Privacy Policy

Who We Are

This Privacy Policy describes how Maldini Security LTD, 128 City Road, London, England, EC1V 2NX, United Kingdom, collects, uses, stores, and shares information when you use SecureShift at https://maldinisecurity.uk.

For privacy questions, contact Maldini Security LTD by email at admin@maldinisecurity.co.uk or by phone on +44 7356241039.

Information We Collect

We may collect and process your name, email address, mobile number, account role, account setup activity, shift assignments, shift acceptance and rejection records, attendance records, check-in and check-out times, worksite postcode or address, account deletion requests and optional request reasons, browser push notification subscription data, passkey authentication metadata, IP address, browser or device user agent, and audit logs created when actions are performed in the app.

SecureShift may ask your browser for device location when you find nearby shifts, accept a nearby shift, clock in, or clock out. This location is used to verify that you are within the permitted radius of the worksite. The current attendance record stores the check-in/check-out result and timestamps; it does not store the staff device latitude and longitude as attendance coordinates.

We do not collect date of birth, residential address, social media profile, or payment card information through SecureShift.

How We Collect Information

We collect information when an administrator creates or updates an account, when a person submits a staff join request, when a user signs in or sets up an account, when a user interacts with shifts or attendance features, when browser geolocation or push notification permission is used, and when the app automatically records security and audit events.

We do not collect staff information from public sources for the normal operation of SecureShift.

Why We Use Your Data

We use your information to create and manage user accounts, assign and manage shifts, record shift acceptance and rejection, verify attendance, process check-in and check-out records, review account deletion requests, send operational emails and push notifications, provide support, enforce the Terms of Use, protect the app, investigate misuse, resolve disputes, maintain audit records, and support payroll, compliance, and operational administration.

Lawful Basis

We process personal data where it is necessary for employment or work administration, legitimate operational interests, account and site security, legal or compliance obligations, dispute resolution, and where consent or browser permission is used for features such as location access and push notifications.

Email Notifications

The app sends operational emails for account setup, privileged login verification, assigned shifts, open shifts, shift changes, cancellations, announcements, and security alerts. These messages are not marketing newsletters.

Cookies and Tracking Technologies

SecureShift uses essential cookies to keep users signed in, protect sessions, provide CSRF protection, and support security features. These cookies are required for the app to work.

SecureShift does not currently use optional marketing cookies or targeted advertising cookies. To learn more, see the Cookie Notice at https://maldinisecurity.uk/cookies.

Sharing Data

We do not sell staff personal data. We may share or transfer personal data to trusted service providers only where needed to operate SecureShift, including hosting providers, database providers, email delivery providers, browser push notification services, map or geocoding providers, source-control/deployment providers, and data processing providers.

We may also disclose personal data where required to comply with law, regulation, court order, legal process, workplace administration, enforcement of agreements, dispute resolution, fraud prevention, or protection of our rights, users, clients, or systems.

Service providers are expected to use personal data only for the purpose for which it was provided and not retain it for longer than required for that purpose.

Retention

We retain personal information until it is no longer needed for the purposes described in this Privacy Policy. Account, shift, attendance, payroll-related, compliance, dispute, and audit records may need to be retained for longer where required for operational, legal, security, reporting, fraud-prevention, or dispute-resolution reasons.

Residual anonymous or aggregated information that does not identify a person may be kept indefinitely.

Your Rights

Depending on the law that applies, you may have the right to access, correct, delete, restrict, object to processing, receive a copy of your personal data, ask us to transfer your data, withdraw consent where processing is based on consent, and lodge a complaint with a statutory authority.

To exercise these rights, contact admin@maldinisecurity.co.uk. Some records may need to be retained where required for legal, employment, payroll, compliance, security, operational, or dispute-resolution reasons.

Security

We use reasonable security measures to protect information under our control, including authentication, role checks, secure cookies, CSRF protection, rate limiting, audit logging, password hashing, privileged-account MFA, and passkey support. No internet service can guarantee absolute security, so users must also keep account credentials secure and report suspected misuse.

Third Party Links and Services

SecureShift may contain links to third-party websites or rely on third-party services that are not operated by us. Their privacy practices are governed by their own policies. We are not responsible for third-party websites, services, or privacy practices.

Changes to This Policy

We may update this Privacy Policy as SecureShift changes or legal requirements develop. The latest version will be posted on the Service with the updated date. Continued use of SecureShift after an update means you accept the revised policy.

Grievance and Data Protection Contact

If you have questions or concerns about how your information is processed, contact Maldini Security LTD, 128 City Road, London, EC1V 2NX, or email admin@maldinisecurity.co.uk. If you are unhappy with how your data is handled, you may also contact the UK Information Commissioner’s Office.