1. Scope

At Benevolent Health, we respect your privacy and will treat your data in accordance with the EU General Data Protection Regulation, the Data Protection Act 2018 and other applicable data protection and e-privacy law.

We want everyone who comes to us for support to feel confident and comfortable with how any personal information you share with us will be looked after or used.

This privacy notice is for people who use the Benevolent Health website and for people who we communicate with for marketing and other business-related purposes. It sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).

2. Responsibility

2.1 The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Benevolent Health collecting and/or processing their personal data.

2.2 All Employees and third-party contractors of Benevolent Health who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.

3. Privacy Notice

3.1 Who we are

We are a “data controller” for the purposes of the EU General Data Protection Regulation (GDPR). This means that we are responsible for, and control the processing of, your personal information.

Benevolent Health is a coaching, consulting and mentoring company that provides support to improve mental health. Our training provides awareness of mental health to managers to enable meaningful conversations to reduce stigma and increase signposting to improve stress, anxiety and depression.

3.2 Legal Basis for using your information

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.

Consent is required for Benevolent Health to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

You may withdraw consent at any time by contacting Benevolent Health’s Data Protection Officer via email on patientcare@benevolenthealth.co.uk and following the Withdrawal of Consent Procedure.

3.3 Disclosure

Any information you provide to us is held in strictest confidence. We will never sell your data to another organisation. We do outsource the processing of certain functions and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers, we oblige those third parties to protect your personal information in accordance with the terms and conditions of this Notice, with appropriate security and enforceable contractual measures.

3.4 Retention Period

We will keep your personal data for as long as reasonable for the purpose it was provided. We will periodically review our interactions with you and may delete your data if we have not interacted for some time.

3.5 Security

We value your trust in providing us your personal information and we take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Our website does not store the personal information that you enter into it as it links directly to our secure database. However, our website may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This privacy notice does not cover the information practices of those websites or advertisers.

3.6 Your rights as a data subject

At any point while we are in possession of, or processing your personal data, you the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation
  • Right to object – you have the right to object to certain types of processing such as direct marketing
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling
  • Right to judicial review – if in the event that Benevolent Health refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below

All of the above requests will be forwarded on should there be a third party involved (as stated in 3.3 above) in the processing of your personal data.

3.7 Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Benevolent Health (or third parties as described in 3.3 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Benevolent Health’s Data Protection Officer.

The details for each of these contacts are:
Supervisory authority contact details

Information Commissioner
Wycliffe House
Water Lane, Wilmslow
0303 1231113

Data Protection Officer (DPO) contact details
Marteka Swaby
Kemp House
160 City Road

To learn more about making a complaint, please read our Complaints Procedure

4. Privacy Statement

Benevolent Health is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. Benevolent Health processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

4.1 When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

4.2 Changes to this privacy statement

We recognise that transparency is an ongoing responsibility, so we will keep this privacy statement under regular review.

This privacy statement was last updated on 11th April 2019.

4.3 Our processing activities

Collection of personal data

In order to sign up for Benevolent Health services, you will need to provide us with some personal identifiable information which includes (but is not limited to) your name and email address. We will also collect usage data which analyses your responses to assessments, questions and any other data you provide while using the service.

Use of personal data
Personal data will be used to collate your contact information and subscribe you to our newsletter on Benevolent Health in order to give access to the resources on the website. We will not share your personal information in accordance with this Privacy Notice

Data retention
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

Business Contacts
Collection of personal data

Benevolent Health processes personal data about contacts (existing and potential clients and/or individuals associated with them) using a customer relationship management system (CRM).

The collection of personal data about contacts and the addition of that personal data to Benevolent Health CRM is initiated by Benevolent Health user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the CRM may collect data from Benevolent Health’s email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event)

Use of personal data
Personal data relating to business contacts may be visible to and used by Benevolent Health to learn more about a client or opportunity we have an interest in and may be used for the following purposes:

  • Administering, managing and developing our businesses and services
  • Providing information about us and our range of services

Benevolent Health does not sell or otherwise release personal data contained in the CRM to third parties.

Data retention
Personal data will be retained on the CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact).

Employees and Recruitment Applicants
We collect personal data concerning our own employees and recruitment applicants as part of the administration, management and promotion of our business activities.

Employees and recruitment applicants should refer to the Privacy Policy.

Suppliers and other third parties
Collection of personal data

We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.

Use of personal data
We use personal data for the following purposes:

  • Receiving services
    We process personal data in relation to our suppliers and their staff as necessary to receive the services. For example, where a supplier is providing us with outsourced services, we will process personal data about those individuals that are providing services to us.
  • Providing professional services to customers Where a supplier is helping us to deliver professional services to our customers, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our customers. (for example, where our supplier is providing people to work with us as part of a Benevolent Health team providing professional services to our customers).
  • Administering, managing and developing our businesses and services. We process personal data in order to run our business, including:
    • managing our relationship with suppliers;
    • developing our businesses and services
    • maintaining and using IT systems;
    • administering and managing our website and systems and applications.
  • Security, quality and risk management activities
    We have security measures in place to protect our and our customers’ information
    (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
  • Complying with any requirement of law or regulation
    As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data

Data retention
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights

4.4 Data we do not collect

Children’s data
Benevolent Health is intended for use by business with employees who are aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age. In the case we discover that a child under 16 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take the necessary actions.

For further information about our privacy practices, please contact our Data Protection Officer via email on patientcare@benevolenthealth.co.uk