Last updated: 21 May 2026.
This notice explains how RotaSmart handles personal data inside the rota, sales forecasting, staff scheduling, labour cost, staff request, and clocking tools. It is written for managers, company administrators, and staff who use RotaSmart Team. It does not replace your employer's own staff privacy notice.
Who controls the data
For most staff and employment records, your employer or the company that gives you access to RotaSmart is the data controller. RotaSmart provides the software, hosting, support, and security controls needed to run the service. Where RotaSmart processes staff data for an employer, we normally act as a processor.
Data we may hold
Depending on how your company uses RotaSmart, the service may process the following types of data:
- manager and staff names, email addresses, phone numbers, and account details;
- staff profile details such as role, rota area, skills, wage or hourly rate, contract hours, max hours, and active status;
- rota, shift, open shift, shift swap, availability, holiday, sickness, time off, and request records;
- forecast sales, actual sales, labour budgets, scheduled hours, wage percentage, and rota cost calculations;
- clock-in, clock-out, break, sign-off, late-finish correction, and manager review records;
- geolocation check results where geofenced clocking is enabled;
- staff profile photos where added by staff or managers;
- notifications, invite records, audit logs, feedback messages, and support information.
Why we use it
RotaSmart uses this data to provide the product features your company chooses to use. This includes building and publishing rotas, checking availability, forecasting sales, reviewing labour cost, handling time off and shift changes, recording clocking activity, supporting sign-off, and keeping accounts secure. We also use technical and audit data to investigate errors, prevent misuse, support customers, and protect the service.
Clocking and geolocation
If your employer enables geofenced clocking, RotaSmart may ask for your device location when you clock in or clock out. The check is used to decide whether the clocking action was inside the configured site area. RotaSmart does not continuously track your location in the background.
Managers may see whether a clocking check was inside, outside, missing, not checked, or allowed with a warning. If clock-in blocking is enabled, an outside-site clock-in may be rejected. Clock-out may be allowed outside the site but flagged for manager review, so staff are not trapped if they forgot to clock out before leaving.
Who can see data
Access is controlled by account role, company membership, and site membership. Platform administrators can support the service across companies. Company administrators can manage their own company and sites. Site managers can only see the sites assigned to them. Staff using RotaSmart Team can see their own rota, requests, clocking, and profile information.
We do not publish staff personal data on public marketing pages. We do not sell staff data.
Sharing and suppliers
RotaSmart may use trusted service providers for hosting, email delivery, backups, monitoring, and support. Those providers are used to run the service and are not allowed to use the data for their own marketing. Data may also be shared where required by law, to protect the service, or to support a customer request.
Retention
Retention is usually set by your employer's operational and legal needs. Rota, sales, clocking, time off, audit, and security records may need to be kept for different periods. RotaSmart can help employers export, correct, restrict, or delete records where appropriate. Some audit and security logs may be kept where needed to protect accounts and investigate misuse.
Your rights
You may have rights to access, correct, erase, restrict, object to, or export personal data. Staff should normally raise these requests with their employer first, because the employer controls most employment and rota records. RotaSmart will support the employer or account owner with reasonable privacy requests where we hold the relevant data.
Security
RotaSmart uses role-based access, site membership checks, secure sessions, audit logging for sensitive actions, restricted production access, and backups. Passwords are stored as salted password hashes, not plain text. Staff and managers should use strong passwords and keep account access private.
Contact
For staff privacy requests, contact your manager or company administrator first. For RotaSmart service privacy or security questions, contact the RotaSmart support contact supplied to your company.