |
As for email addresses. This is used to authenticate a user logging into the web application or a cashier logging into the POS application. |
|
RFID Hash |
Optional |
to authenticate the card used to access the account of the card holder |
|
Fingerprint Template |
Optional |
To identify the user at the POS |
|
Product Restrictions |
Optional |
This may contain disliked products or harmful allergens. It is used to alert the cashier of any purchases which should be queried |
|
Family Name |
Mandatory |
This is used to hold the family account balance against. |
|
Family Code |
Mandatory |
to identify the family in lunchbox and which may be used to identify the family on a third-party system |
|
Family Address |
Optional |
to help identify families who share a name. To allow the system administrators to contact families who owe or are owed money in the event that they are not contactable via email |
|
Transactions |
Mandatory |
The system holds operational transaction data in order to provide the user a record of the family activity and also to prepare financial and accounting documents for local / international tax authorities |
|
Orders |
Optional |
This is either a purchase of something yet to be delivered or an indication of intent to purchase |
Individual Rights
GDPR provides the following rights to individuals
The right to be informed
The user will be informed at the time of registration for the service by means of a terms and conditions page which must be agreed to before the user can use the services. The terms and conditions will contain the full privacy policy. Any changes to the terms and conditions will be emailed to the user at which point they may opt out of using the services.
The right to access
Most personal information can be accessed directly by the user through the lunchbox application at any time however, should this not be possible the user can submit a data subject access request which will be logged and actioned, providing the relevant information to the user within one month of the initial request.
The right to rectification
The user has the right to request that any inaccurate information is corrected. In some circumstances the user must make the request to the data controller (the school) who will then action (or pass on) the data correction to lunchbox
The right to erasure
The user has the right to be forgotten and may request either verbally or in writing that lunchbox removes their data. On request, Lunchbox will remove or anonymise all data related to the user and will write to the user to confirm this within one month of the initial request. User data will also be removed or anonymised according to the normal data retention policy.
Personal data may exist in backup systems for up to one month following the removal or anonymization process after which point it will be overwritten once the retention schedule expires. The backup data is beyond use for any operation other than for disaster recovery purposes.
The right to restrict processing
The user has the right to request that the user’s personal data is restricted in processing. Upon receiving such a request, Lunchbox will, without unreasonable delay, suspend the user account and notify the user. A suspended user account cannot be used with the scoped services of the system. This restriction would usually be temporary because for an indefinite period, we would remove or anonymize the personal data.
The right to data portability
The user may at any point request a copy of their personal data and lunchbox will, within one month, provide to the user a copy of the data in a commonly used and well-structured format. The request will be logged and the user will be notified. Any data will be transferred to the user in a secure manner.
The right to object
The user has the right to object to their data being processed and lunchbox will, without unreasonable delay and within one month of receiving the request, remove or anonymize the data. The request will be logged and the user will be notified.
Retention
Lunchbox will keep the personal data for as long as is necessary to deliver the services to the school and the user. The data controller (school) may retain information for longer according to their own policy.
How long we keep your information
A user (or family) account will be removed or anonymized within 12 months of the date that the user or family leaves the school (or within 1 month of the receipt of a request that their data should be removed).
Privacy Notice
Lunchbox maintains and publishes its privacy notice on its website and also links to this within the terms of service that users must agree to before they can use the services.
Changes to Privacy Notice
Lunchbox may change the privacy notice and will ensure that these changes are reflected on its website. All users will be advised of any changes to the privacy notice and may withdraw their consent for lunchbox to process data at any time.
If you have any questions or queries, please contact our Data Protection Officer at dpo@lunchboxsystems.com