Wellbeing Revolution Ltd – Privacy Notice
At Wellbeing Revolution we are committed to protecting; your privacy, that of our employees, and of our suppliers. To comply with the new General Data Protection Regulation (GDPR), we have implemented robust policies, programs, and practices to protect this personal information.
This privacy notice seeks to describe the lawful reason for us to collect your personal information, how and why we process it and how long we keep it for. It also sets out your rights regarding this data and the way to contact us with any questions or complaints you may have.
This policy applies to all former, current, and new clients.
Data protection principles
The new GDPR regulation requires that the personal data we collect and store shall be:
Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Adequate, relevant, and limited to what is necessary
Accurate and, where necessary, kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary
Stored and processed securely
Type of information we process
When you become a client, make a business enquiry, or visit our website, we collect personal information which may includes some sensitive data.This is necessary to offer the service to you and respond to your enquiry.
Your personal details including; your name, address, email address, phone number. These are collected and are processed under the lawful basis of legitimate interests as it is essential for the provision of our service.
We may collect financial information, as part of a contractual agreement if you wish to subscribe to our service.
We occasionally send marketing communication by email. We will ask for your consent to use your email address for marketing communication prior to using it. This consent can be withdrawn at any time.
Website – If you visit our website and make an enquiry we will collect your name and email address along with any other information you provide, such as telephone number and reason for contacting us. Under GDPR we have a legitimate interest to process this information
If you visit our website then anonymous statistical information about your visit will be collected to assist us in understanding how our site is used, this is captured and managed using cookies. We also use Google analytics to monitor visitor numbers, they may gather your IP address, location and device information.Google analytics information is only used to monitor the use of our website and not for any other purpose, it is stored on Google servers. You can opt not to have your data captured for analytical purposes via your browser settings or add-on.
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your care with us. If you do not provide us with the data needed to do this, we may be unable to perform that care or to ensure your best interests are being maintained. We may also be prevented from continuing with your treatment with us due to the medico-legal obligations of our medical governing bodies.
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration or unauthorised access. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Personal data is kept on a cloud-based password protected management system. Paper records will be scanned and uploaded onto the system and the paper record will be shredded. IT systems are protected with firewalls and data security software are be kept up to date.
Sharing your data
Your sensitive data is not passed to any third parties except with prior consent from you. Your data may be shared with colleagues within Wellbeing Revolution, when necessary to provide you with tailored care. All our team members are trained on data protection and are duty bound do not disclose personal information outside the company.
Whilst we always aim to keep your data within the UK, or EU, this may not always be possible.For example, we utilise international encrypted backup systems (Synology, Dropbox, Amazon Cloud). We will only use companies that can demonstrate adequate security to protect your information.
At any point whilst we are in possession of your personal data, you are lawfully entitled with the following rights
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing –if you believe the data we hold is incorrect or unnecessary, we will stop processing the it until we have ensured that the it is correct or that we have legitimate ground to process it.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a client with us.
Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent.
Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you
With regards to GDPR Wellbeing Revolution Ltd is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows: Wellbeing Revolution, Writtle CM1 3ST.
Questions and complaints
If you have any questions or complaints about this Privacy Notice or how we handle your information, please contact our data protection officer Nic at firstname.lastname@example.org
Alternatively, you have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).
Policy Last reviewed on 3rd December 2019