Initial Effective Date on 09.04.2021
Last Revised Version on 09.04.2021
Next review Date on 09.04.2023
1. WellEQ take your privacy very seriously. This privacy notice describes how and whywe, as data controller, obtain, store and process personal data. Personal data isinformation relating to you that enables us to identify you, for example, your name, email address, payment details and information about your access to this website.
2. We will process your personal data fairly, lawfully and transparently. This privacy noticedescribes the personal data we are collecting about you and how it is used. We will only collect and use your personal data for the following purposes, to:
• provide our services
• improve our services
• make our marketing more relevant to you and your interests
• meet our legal responsibilities
We may update this notice from time to time and we will notify you of any changes.
Please do not hesitate to contact us if you have questions in addition to the information provided in this notice firstname.lastname@example.org
2. Your Rights & Our Commitment to You
1. You have several rights under the data privacy legislation and WellEQ is committed to you being able to freely exercise your Rights. Where possible, we have incorporated automated tools on our website that enable you to facilitate your Rights in real-time. Use the WellEQ COOKIE BANNER to access and manage the personal data we hold on you and manage your preferences.
2 Your Rights include, under certain circumstances, the right to:
(a) Be informed: you have the right to be informed if and how your personal data is being processed.
(b)Access, rectification or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.
(c)To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.
(d)To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we are may need to retain sufficient information about you to ensure that the restriction is respected in future.
(e)To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.
(f)To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe (withdraw consent) option is included with every e-marketing communication we send.
(g)To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.
(h)To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, please email us directly at email@example.com
You also have the right to make a complaint to the TheInformation Commissioner's Officein the United Kingdom. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.
3. Cookies Preferences
4. The Personal Data We Collect
1. Personal data means any information about an individual from which that person can beidentified. It does not include anonymised data, where the identity and identifying information has been removed.
2. While our website is designed for a general audience, we will not knowingly collect anydata from children under the age of18, or sell products to children. If you are under the age of18, you are not permitted to use or submit your data to the website.
3. Depending on the type and level of engagement you have with us, we may collect the following categories of personal data:
(a) From the Services: We receive and store information you provide directly to us. Forexample, when setting up new users, we collect Personal Information, such as nameand e-mail address, to provide them with the Services. The types of information we maycollect directly from our customers and their users include: names, usernames, emailaddresses, postal addresses, phone numbers, job titles, transactional information(including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.
(b) From our Website: We may collect any Personal Information that you choose to send tous or provide to us, for example, on our “Sign Up” online form. If you contact us through the Websites, we will keep a record of our correspondence.
5. Information We Automatically Collect:
1. We automatically collect the following information when you use our Services:
(a) Usage information –we keep track of user activity in relation to the types of Servicesour customers and their users use, the configuration of their computers, and performance metrics related to their use of our Services.
(b) Log information – we log information about our customers and their users when you use one of our Services including Internet Protocol (“IP”) address.
(c) Information collected by cookies and other similar technologies – we use varioustechnologies to collect information which may include saving cookies to users’ computers.
(d) Customer Feedback –While using our Services, you may be asked to providefeedback (e.g. in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.
2. When you visit the Website, we collect certain informationrelated to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.
6. How We Collect Your Data
We may collect your personal data in one of the following ways:
• When you visit our application & website
• When you create an account
• When you engage with us on social media
• When you book appointments with professionals/ mental wellbeing experts and make the payment
• When you contact us with queries
• When you review our services and provide your feedback about professionals and platform
• When you apply for an employment vacancy with Data
7. Data from Third parties
1. We may also receive personal data about you from various third parties, including:
• Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’ below
• Technical Data from affiliate networks through whom you have accessed our website
• Identity and Contact Data from social media platforms when you log in to our website using such social media platforms
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services
8. How We Use Your Personal Data
1. The legal basis for processing your personal data. We will only collect and process your personal data where we have a legal basis to doso. As a data controller, the legal basis for our collection and use of your personal datavaries depending on the manner and purpose for which we collected it. We will only collect personal data from you when:
(a) we have your consent to do so, or
(b) we need your personal data to perform a contract with you. For example, to confirm appointment with one of our professional, or
(c) Pursuing our legitimate interests in a way that you might reasonably expect to be apart of running our business and that does not significantly impact your interests, rightsand freedoms, for example, showing advertisements to you as you browse the internet.
(d) we have a legal obligation to collect or disclose personal data from you (e.g. insuspected instances of fraud where we need to give personal data to Police or a government body).
2. This is why we process your personal data:
• Set up a user account
• Provide, operate and maintain our services
• Process and complete transactions, and send related information, including transaction confirmations and invoices
• Block offensive/abusive, having extremism thoughts for other faiths, racial discrimination, ideation of suicide, selfharm/ others users.
• Manage our customers’ use of our services, respond to enquiries and comments and provide customer service and support;
• Investigate and prevent fraudulent activities, unauthorised access to our services, and other illegal activities; and
• For any other purposes about which we notify customers and users.
• We use your Personal Information in this context based on the contract that we have inplace with you or our legitimate interest for security purposes (e.g. the prevention and
investigation of fraudulent activities). Personal Information will be deleted based on the terms of the contract.
9. How We Share Your Data
a. We sometimes share your personal data with our trusted categories of third parties we use to conduct our business, for example, to provide our COOKIE BANNER services to you; to handle feedback and complaints; and to help us understand your behaviour in order to customise and maximise our services, advertising, marketing, competitions and offers to you.
b. Our trusted categories of third parties include website hosts, cloud service providers, social media providers, professional services providers, customer survey service providers and advertising partners.
c. As part of our e-marketing methods and on the basis of our legitimate business interests, we use some Google, Facebook, LinkedIn, Twitter, Apple services and some Facebook products in accordance with the practices explained in the Google, Facebook, LinkedIn, Twitter and Apple terms and privacy notices.
d. In order to protect your personal data by pseudonymising it, Google and Facebook ensure that a hashing algorithm is applied automatically at the point of sharing personal data with Google and Facebook. Please consult their relevant terms and privacy notices for further information and your options. If we can help you in any way please do not hesitate to contact us at firstname.lastname@example.org .
e. As part of our fraud monitoring, detection and prevention methods and on the basis of our legitimate business interests, we use a third-party fraud monitoring, detection and prevention service provider for all website/online sales. As part of this service, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with third party organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose.
f. We may share your personal data with government bodies and law enforcement.
g. We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
8. Marketing Preferences, Adverts andCookies
1. We may send you marketing communications and promotional offers:
• If you have created an account with us or subscribed to our services, and you have notopted out of receiving marketing (in accordance with your preferences, as explained below);
• by email if you have signed up for email newsletters;
2. We may use your personal data (as outlined in the ‘Personal Data We Collect’ section)to form a view on what we think you may like, or what may be of interest to you, and to send you details of services which may be relevant for you.
3. We will ask you for your preferences in relation to receiving marketing communications by email, and other communication channels.
4. You will always have full control of your marketing preferences. If you do not wish tocontinue receiving marketing information from us (or any third party, if applicable) at any time:
a. You can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or
b. account holders may withdraw their consent by simply logging in to the COOKIE BANNER and managing their preferences.
We will process all opt-out requests as soon as possible, but please note that due to thenature of our IT systems and servers it may take a few days for any opt-out request to be implemented.
10. Our use of analytics and targeted advertising tools
1.We use a range of analytics and targeted advertising tools to display relevant websitecontent on our website and online advertisements on other websites and apps to you.
2.We use these tools to deliver relevant content to you in marketing communications(where applicable), and to measure the effectiveness of the advertising provided. Forexample, we use tools such as Google Analytics to target and improve our marketingcampaigns, marketing strategies and website content. We may also use tools providedby other third parties to perform similar tasks. If you would like any further informationabout the data collected by these third parties or the way in which the data is used, please contact us email@example.com .
3. In order to opt out of targeted advertising, please manage your preferences in the WellEQ COOKIE BANNER.
11. Links To Other Websites And Third Parties
1.Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
2.Please check these policies before you submit any personal data to their websites.
12.Transferring Your Data Outside the EEA
The personal data we collect from you may be transferred to, and stored at, destinationsoutside the European Economic Area ("EEA") using legally-provided mechanisms tolawfully transfer data across borders. It may also be processed by staff operatingoutside the EEA who work for us or for one of our suppliers. Such staff may be engagedin, among other things, the provision of our services to you. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
If we share your personal data outside of the European Economic Area, we ensure thatthere is an appropriate transfer mechanism in place to protect your personal data and comply with our data protection obligations.
Please contact us if you want further information on the countries to which we maytransfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – firstname.lastname@example.org .
13 Storing and Securing your Data
1.We need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse. -(7 years)
2.Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent. If you choose to withdraw your consent to marketing, we will delete your personal data
from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you.
3.We will not keep your personal data for longer than is necessary and when we no longer need to keep it, we will securely destroy, delete or anonymise it.
14. Securing your data
1. The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.
2. We have put in place physical, electronic and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction or damage.
3. Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.
4. When we disclose your personal data to trusted third parties (for the purposes set out in this notice), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data protection and privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.
In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.
15. The California Consumer Privacy Act
1. Under the California Consumer Privacy Act (‘CCPA’) California residents have certainrights regarding the personal information that businesses have about them. Thisincludes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.
2.We collect identifiers (such as name, address, email, phone number, job title, andtransactional information), commercial information (such as a record of the servicespurchased or demos requested), and Internet or other electronic network activityinformation (such as usage information, IP address, cookie information, and customer feedback).
3.We use identifiers to provide the services requested, such as to fulfil a request to be contacted or provide a demo, or provide you with information about our services.
4.We use identifiers and commercial information for general website administration, which includes record keeping, troubleshooting, data analysis, testing, and survey purposes.
5.We use identifiers, commercial information, and Internet or other electronic networkactivity for trend monitoring, marketing, and advertising, as well as to ensure website security.
6.We collect identifiers and commercial information directly from you.
7.We collect Internet or other electronic network activity from your usage of the WellEQ website and our services.
8.Who We Share Your Personal Information WithWellEQshares personal information as necessary for certain business purposes. Thisincludes sharing identifiers, commercial information and internet or other electronicnetwork activity with providers of payment processing, customer relationship management, consulting, email, product feedback and helpdesk services.
9.While WellEQ does not sell personal information in exchange for any monetaryconsideration, we do share personal information for other benefits that could be deemeda “sale,” as defined by the CCPA. This includes sharing identifiers, commercialinformation and internet or other electronic network activity with advertising networks, website analytics companies, and event sponsors.
10.While WellEQ does not sell personal information in exchange for any monetaryconsideration, we do share personal information for other benefits that could be deemeda “sale,” as defined by the CCPA. We support the CCPA and wish to provide you with control over how your personal information is collected and shared.
11.You have the right to direct WellEQ to not sell your personal information. To exercisethis Right, you can log-in to the WellEQ COOKIE BANNER and request for your data not to be sold.
12.Please note that we may still use aggregated and de-identified personal information thatdoes not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.
13.You have the right to request disclosure about what categories of personal informationAL has disclosed for a business purpose about you and the categories of thirdparties to whom the personal information was disclosed. Additionally, you have the right to request disclosure of specific pieces of information.
14.If you would like to exercise your right to request disclosure, please email email@example.com .Our privacy team will examine your request and respond to you as quickly as possible.
15.You have the right to request that WellEQdelete any personal information about youthat WellEQhas collected from you. Please note that there are exceptions whereWellEQdoes not have to fulfil a request to delete information, such as when thedeletion of information would create problems with the completion of a transaction or compliance with a legal obligation.
16.If you would like to exercise your right to request disclosure, please firstname.lastname@example.org .Our privacy team will examine your request and respond to you as quickly as possible.
17.WellEQ will not discriminate against you (e.g., through denying goods or services, orproviding a different level or quality of goods or services) for exercising any of the rights afforded to you.
18.We do not knowingly collect or solicit personal information from anyone under the ageof 18. If you are under 18, please do not attempt to sign up to our services, create anaccount or send any Personal Information about yourself to us. If we learn that we havecollected Personal Information from a child under age 18, we will delete that informationas quickly as possible. If you believe that a child under 18 may have provided usPersonal Information, please email email@example.com . Our privacy team will act upon this information as quickly as possible.
16. Changes To This Privacy Notice
From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website or applications
How To Contact Us
We welcome feedback and are happy to answer any questions you may have about your data.
You can contact us at:
DATA RETENTION POLICY
Initial Effective Date on 09.04.2021
Last Revised Version on 09.04.2021
Next review Date on 09.04.2026
1. The purpose of this Policy is to ensure that necessary records and documents of WellEQ are adequately protected and maintained and to ensure that records that are no longer needed by The Company or are of no value are discarded at the proper time. This Policy is also for the purpose of aiding employees of The Company in understanding their obligations in retaining electronic documents – including e-mail, Web files, text files, sound and video files, PDF documents, and all Microsoft Office or other formatted files.
1. This Policy represents The Company’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.
1. Attached as Appendix A is a Record Retention Schedule that is approved as the initial maintenance, retention and disposal schedule for physical records of The Company and the retention and disposal of electronic documents. We will make modifications to the Record Retention Schedule from time to time to ensure that it follows National legislation and includes the appropriate document and record categories for The Company; monitor legislation affecting record retention; annually review the record retention and disposal program; and monitor compliance with this Policy.
2. In addition, any retained information can only be used for the purpose for which it is stored. This is compliant with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
4.Suspension of Record Disposal In Event of Legal Proceedings or Claims
1. There are certain occasions when information needs to be preserved beyond any limits set out in the Policy. The Policy must be SUSPENDED relating to a specific customer or document and the information retained beyond the period specified in The Company’s Data Retention Schedule in the following circumstances:
a. Legal proceedings or a regulatory or similar investigation or obligation to produce information are known to be likely, threatened or actual.
b. A crime is suspected or detected.
c. Information is relevant to a company in liquidation or receivership, where a debt is due to The Company
d. Information is considered by the owning unit to be of potential historical importance and this has been confirmed by the Administrator.
3. In the case of possible or actual legal proceedings, investigations or crimes occurring, the type of information that needs to be retained relates to any that will help or harm The Company or the other side’s case or liability or amount involved.
4. If there is any doubt over whether legal proceedings, an investigation or a crime could occur, or what information is relevant or material in these circumstances, the Administrator should be contacted and legal advice sought.
5. The Administrator shall take such steps as is necessary to promptly inform all staff of any suspension in the further disposal of documents.
5. Security of personal information
1. The Company will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
2. The Company will store all personal information on our secure (password- and firewall-protected) servers.
3. The Client should acknowledge that the transmission of information over the internet is inherently insecure, and that The Company cannot guarantee the security of data sent over the internet.
4. The Client will be responsible for keeping their Username and Password used for accessing The Company’s website confidential; The Company will not ask for password other than when needed to log in to our website.
The Company may update this policy from time to time by publishing a new version.
This page should be checked occasionally to ensure that the policy remains relevant.
1. This Policy applies to all physical records generated during The Company’s operation, including both original documents and reproductions. It also applies to the electronic documents described above.
This Policy was approved by the Managing Director on 09 April 2021
APPENDIX A RECORD RETENTION SCHEDULE
The Record Retention Schedule is organised as follows:
2. Correspondence and Internal Memoranda
3. Personal Information
4. Electronic Records
5. Insurance Records
Record Type and then Retention Period
Contracts and Related Correspondence (including any proposal that resulted in the contract and all other supportive documentation): 7 years after expiration or termination
2. CORRESPONDENCE AND INTERNAL MEMORANDA
General Principle: Most correspondence and internal memoranda should be retained for the same period as the document to which they pertain or support. For instance, a letter pertaining to a particular contract would be retained as long as the contract (7 years after expiration). It is recommended that records that support a particular project be kept with the project and take on the retention time of that particular project file.
Correspondence or memoranda that do not pertain to documents having a prescribed retention period should generally be discarded sooner. These may be divided into two general categories:
1. Those pertaining to routine matters and having no significant, lasting consequences should be discarded within five years. Some examples include:
■ Routine letters and notes that require no acknowledgment or follow up, such as notes of appreciation, congratulations, letters of transmittal, and plans for meetings.
■ Form letters that require no follow up.
■ Letters of general inquiry and replies that complete a cycle of correspondence.
■ Letters or complaints requesting specific action that have no further value after changes are made or action taken (such as name or address change).
■ Other letters of inconsequential subject matter or that definitely close correspondence to which no further reference will be necessary.
■ Chronological correspondence files.
■ Please note that copies of interoffice correspondence and documents where a copy will be in the originating department file should be read and destroyed, unless that information provides reference to or direction to other documents and must be kept for project traceability.
2. Those pertaining to non-routine matters or having significant lasting consequences should generally be retained permanently.
3. Retaining personal information
1. This Section sets out the data retention policies and procedure of The Company, which are designed to help ensure compliance with legal obligations in relation to the retention and deletion of personal information
2. Personal information that is processed by The Company for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Without prejudice to point 2 (above) The Company will usually delete personal data falling within the categories set out below at the date/time set out below:
Record Type and then Retention Period
■ Information about a computer and about visits to and use of this website (including an IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths: 2 years
■ Information provided when registering with our website (including email address): 2 years
■ Information provided when completing a profile on our website (including a name, gender, date of birth, interests and hobbies, educational details): 2 years
■ Information provided for subscribing to email notifications and/or newsletters (including a name and email address): Indefinitely or until the client chooses to ‘unsubscribe’
■ Information provided when using the services on the website, or that is generated during the use of those services (including the timing, frequency and pattern of service use) : Indefinitely
■ Information relating to any subscriptions made (including name, address, telephone number, email address and sector sought): 2 years or until consent is withdrawn
■ Information posted to our website for publication on the internet: 5 years after post
■ Information contained in or relating to any communications sent through the website (including the communication content and meta data associated with the communication): 2 years following contact
■ Any other personal information chosen to be sent: 2 years following contact
Notwithstanding the other provisions of this Section, The Company will retain documents (including electronic documents) containing personal data:
(a) to the extent that The Company is required to do so by law;
(b) if The Company believes that the documents may be relevant to any ongoing or prospective legal proceedings;
(c) and to establish, exercise or defend The Company’s legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
(d) if explicit consent is given by the data subject. Consent is requested at least every 2 years from candidates seeking contract roles and at least every 12 months for candidates seeking permanent employment.
Each day The Company will run a database backup copy of all electronic data contained on The Company data centre, except for the one financial package. All other databases are in the cloud, connected to a Tier 3 data centre. This backup will include all information relating to current users, as well as any information that remains due to any reason contained in this policy.
4. ELECTRONIC DOCUMENTS
1. Electronic Mail: Not all email needs to be retained, depending on the subject matter.
■ All e-mail—from internal or external sources – is to be deleted after 12 months.
■ Staff will strive to keep all but an insignificant minority of their e-mail related to business issues.
■ The Company will archive e-mail for 90 days after the staff has deleted it, after which time the e-mail will be permanently deleted.
■ Staff will take care not to send confidential/proprietary information held by The Company to outside sources
■ Any e-mail staff deems vital to the performance of their job should be copied to the relevant client or candidate record in E Recruit Adapt. (The Company CRM system).
2. Electronic Documents: including Office 365 and PDF files, retention also depends on the subject matter.
The Company does not automatically delete electronic files beyond the dates specified in this Policy. It is the responsibility of all staff to adhere to the guidelines specified in this policy.
In certain case’s a document will be maintained in both paper and electronic form. In such cases the official document will be the electronic document.
5. INSURANCE RECORDS
Record Type and then Retention Period
■ Certificates Issued to The Company Permanent
■ Claims Files (including correspondence, medical records, etc.) Permanent
■ Insurance Policies (including expired policies) Permanent
Record Type and then Retention Period
■ Material of Historical Value (including pictures, publications): Permanent
■ Policy and Procedures Manuals – Original: Current version with revision history
■ Annual Reports: Permanent