Make Appointment
Home
Data Protection

Data Protection Policy

 

Well Wise Hub Ltd. (“we”, “our”, “us”) is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines how we collect, use, disclose, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant UK laws.

Purpose

This policy sets out the principles and guidelines that Well Wise Hub Ltd. follows in processing personal data. We are committed to ensuring that personal data is handled appropriately and in compliance with data protection laws.

Scope

This policy applies to all personal data processed by Well Wise Hub Ltd., including data relating to:

  • Customers
  • Employees
  • Contractors
  • Suppliers
  • Website visitors

This policy applies to all staff, contractors, and third-party service providers who have access to or process personal data on behalf of Well Wise Hub Ltd.

Data Protection Principles

We adhere to the following key principles set out in the UK GDPR:

Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimisation: Personal data collected shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Inaccurate personal data shall be rectified or deleted without delay.

Storage Limitation: Personal data shall be kept in a form that permits identification for no longer than necessary for the purposes for which it is processed.

Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Lawful Basis for Processing

We will only process personal data where we have a lawful basis to do so. These may include:

  • Consent: The individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: The processing is necessary for the performance of a contract or to take steps at the request of the individual prior to entering into a contract.
  • Legal Obligation: The processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: The processing is necessary for our legitimate interests, provided that those interests are not overridden by the individual’s rights and freedoms.

Types of Data We Collect

We may collect the following types of personal data:

  • Identity Data: Name, date of birth, and gender.
  • Contact Data: Address, email address, and phone number.
  • Financial Data: Bank account details for payment purposes.
  • Technical Data: IP address, browser type, and other details related to website usage.
  • Employment Data: For employees and contractors, including payroll information, performance records, and contract details.

How We Use Personal Data

We use personal data for the following purposes:

  • To provide and improve our services.
  • To manage customer accounts and communicate with users.
  • To process payments and fulfil contractual obligations.
  • To comply with legal and regulatory obligations.
  • To improve user experience and website functionality through analytics.
  • For recruitment, employment, and personnel management.

We will only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose.

Sharing of Personal Data

We may share personal data with third parties in the following circumstances:

  • Service Providers: We may share data with trusted third-party providers who assist us in delivering our services (e.g., payment processors, IT service providers).
  • Legal Obligations: We may share data when required by law, such as with government authorities or law enforcement agencies.
  • Business Transfers: In the event of a merger, acquisition, or sale of our business, personal data may be transferred as part of the transaction.

All third-party service providers who process data on our behalf are required to ensure the security of personal data and act in accordance with this policy and applicable laws.

Data Security

We implement appropriate technical and organisational measures to protect personal data from:

  • Unauthorised access
  • Loss or theft
  • Accidental destruction or damage
  • Unlawful processing

These measures include encryption, access controls, and secure data storage systems. We regularly review and update our security protocols to safeguard personal data.

Data Retention

We will only retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the data is no longer needed, we will securely delete or anonymise it.

Individual Rights

Individuals have the following rights regarding their personal data under the UK GDPR:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.
  • Right to Erasure: You can request the deletion of your personal data, subject to certain conditions.
  • Right to Restrict Processing: You can ask us to restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data where we rely on legitimate interests.
  • Right to Withdraw Consent: Where we rely on consent to process your data, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided below.

Data Breach Procedures

In the event of a data breach that affects personal data, we will notify the relevant supervisory authority, and where necessary, the affected individuals in accordance with the UK GDPR. We will also take appropriate steps to contain and mitigate any damage caused by the breach.

International Data Transfers

We may transfer personal data to countries outside the UK where necessary to provide our services. When doing so, we ensure that the data is adequately protected by using recognised legal mechanisms, such as Standard Contractual Clauses, and complying with UK data protection laws.

Updates to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our data processing practices or legal requirements. Any updates will be posted on this page with the “Last Updated” date.

Contact Us

If you have any questions about this policy or our data protection practices, or if you wish to exercise your rights under the UK GDPR, please contact us at:

Well Wise Hub Ltd.
12 Barn Close, RG12 2TR, Bracknell, England.
Email Address: privacy@wellwisehub.co.uk
Contact Number: +44 7709 573 550

This Data Protection Policy is governed by the laws of England and Wales and complies with the UK GDPR and the Data Protection Act 2018.