Version 2.0 — Effective date: March 2026
ICO Registration: ZB169812
This website
info.toolminder.com is the marketing website for the Toolminder service, operated by Earlsmere Limited. If you send an enquiry through the contact form, we collect the details you provide (name, company, email address, telephone number and your message) and use them solely to respond to your enquiry. Our lawful basis for this is our legitimate interest in responding to enquiries sent to us. Enquiries are delivered to us as email by SendGrid (Twilio Inc.), the same email delivery provider listed in section 9, which processes the message content only for the purpose of delivering it; enquiries are then retained as ordinary business correspondence.
This website does not set marketing or analytics cookies. Pages that embed a map (Google Maps) or video (Cloudflare Stream) load those players from their providers, which may set their own cookies; please see those providers' privacy policies for details. The numbered sections below govern personal data processed in connection with the Toolminder service itself.
1. Who We Are
Toolminder is a workplace tool management and safety compliance application developed and operated by Earlsmere Limited (“Earlsmere”, “we”, “us”, “our”). The Toolminder service is available on iOS, Android, and via a web portal.
Earlsmere is registered as a data controller with the Information Commissioner's Office (ICO) under registration number ZB169812.
Contact details:
- Email: help@toolminder.com
- Telephone: 01226 750111
- Website: toolminder.com
2. Scope of This Policy
This Privacy Policy explains how Earlsmere collects, uses, stores, and protects personal data in connection with the Toolminder service. It applies to:
- Individuals who sign up for or administer a Toolminder account on behalf of an organisation (“Account Holders”).
- Employees and other individuals whose data is processed within a Toolminder account (“Users”).
This policy does not cover data processed by our customers in their own internal systems, or data held by third-party services that you access independently.
3. Our Role: Data Controller and Data Processor
Earlsmere acts in two distinct roles depending on the data being processed.
Data Controller
For the personal data of Account Holders (the individuals who sign up for Toolminder on behalf of their organisation), Earlsmere is the data controller. We determine the purposes and means of processing this data, which is used solely to set up and administer the Toolminder account.
Data Processor
For all personal data relating to Users within a customer's Toolminder account (including names, email addresses, tool usage records, and exposure data), Earlsmere acts as a data processor on behalf of the customer organisation, which is the data controller for its own employees' data.
As a data processor, we process User data only in accordance with the documented instructions of the customer organisation. Where required by applicable law, our data processing obligations are set out in the Data Processing Agreement contained within our Terms of Service.
Customers are responsible for ensuring they have a lawful basis for sharing their employees' personal data with Toolminder, and for informing those individuals that their data will be processed through the Toolminder service.
4. What Data We Collect
Account Holder data (controller role)
- Name and email address of the individual who registers the account.
- Organisation name.
- Correspondence relating to account setup and support.
User data (processor role)
- Names and email addresses of Users, as provided by the customer organisation.
- Role assignments within Toolminder (e.g. Operator, Supervisor, Administrator).
- Tool usage records: duration of tool use, recorded in the manner of a stopwatch, per session.
- Calculated HSE vibration exposure points derived from tool usage data, and whether an individual has exceeded the Exposure Action Value (EAV) or Exposure Limit Value (ELV) as defined by the Control of Vibration at Work Regulations 2005.
- Safety check records and asset management data associated with specific users.
- Device and session information collected for diagnostic purposes (see section 5).
5. Log Data and Diagnostics
In the event of an error or crash, Toolminder may collect diagnostic information from your device via Crashlytics (a Google Firebase service). This may include your device's IP address, device name, operating system version, app configuration at the time of the error, and the date and time of the incident. This data is used solely to identify and resolve technical issues and is not linked to your personal profile for any other purpose.
6. Lawful Basis for Processing
We process personal data on the following lawful bases under UK GDPR:
- Contract: processing Account Holder data is necessary to perform the contract for the provision of the Toolminder service.
- Legitimate interests: processing diagnostic and log data to maintain service security, stability, and performance, where these interests are not overridden by individuals' rights.
- Legal obligation: where processing is required to comply with applicable law.
For User data processed in our capacity as a data processor, the lawful basis is determined by the customer organisation as data controller. Earlsmere processes such data solely on the customer's instructions.
7. How We Use Your Data
Earlsmere uses personal data for the following purposes:
- Setting up and managing Toolminder accounts.
- Providing, maintaining, and improving the Toolminder service.
- Responding to support requests and providing technical assistance.
- Diagnosing and resolving technical errors and crashes.
- Complying with our legal obligations.
We do not use personal data for marketing purposes, and we do not sell personal data to any third party.
8. Support Access to Customer Accounts
On occasion, a customer may request that Earlsmere personnel access their Toolminder account in order to provide technical support or to assist with account configuration. In these cases, the customer's explicit request constitutes the instruction under which Earlsmere accesses the account as a data processor.
Such access is carried out strictly under the instructions of the customer organisation as data controller, and is limited to what is reasonably necessary to fulfil the support request. It is not used for any other purpose. Customers are advised to revoke elevated access once the support activity is complete. Customers remain responsible for informing their employees that support access of this nature is possible, as part of their own obligations as data controller.
9. Third-Party Service Providers
We use the following third-party services in the operation of Toolminder. These providers act as sub-processors and are obligated not to use your data for any purpose other than providing their services to us.
Google Firebase and Firestore
We use Firebase (a Google platform) for our core database (Cloud Firestore), authentication, and cloud storage. Our Firestore database is hosted in the London (europe-west2) region and all database data is stored within the United Kingdom. For more information, see Google's privacy policy at policies.google.com/privacy.
Crashlytics (Firebase Crashlytics)
We use Crashlytics for crash reporting and diagnostics within the mobile application. Crashlytics is a Firebase product operated by Google.
Google Play Services
The Android version of Toolminder uses Google Play Services, which may collect certain device and usage data in accordance with Google's own privacy policies.
The Toolminder mobile application is distributed via the Apple App Store and Google Play Store. These platforms may collect certain usage or device information in accordance with their own privacy policies, which are independent of this policy.
Twilio
We use Twilio to send SMS notifications within the Toolminder service. To deliver SMS messages, Twilio processes the recipient's mobile telephone number. Twilio is operated by Twilio Inc. and may process data outside the United Kingdom. For more information, see Twilio's privacy policy at twilio.com/en-us/legal/privacy.
SendGrid (Twilio SendGrid)
We use SendGrid to deliver transactional and notification emails sent by the Toolminder service, including account invitations and system alerts. To deliver emails, SendGrid processes the recipient's email address. SendGrid is a service of Twilio Inc. and may process data outside the United Kingdom. For more information, see Twilio's privacy policy at twilio.com/en-us/legal/privacy.
OneSignal
We use OneSignal to deliver push notifications to users of the Toolminder mobile app. To deliver push notifications, OneSignal processes device identifiers and, where provided, email addresses or other identifiers used to target notifications. OneSignal is operated by OneSignal Inc. and may process data outside the United Kingdom. For more information, see OneSignal's privacy policy at onesignal.com/privacy_policy.
We may update our list of sub-processors from time to time. Where we add new sub-processors that process personal data, we will update this policy and provide notice to Account Holders where appropriate.
10. International Data Transfers
Our primary database (Cloud Firestore) is hosted in the London (europe-west2) region and all database data is stored within the United Kingdom.
However, some third-party services used in the operation of Toolminder — including Twilio, SendGrid, and OneSignal — are operated by US-based companies and may process limited personal data (such as email addresses, telephone numbers, and device identifiers) outside the United Kingdom. Where such transfers occur, each provider relies on appropriate safeguards including the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses, or equivalent mechanisms approved by the Information Commissioner's Office.
Firebase Crashlytics and Google Play Services, as Google products, are also subject to Google's international data transfer arrangements, details of which are available at policies.google.com/privacy.
11. Data Retention
We retain personal data only for as long as is necessary for the purposes set out in this policy:
- Active accounts: data is retained for the duration of the customer's active subscription.
- Account deletion: when a User or Account Holder account is deleted, associated personal data is deleted immediately from live systems.
- Backup copies: Toolminder uses Firestore's automated backup facility. Residual copies of deleted data may persist in backups for up to 14 weeks, after which they are permanently purged in line with the platform's maximum backup retention period.
- PDF documents: generated PDF reports and documents are not included in database backups and are permanently deleted immediately upon deletion.
Customers are solely responsible for exporting any records they wish to retain before deleting accounts or ending their subscription. Toolminder cannot recover data following deletion.
12. Security
We implement commercially reasonable technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted transmission of data (TLS), role-based access controls, authentication protections, and the use of secure cloud infrastructure operated by Google.
No method of data transmission or storage is entirely secure, and we cannot guarantee the absolute security of your data. In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours and affected individuals where required by UK GDPR.
We may disclose personal data where required to comply with legal obligations or lawful requests from public authorities, including law enforcement agencies. Where legally permitted, we will notify the affected data controller before making such a disclosure.
13. Cookies
The Toolminder mobile application does not use cookies directly. The web portal may use cookies and similar technologies for session management and authentication purposes. Third-party libraries and services used within the application (including Firebase) may set their own cookies or use similar tracking technologies. You may be able to control cookie settings through your browser or device settings; however, disabling certain cookies may affect the functionality of the service.
14. Links to Third-Party Sites
The Toolminder service may contain links to third-party websites or services. We have no control over and accept no responsibility for the privacy practices or content of those sites. We recommend you review the privacy policy of any third-party site you visit.
15. Children and Workplace Use
Toolminder is a workplace safety compliance tool intended for use by adults in occupational settings. The service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete that data promptly. If you believe a child's data has been submitted, please contact us using the details in section 17.
16. Your Rights Under UK GDPR
Individuals whose data we process have the following rights, subject to applicable conditions and exemptions:
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete data.
- Right to erasure: you may request deletion of your personal data in certain circumstances.
- Right to restriction: you may ask us to restrict processing of your data in certain circumstances.
- Right to data portability: where applicable, you may request your data in a structured, machine-readable format.
- Right to object: you may object to processing based on legitimate interests.
- Right not to be subject to automated decision-making: Toolminder does not use automated decision-making or profiling for decisions that have legal or similarly significant effects.
If your data is processed by Earlsmere as a data processor on behalf of a customer organisation, you should direct requests relating to your rights to that organisation as the data controller in the first instance. We will assist customers in responding to such requests where required.
To exercise your rights in relation to data processed by Earlsmere as data controller, please contact us using the details in section 17. We will respond within one calendar month of receipt.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time. The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.
17. Contact Us
Earlsmere Limited is responsible for data protection compliance for the Toolminder service. We do not have a formally appointed Data Protection Officer, as we do not carry out large-scale systematic monitoring or processing of special category data. If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact our Data Privacy team:
- Email: help@toolminder.com
- Telephone: 01226 750111
- Post: Earlsmere Limited (Data Privacy), Unit 18 Valley Road, Station Road Industrial Estate, Wombwell, Barnsley, South Yorkshire, England, S73 0BS
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes, we will update the effective date at the top of this document and, where appropriate, notify Account Holders directly.
We encourage you to review this policy periodically. Continued use of the Toolminder service following notification of changes constitutes acceptance of the updated policy.