Last Updated: 24.01.24
Who we are
We are The Corporate Wellbeing Collective. Our website address is: https://thecwc.co.uk.
Our Commitment to you
The Corporate Wellbeing Collective is committed to protecting the privacy of our users. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our corporate wellbeing website.
Effective date: 30.05.2024
1. Introduction
The Corporate Wellbeing Collective (“The CWC”, referred to as “We, “Our” or “Us”) is committed to protecting the privacy and security of your personal data.
We have developed this privacy notice to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the Rights you have over your personal data.
Throughout this notice we refer to data protection legislation which includes the UK GDPR and other applicable laws including (but not limited to) the EU GDPR 2016 and the Privacy Electronic Communication Regulation (“PECR”) 2011. This also includes any replacement legislation which may come into effect from time to time.
The CWC is both a data controller and a data processor and this notice sets out how we act as both roles.
If you want to raise a question to The CWC, or otherwise exercise your rights in respect of your personal data, you may do so by sending an email to [email protected]
2. Lawful Basis for Data Processing
Data protection legislation requires The Corporate Wellbeing Collective to identify an appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:
| Lawful Basis | Description |
|---|---|
| Consent | For opting into marketing communications, newsletters, competitions etc. |
| Contractual Obligation | To take steps into entering and concluding contracts of employment |
| Legal Obligation | Where needed for tax reasons such as UK HMRC purposes |
| Vital Interests | To ensure we know about medical conditions of our employees or onsite visitors should they require medical attention |
| Legitimate Interests | To help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with |
There may be instances where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race and ethnicity as examples, but where identified and needed, we will ensure the relevant special conditions are applied and documented where needed.
3. Personal Data Collected
Due to the nature of our business and data processing activities we would collect and process various categories of personal data from various data subjects. Examples of data subjects whose data we process as a data controller can include employees and those who send us enquiries through our website.
As a data controller we would normally collect the following categories of personal data:
- Identity and Contact Data: personal and identity data, including your name, date of birth, copies of ID, post address, email address and telephone numbers.
- Technical Data: information we collect automatically when you visit our website or interact with us by email, including your IP address, browser details, and device details;
- Transaction Data: details of services we provide to you;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences.
As a data processor we may process and store the following categories of personal data:
- Identity and Contact Data: personal and identity data, including your name, date of birth, copies of ID, post address, email address and telephone numbers.
- Job related Data: job titles and job history including start dates and job change dates, absence and performance data.
- Equal opportunities Data: ethnic origin and religion, sexual orientation and other sensitive personal data for the purpose of equal opportunities monitoring for an employer
The above data sets pertain to the employees of our clients whose data we are processing. For more information you can contact us as detailed above.
We collect personal data through several means. Examples can include:
- When you complete an online form on our website
- Contact by phone, email or other communications (e.g. LinkedIn)
- When you use any of our services
- From third-party sources, professional contacts or third parties who send us your details as prospective clients, candidates, associates or business partners
The above list is representative and non-exhaustive.
4. How We Use Personal Data
We may use personal data for various activities which can include the following activities:
- To register you as a new client
- To provide services to you and carry out your instructions in connection with our services
- To manage queries relating to services we have provided to you historically
- To manage our relationship with you as a client or professional contact
- To send updates to clients
- Action any data subject right requests
- Communicate with relevant data controllers any communications received from a data subject including (but not limited to) data subject right requests
- Process an order for a product or other service
- Seek your views or comments on the services we provide
- Notify you of changes to our services
- Handle an enquiry or complaint you have made
- Sending marketing communications and other company updates
The above list is non-exhaustive and representative. For more information on how we use personal data for specific activities you can contact us as detailed above.
5. Cookies
We use cookies on our websites. You can adjust your browser settings to decline cookies, but this may limit some functionalities.
6. Marketing Communications
We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. In order to send you these communications we would require your consent, and you can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting us over phone or email should you choose to do so.
7. Data Security
We employ industry-standard security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction.
While we strive to protect your data, no method of transmission over the internet or electronic storage is entirely secure. Therefore, we cannot guarantee absolute security.
If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.
8. Concerns and Complaints
We understand you may have concerns and complaints to this notice and any aspects of how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.
