Types of data we collect and what we do with it
Our health and wellbeing platform (www.unlimitedwellbeing.co.uk) acts as a central database of health and wellbeing professionals to display their professional profile, services and classes which can be searched and viewed online by members of the general public.
In order for you to be able to set up your account with us, we need to collect certain personal information from you including your name and your email address. We require this information in order to identify you within our secure database and communicate with you regarding your account. When you choose to join Unlimited Wellbeing you do so in accordance with our terms and conditions and therefore our lawful basis for collecting this information is to fulfil our contract with you.
The information about yourself or your business that you choose to include in your professional profile is entirely at your own discretion and is freely provided by you in the full understanding that it will be publicly visible within our website in accordance with our terms and conditions.
In order to make your profile live on our website you will need to register your details. We do not charge a fee for to register with us or to display your profile publicly and advertise your classes or events. We reserve the right to reject or amend any profiles which contravene our terms and conditions, or which we consider unsuitable.
You can amend, add or delete your information at any time from the dashboard within your account. We will only retain your information for as long as we need to do so in order to fulfil our contractual obligations to you. Should you cancel your membership and delete your profile, please inform us and we will ensure that your details are deleted from our database within 90 days, other than where there is a lawful requirement for us to retain it in order to satisfy our statutory obligations, such as to Her Majesties Revenue & Customs, or law enforcement agencies.
We take reasonable steps to ensure that other companies with whom we must share your data from time to time operate within the requirements of the General Data Protection Regulation (GDPR)
While we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and you do so at your own risk.
Members of the public may search our database of health and wellbeing professionals free of charge by visiting our website. You do not need to register with us or provide any personal information in order to do so.
If you visit our site to search for health and wellbeing professionals or to read or download information, such as guides, or articles, none of the information we collect is personally identifiable.
Special Category Data
In order to provide some of our services to you (such as personal health assessments) we may need to ask you for information relating to your physical and mental health. This is classified as Special Category Data which is more sensitive in its nature and therefore requires a greater level of protection.
We will only process information relating to your health where we have your permission to do so. If we are unable to provide our services to you without your consent, we will make this clear to you at the time we request your permission to do so. If you subsequently decide to withdraw your permission, then will no longer be able to provide our services to you where they rely on your consent to process this information.
If we cannot provide a product or service without your permission (for example, we can’t complete a blood test without your explicit consent), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
Additional protocols are in place to protect your special category data. All special category data is fully encrypted using AWS (Amazon Web Services) technology. Specific data sharing agreements are in place with third party suppliers who we may use to process and store your personal data.
Cookies and analytics
When you visit our website, our web server stores your IP address in its access logs. We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
We use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of people visiting our website.
We have a legitimate interest in collecting this information as we use the findings to help us understand and continually improve the user experience within our site.
We understand the importance of protecting children's privacy, especially in an online environment. Our services and website are not intentionally designed for or directed at children. It is our policy never to knowingly collect or maintain information about children, other than where that information is provided by their parents or guardians, and it is required in order to fulfil our contract to provide services.
We may add your personal details to our electronic mailing list for marketing purposes providing you have given us your consent to do so. We will use your details to keep you updated with new products, offers and promotions or information that we think may be of interest to you. We may also contact you if we need to obtain or provide you with additional information and to check from time to time that your personal details are correct.
We will only add you to our marketing mailing list in the following circumstances:
- You have signed up on our website to receive the latest news and special offers from us and consented to receive marketing communications and updates.
- You have asked for information relating to specific events or promotions though our website, social media or any other channel.
- You have contacted us directly though any other channel and specifically requested that we provide you with marketing communications and updates.
- We have asked you through any other channel if you would like to receive marketing communications and updates from us and you have provided us with your consent to do so.
- You have indicated verbally in person or by phone that you consent to receive marketing communications and updates from us
We use a third-party provider, MailChimp, to deliver our electronic communications to you. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimps privacy notice here: https://mailchimp.com/legal/privacy/
You can withdraw consent and unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails. Alternatively, you can email our Chief Operating Officer and data protection lead, Dave Leverton to request that your details are removed from our mailing list.
How we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Hard data provided in paper form is only retained where necessary and is kept in locked cabinets.
To deliver our services to you effectively we may share your details with third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to facilitate our ability to provide our services to you.
Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with written instructions from you, or us, as appropriate.
In certain circumstances we may need to disclose information about you if required to do so by law. For example, we may need to comply with a court order, to take action for the purposes of preventing or reporting fraud or other crime, to apply the terms of our agreements with you, or to protect the rights or safety of our clients and employees.
We will never share, sell or rent your personal information with any third party for marketing purposes.
Access to your personal information
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
You have the right to request a copy of the information that we hold about you. If you’d like a copy of some, or all, of your personal information, please email us here or write to us at the address below:
You have the following rights so far as your data is concerned, which we respect and comply with, although in some cases our legal obligations can supersede these rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For full information, please refer to the Information Commissioner’s website: www.ico.org.uk
Companies that have any access to data are called Data Controllers in law.
We are Data Controllers and we are registered with the Information Commissioner in the UK. Our registration number is ZA548028 (UW Wellbeing Limited)) Further details of the registration are available at www.dpr.gov.uk.
You have a right to lodge a complaint with the supervisory authority for data protection.
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone 0303
Changes to this Privacy Notice
Chief Operations Officer
60 Charles Street