The Wellbeing Project (Europe) Ltd (“TWP,” “we,” “us,” or “our”) values the personal data which you (“client”, “client’s employees”, “you” or “your”) provide to us in connection with the agreed provision of services, including the use of our applications and website. We are committed to protecting your personal data and fully complying with associated legal obligations.
Who we are
TWP is a leading global consultancy, providing expert advice, wellbeing and resilience assessments and resources across all industries and sectors.
The company is registered in England and Wales, our company registration number is 06052302 and our registered office is, Ramsbury House, 1B Charnham Lane, Hungerford, Berkshire RG17 0EY. UNITED KINGDOM.
TWP is registered with the Information Commissioners Office (ICO) under registration No. ZA516563.
How to contact us
Who do we collect data from?
|Clients (data controllers)||TWP have consulted legal and security professionals to make sure that all our processes are fully compliant. We have taken careful consideration for those clients who invite their employees to take part in our online resilience programmes, to ensure that their personal data is kept safe.|
|Client’s employees (data subjects)||If your employer invites you to take part in one of our online resilience programmes, this may require you to provide us with personal data, both at the point of registration and through interactions on our website. We take great care to protect your data against loss, exposure, and unauthorised access. We are transparent about what data you share with us, where it is stored, and how it is used.|
For the purpose of the Data Protection Legislation; Where a company or organisation, using our services or products (the “client”) has instructed us to support or assess the wellbeing and resilience of their employees (the “responders”), the Client is the data controller and TWP is the data processor.
What personal data do we collect?
Personal data is defined in the UK GDPR as,
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
It does not include anonymous data, i.e., information where the identity of an individual has been permanently removed. However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
If you register to use our services, our website or applications, we may collect the below types of personal data;
|Category of personal data collected||What it includes|
*only collected when required through provision of specific agreed services
|Marketing and communications data||Your marketing and communication preferences|
|Behavioural data||Inferred information regarding your wellbeing and resilience, based on your activity on the Wraw Index platform.|
|Special categories of personal behaviour||Through the services we offer we may collect some ‘special categories of personal data’, specifically, this will include genetic data and information about your general wellbeing. Where we offer the option for you to submit details about your ‘mood’ (mood mapping tool), then the data you submit may contain personal health related data.|
|Technical data||Internet protocol (IP) address, your login data, access dates and times, browser type and version, time zone setting and location, operating system information, and other information on the device used to access the website, as provided by the browser.|
|User generated data||When you use our digital services, we may automatically collect and store information in server logs, including details such as device type, learning journey progress, mood map score history, content engagement statistics.|
|Aggregated data||TWP also collect and share ’Aggregated Data’ such as statistical or demographical data derived from your personal data. Note that once in aggregated form, data will not constitute ‘personal data’ for the purposes of UK GDPR, as the data will not directly nor indirectly reveal your identity.
For example, we may collate aggregated data to analyse the average wellbeing and resilience of specific groups of workers in order to identify patterns across varying demographics.
We may also aggregate data in order to provide your organisation with reports on the wellbeing and resilience levels of your teams.
In no scenario, will the sharing of aggregated data contain personal information related to your account, or any personally identifiable user generated data.
“A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
The rules on cookies are covered by the Privacy and Electronic Communications Regulations 2003 (PECR). PECR also covers the use of similar technologies for storing or accessing information, such as ‘Flash cookies’ and device fingerprinting.” See www.ico.org.uk for details.
We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.
|Type of cookie||Purpose|
|TWP-Wraw-session cookie||To provide an improved user experience – Session cookies deposit information on a current session. Alternative information such as login data or a partly filled-out online form remains intact during the session. When a session is ended, all identifiers and data are deleted.|
|Google Analytics cookies||To measure user interaction on our site, including; the number of visitors, the websites that referred them to our site, the pages they visited, what time of day they visited, whether they have visited before, and other similar information.
We use this information to help operate our site more efficiently, to gather broad demographic information and to monitor the level of activity on our site. We use Google Analytics for this purpose. Google Analytics uses its own cookies. The cookie is only used to improve how our site works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies
You can find out more about how Google protects your data here: https://policies.google.com/privacy
How do we collect your personal data?
We collect User Personal Data as a result of the below actions;
- when you contact us with a query that you may have about using our services.
- when you register to use our app or website.
- when you navigate and use our app or website.
How do we use your personal data?
We will only use your personal data for the purposes for which it has been collected. The data is being collected to enable us to respond to your enquiries and to allow us to provide the services that you engage us to deliver.
Marketing communications preferences
If you have given your express permission to receive our newsletter, then your data will be used to send you our newsletter and details of special offers and events. We may on occasion send you information that we believe to be relevant on the basis of legitimate interest.
You can opt-in to receive marketing information from us via our website homepage or by emailing firstname.lastname@example.org.
You are also able to opt out of the marketing information that we send to you by using the unsubscribe link that we include within our marketing emails or by emailing email@example.com.
Where you opt out of receiving marketing messages, this will not apply to service correspondence between ourselves and our clients in connection with the performance of a contract.
The legal basis on how we process your personal data
The UK GDPR requires us to ensure that we have a ’legal basis’ for the purposes for which we use any personal data.
Most commonly, these include;
- Performance of a contract – Processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our clients in connection with the performance of a contract.
- Legitimate Interest – We will use legitimate interests to send occasional marketing information by post and for segmentation and profiling to send relevant targeted communications. Our legitimate interests are to communicate with our clients to keep them informed and to grow our business.
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
We retain User Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. At the end of the retention period, personal data will be permanently deleted.
|Data Category||Retention Practice|
|Client Contact data||We will only retain your personal data for;
|After a period of 24 months, the data subject’s name and personal identifiers are permanently deleted.|
Your legal rights
TWP would like to make you fully aware of all your data protection rights. Every contact/user is entitled to the following;
- The right to access – You have the right to request TWP for copies of all your personal data. We may charge a small fee for this service.
- The right to rectification – You have the right to request that TWP correct any information you believe is inaccurate. You also have the right to request TWP complete information which you believe is incomplete.
- The right to erasure – You have the right to request that TWP erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that TWP restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to TWP’s processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that TWP transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make any such request, TWP have one month to respond to you. If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org.
Who do we share your personal data with?
Personal details are only shared with TWP employees, and associates of TWP where they are contractually engaged to deliver services on behalf of the Company. We never share personal data with any third party for the use of marketing. The table below shows what data we share and why;
|Recipients||Personal Data Category||Why we share it|
||Our service providers are contracted to provide us with IT, systems and software development support.|
How do we keep your personal data secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees and service providers who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your personal data.