Section A - What data do we collect?
We collect data that are specified into the below categories;
Personal Data - is information that relates to an identified or identifiable individual. What identifies you as an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors such as identifiable notes made in coaching sessions. Personal data shall be processed lawfully, fairly and in a transparent manner. We process this information lawfully for the purposes of contracting, consent and legitimate interests to provide business services for repeated value to the client.
Enquiry Data - We may process any information that has been submitted via any of our websites contact forms. This data may then be processed for the purpose of offering, marketing and selling relevant services to you. As well as sending you emails with regards to new blog posts, special offers and deals on relevant services if you have opted in to this at the point of using the contact form. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business. However, an individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies.
Financial Data - Financial transactions relating to our services are handled by our payment services provider, Freeagent. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services provider privacy policies and practices at: https://www.freeagent.com/company/gdpr/.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may also process any data identified within this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. We may process any data identified within this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Section B - How do we collect this data?
We collect data through our contact forms on the website, including our scheduling service which is integrated into the website by Acuity scheduling software, our new client profile forms and questionnaires, contracts and templates or exercises provided through Outlook email or face to face within coaching sessions. All of the personal data that you provide us with is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in the GDPR. Further information on GDPR can be found here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ .
Section C - Who can access my data?
We may disclose or provide your data to the below third-party providers namely in our legitimate interests of the proper administration of our website and business;
Acuity Scheduling Software - Enquiry Data shared by yourself via a contact form for scheduling coaching session purposes this information is processed on the legal basis of processing the data for our legitimate interests of providing an automated process for booking sessions for ease for our customers. You always have the option of emailing your coach directly instead.
Squarespace - Enquiry data shared by yourself via a contact form and website cookies (see website cookies policy https://www.getworkhappy.com/cookies/)
Google Analytics - IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use is stored and collected via Google Analytics. The basis for processing the data is our legitimate interests in processing for the purpose of analysing, monitoring and improving our website for our customers.
Outlook - Enquiry Data.
Freeagent - Financial Data.
Section D - Data Retention and Deletion of Data
Our data retention policies and procedure is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data and is outlined below;
- All personal data collected in accordance to section A of this policy will be retained for a minimum period of 7 years following the date of collection and will be retained indefinitely.
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
- the period of retention of all personal data will be determined based on the actions of the individual, the data will be retained indefinitely unless requested to be removed or edited by the individual themselves.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Every reasonable step is taken to ensure that personal data which is inaccurate is rectified or deleted and processed in a manner that ensures appropriate security and confidentiality of the personal data, including preventing unauthorised access to or use of personal data and the equipment used for the processing.
Section E - Your rights to your data
Under data protection regulations you have the following rights in relation to the personal data we hold on you;
- To be informed of what data we hold on you.
- To access the information we hold on you and port it to other platforms if you wish
- To request that we rectify any information we hold that is incorrect.
- To request that your information is deleted from our records, if there is no legal obligation for us to retain it.
- To request we restrict the processing of your information. This means we may store the data but not use it.
- To object to the processing of your information for direct marketing purposes.
If you have any queries in relation to the protection of your data or wish to request changes, deletion, or supply of your information as described above please contact our Data Protection Officer (DPO);
Name: Jenna Livings
Email: email@example.com or firstname.lastname@example.org
Address: 1 Roberta Walk, Wilstock Village, North Petherton, TA5 2GW
Who will respond to you within one calendar month with any appropriate identifiable information we hold about you.
ur governing body in relation to Data Protection is the ICO, (https://ico.org.uk/) Wycliffe House, Wilmslow, Cheshire, SK9 5AF