PLEASE ENSURE YOU READ THESE TERMS AND CONDITIONS CAREFULLY AND ACCEPT THEM BEFORE YOU USE OUR SITE
Our site is operated by The Essential Parent Company Limited (we or us). We are registered in England and Wales under company number 7535196 and with our registered office is at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS. Our VAT number is 110 6035 75.
This page (together with the documents referred to on it) tells you the terms and conditions (terms) on listed on our website www.essentialparent.com (site).
Please read these terms carefully before using our site and by using this site you agree to be bound by these terms.
If you do not wish to accept these terms, please do not use the site.
- This Site is for Informational Purposes Only and Does Not Provide Medical Advice
- User Obligations
- License Grant
- Prohibited Activities
- Third Party Content
- Sweepstakes, Raffles Contests and Games
- Accounts, Passwords and Security
- Linking to the Sites
- Disclaimer Regarding Linked Third Party Sites
- Dealings with Third Parties
- Privacy
- Disclaimer of Warranties
- Limitation of Liability
- Indemnification
- Copyright Policy
- Termination
- Governing Law
- Waiver and Severability
- Successors and Assigns
- Arbitration Clause
- Updates
- Data Protection Policy
IMPORTANT: The Essential Parent Company Ltd. and its subsidiaries (“Essential Parent”) operate this website, other health, wellness, diet and fitness websites that are part of the Essential Parent portfolio of websites (collectively, the “Sites”) and the services related to or offered on the Sites (hereinafter, the “Services”).
Essential Parent’s Services may include, without limitation, tools, applications, email services, calendars, and downloadable mobile applications related to the Sites or provided through the Sites. These Terms of Use (“TOU”) govern your use of any of the Sites and Services that are provided by Essential Parent. Please read this agreement carefully before accessing or using any of the Sites or Services. Each time you access or use the Sites or Services, you agree to be bound by these TOU. If you do not agree to be bound by all of these TOU, you may not access or use the Sites or Services. In addition, certain areas of the Sites or Services may be subject to additional terms of use that we make available for your review. By using such areas, or any part thereof, you are expressly indicating that you have read and agree to be bound by the additional terms of use applicable to such areas. In the event that any of the additional terms of use governing such area conflict with these TOU, the additional terms will control.
THESE TERMS CONTAIN A BINDING ARBITRATION CLAUSE AND A CLASS ACTION WAIVER.
1.This Site is for Informational Purposes Only and Does Not Provide Medical Advice
The Sites and Services offer health, fitness and nutrition related information, but are designed for non-commercial, informational purposes only. YOU SHOULD NOT RELY ON THIS INFORMATION AS A SUBSTITUTE FOR, NOR DOES IT REPLACE, PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT. IF YOU HAVE ANY CONCERNS OR QUESTIONS ABOUT YOUR HEALTH OR THE CONTENT ON THE SITES OR SERVICES, YOU SHOULD ALWAYS CONSULT WITH A DOCTOR OR OTHER HEALTH-CARE PROFESSIONAL. DO NOT DISREGARD, AVOID OR DELAY OBTAINING MEDICAL OR HEALTH RELATED ADVICE FROM YOUR HEALTH-CARE PROFESSIONAL BECAUSE OF SOMETHING YOU MAY HAVE READ ON THE SITE OR THROUGH THE SERVICES. THE USE OF ANY INFORMATION PROVIDED ON THE SITES OR THROUGH THE SERVICES IS SOLELY AT YOUR OWN RISK. Nothing stated or posted on the Sites or available through any Service is intended to be, and must not be taken to be, the practice of medicine or counselling care. For the purposes of this agreement, the practice of medicine and counselling includes, without limitation, psychiatry, psychology, psychotherapy, the practice of pharmacy, nutrition and fitness counselling or providing health care treatment, instructions, diagnosis, prognosis or advice. Developments in medical research may impact the health, fitness and nutritional topics discussed on the Sites or through the Services and no assurance can be given that the information contained in the Sites or the Services will always include the most recent findings or developments with respect to the particular material. Your access or use of the Sites and the Services does not create in any way a physician/patient, confidential, or privileged relationship, or any other relationship that would give rise to any duties on our part or the part of our Licensors. We do not recommend or endorse any specific tests, physicians, clinics, procedures, opinions, products or other information that may appear on the Sites or Services. If you rely on any of the information provided by this Site or the Services, our employees, or guests or visitors to the Sites, you do so solely at your own risk.
2.User Obligations
You agree to abide by all applicable local, state, national, and international laws and regulations, including UK export and re-export control and economic sanction laws and regulations, with respect to your use of the Sites and Services. You also acknowledge and agree that your use of the Internet and access to the Sites is solely at your own risk. You should also understand that the confidentiality of any communication or material transmitted to/from a Site over the Internet or other form of global communication network cannot be guaranteed. Accordingly, Essential Parent is not responsible for the security of any information transmitted to or from the Sites. Essential Parent reserves the right to prohibit or terminate use of or access to the Sites at any time, without notice, for any reason whatsoever.
3.License Grant
This TOU provides to you a personal, revocable, limited, non-exclusive, royalty-free, non-transferable license to use the Sites conditioned on your continued compliance with these TOU. You may print and download materials and information from the Sites solely for your personal use, provided that all hard copies contain all copyright and other applicable notices contained in such materials and information.
4.Prohibited Activities
The Sites and the Services are not intended for children under the age of 13 (or applicable age in your country) and children under 13 (or applicable age in your country) should not use the Sites or the Services. You acknowledge and agree that the Sites and Services contain proprietary and confidential information that is protected by applicable intellectual property and other laws, and are the sole property of Essential Parent, its Licensors or our content providers. Unless otherwise specified in writing, the Services are for your personal and non-commercial use. In connection with your use of the Sites and/or the Services, you acknowledge and agree that you will not:
- Copy, reverse engineer, reverse assemble, otherwise attempt to discover the source code, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer or sell any information, software, products or services obtained through the Sites or the Services;
- Access the Sites or Services by any means other than through the standard industry-accepted or Essential Parent-provided interfaces;
- Post or transmit any material that contains a virus or corrupted data;
- Delete any author attributions, legal notices or proprietary designations or labels;
- Violate any applicable local, state, national or international law, rule or regulation or use the Sites and/or the Services for any purpose that is prohibited by these TOU;
- Manipulate or otherwise display the Sites and/or the Services by using framing or similar navigational technology;
- Register, subscribe or unsubscribe any party for any Essential Parent product or service if you are not expressly authorised by such party to do so;
- Use the Sites or the Services in any manner that could damage, disable, overburden or impair Essential Parent’s servers or networks, or interfere with any other user’s use and enjoyment of the Sites and/or the Services;
- Gain or attempt to gain unauthorised access to any of the Sites, Services, accounts, computer systems or networks connected to Essential Parent through hacking, password mining or any other means;
- Obtain or attempt to obtain any materials or information through any means not intentionally made available through the Sites or the Services or harvest or otherwise collect information about other users without their consent;
Use the sites in any manner that could damage, disparage, or otherwise negatively impact Essential Parent. In addition, you agree to comply with our Posting Guidelines below. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, COPYING OR REPRODUCING ANY SERVICES, PROGRAMS, PRODUCTS, INFORMATION OR MATERIALS PROVIDED BY ESSENTIAL PARENT TO ANY OTHER SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.
5.Third Party Content
Any opinions, advice, statements, services, advertisements, offers or other information or content expressed or made available through the Sites by third parties, including information providers, are those of the respective authors or distributors and not Essential Parent. Neither Essential Parent, its Licensors nor any third-party content providers guarantee the accuracy, completeness or usefulness of any content. Furthermore, neither Essential Parent nor its Licensors endorse or are responsible for the accuracy and reliability of any opinion, advice or statement made on any of the Sites or Services by anyone other than an authorised Essential Parent or Licensor representative while acting in his/her official capacity. You may be exposed through the Sites or Services to content that violates our policies, is sexually explicit or is otherwise offensive. You access the Sites and Services at your own risk. We take no responsibility for your exposure to third party content on the Sites or the Services. Essential Parent and its Licensors do not assume, and expressly disclaim, any obligation to obtain and include any information other than that provided to it by its third party sources. It should be understood that we do not advocate the use of any product or procedure described in the Sites or through the Services, nor are we responsible for misuse of a product or procedure due to typographical error.
6.Sweepstakes, Raffles, Contests and Games
If Essential Parent conducts a sweepstake, contest, or game on the Sites, the rules governing any of the foregoing shall be accessible through a hypertext link prominently displayed on the page where the sweepstake, contest or game may be located. By entering or participating in any of them, you agree to be subject to those rules, regulations and procedures. Please remember to read the rules carefully before participating.
7.Accounts, Passwords and Security
If any of the Sites or Services require you to open an account, you must complete the registration process by providing Essential Parent with current, complete and accurate information, as prompted by the applicable registration form. You acknowledge that by providing any information to Essential Parent which is untrue, inaccurate, not current or incomplete, Essential Parent reserves the right to terminate your access and use of the Sites and/or the Services. As part of the registration process, you will be asked to select a username and password. You are entirely responsible for maintaining the security and confidentiality of your account and password. FURTHERMORE, YOU ARE ENTIRELY RESPONSIBLE FOR ANY AND ALL ACTIVITIES AND CONDUCT, WHETHER BY YOU OR ANYONE ELSE, THAT ARE CONDUCTED THROUGH YOUR ACCOUNT. You agree to notify Essential Parent immediately of any unauthorised use of your account or any other breach of security. Neither Essential Parent nor its Licensors will be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. You may be held liable for any losses incurred by Essential Parent, its Licensors or another party due to someone else using your account or password.
8.Linking to the Sites
We reserve the right to disallow you to link to the Sites at any time in our sole discretion. If we exercise such right, you agree to immediately remove and disable any and all of your links to the Sites. In the absence of a written agreement with us specifying how you may link to the Sites you do not have permission to do so.
9.Disclaimer Regarding Linked Third Party Sites
The links on any of the Sites and/or Services will let you leave the particular Sites or Service you are accessing in order to access a linked third party site (the “Linked Sites”). Essential Parent provides these links as a convenience, but we neither control nor endorse these Linked Sites, nor has Essential Parent reviewed or approved the content which appears on the Linked Sites. Essential Parent is not responsible for the legality, accuracy or appropriateness of any content, advertising, products, services or other materials on or available from any Linked Sites. You acknowledge and agree that Essential Parent shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of any of the links, content, goods or services available on or through the Linked Sites.
10.Dealings with Third Parties
Your participation, correspondence or business dealings with any third party found on or through our Sites and Services, including, without limitation, advertisers and other users, regarding payment and delivery of specific goods and services, and any other terms, conditions, representations or warranties associated with such dealings, are solely between you and such third party. You agree that Essential Parent shall not be responsible or liable for any loss, damage, or other matters of any sort incurred as the result of such dealings
11.Privacy
Essential Parent’s privacy policy with respect to the collection and use of your personally identifiable information is set forth at https://essentialparent.com/privacy-policy/ incorporated by reference into these TOU. BY ACCESSING THE SITES AND/OR SERVICES, YOU AGREE THAT YOU ARE ACCEPTING OUR PRIVACY POLICY.
12.Disclaimer of Warranties
THE SITES AND THE SERVICES, AND ANY CONTENT, TOOLS, PRODUCTS OR SERVICES DISPLAYED, ACCESSED OR OBTAINED ON OR THROUGH THE SITES AND SERVICES ARE PROVIDED “AS IS”, “AS AVAILABLE”, AND WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, ESSENTIAL PARENT, ITS LICENSORS AND THEIR AFFILIATES, SUPPLIERS, AND AGENTS DO NOT WARRANT AND EXPRESSLY DISCLAIM THAT: (i) YOUR USE OF THE SITES AND/OR SERVICES AND ACCESS TO AND USE OF ALL OF THE TOOLS AND FEATURES THEREON WILL BE UNINTERRUPTED, ERROR-FREE OR SECURE; (ii) THAT ANY INFORMATION OBTAINED THEREIN IS ACCURATE, RELIABLE OR COMPLETE; (iii) THAT DEFECTS WILL BE CORRECTED; OR (iv) THAT ANY SOFTWARE, SERVICES, SITES OR SERVER(S) ON WHICH THE SITES OR SERVICES ARE HOSTED ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. YOUR USE OF THE SITES AND THE SERVICES AND ANY INFORMATION OR MATERIALS PROVIDED ON OR THROUGH THE SITES AND SERVICES ARE ENTIRELY AT YOUR OWN RISK. WE MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE PRODUCTS OR SERVICES SOLD OR ADVERTISED HEREIN OR ABOUT THE SATISFACTION OF GOVERNMENT REGULATIONS REQUIRING DISCLOSURE OF INFORMATION ON PRESCRIPTION DRUG PRODUCTS WITH REGARD TO THE CONTENT CONTAINED ON THE SITES OR THROUGH THE SERVICES. WE MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO ANY TREATMENT, ACTION OR APPLICATION OF MEDICINE, MEDICATION OR THE INFORMATION OFFERED OR PROVIDED WITHIN OR THROUGH THE SITES OR THE SERVICES.
13.Limitation of Liability
NEITHER ESSENTIAL PARENT NOR ITS LICENSORS, DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS, AGENTS OR SPONSORS ARE RESPONSIBLE OR LIABLE TO YOU OR ANYONE ELSE FOR ANY LOSS OR INJURY OR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE OR OTHER DAMAGES UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY ARISING OUT OF OR RELATING IN ANY WAY TO (i) THE USE OF OR INABILITY TO USE THE SITES AND/OR THE SERVICES; (ii) ANY CONTENT CONTAINED ON THE SITES AND/OR THE SERVICES; (iii) STATEMENTS OR CONDUCT POSTED OR MADE PUBLICLY AVAILABLE ON THE SITES AND/OR THE SERVICES; (iv) ANY PRODUCT OR SERVICE PURCHASED OR OBTAINED THROUGH THE SITES AND/OR SERVICES; (v) ANY ACTION TAKEN IN RESPONSE TO OR AS A RESULT OF ANY INFORMATION AVAILABLE ON THE SITES AND/OR SERVICES; (vi) ANY DAMAGE CAUSED BY LOSS OF ACCESS TO, DELETION OF, FAILURE TO STORE, FAILURE TO BACK UP, OR ALTERATION OF ANY CONTENT ON THE SITES AND/OR SERVICES; OR (vii) ANY OTHER MATTER RELATING TO THE SITES AND/OR THE SERVICES. IN NO EVENT SHALL THE TOTAL LIABILITY OF ESSENTIAL PARENT OR ITS LICENSORS TO YOU FOR ANY AND ALL DAMAGES, LOSSES, AND CAUSES OF ACTION EXCEED THE AMOUNT PAID BY YOU, IF ANY, FOR USING ANY OF THE SITES AND/OR SERVICES. Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some of the above limitations and disclaimers may not apply to you. To the extent that we may not, as a matter of applicable law, disclaim any implied warranty or limit liabilities, the scope and duration of such warranty and the extent of our liability will be the minimum permitted under such applicable law.
14.Indemnification
You agree to indemnify, defend and hold Essential Parent and its Licensors, subsidiaries, affiliates, officers, directors, agents, co-branders or other partners, employees and representatives harmless from and against any and all claims, damages, losses, costs or expenses (including reasonable attorneys’ fees and disbursements) which arise directly or indirectly out of or from (i) your breach of these TOU; (ii) any allegation that any Submission Materials infringe or otherwise violate the copyright, trade secret, trademark or other intellectual property rights of a third party; and (iii) your access or use of the Sites or the Services.
15.Copyright Policy
All the Essential Parent DVDs and online content are protected by copyright. All rights reserved.
© The Essential Parent Company Limited 2016.
Unauthorised copying, hiring, lending, public performance, downloading, streaming, radio or TV broadcasting of the DVDs or online course content is prohibited.
WARNING:
The content reproduced on the DVDs and website is provided for information only and does not constitute medical advice or instruction. Your attention is drawn to the Disclaimer.
16.Termination
You agree that Essential Parent, in its sole discretion, may terminate your password, account (in whole or in part) or use of the Sites or Services, and remove and discard any content within the Sites or Services, at any time and for any reason. You agree that any actions taken under this Section may be effective without prior notice to you.
17.Governing Law
These TOU and the relationship between you and Essential Parent shall be governed by and construed in accordance with the laws of England and Wales. You and Essential Parent irrevocably agree to submit to the personal and exclusive jurisdiction of the courts located in England and Wales.
18.Waiver and Severability
The failure of Essential Parent to exercise or enforce any right or provision of these TOU shall not constitute a waiver of such right or provision. If any provision of these TOU is found by a court of competent jurisdiction to be unlawful, void or for any reason unenforceable, then that provision shall be deemed severed here from and shall not affect the validity and enforceability of any remaining provisions.
19.Successors and Assigns
We may perform any of our obligations or exercise any of our rights under this TOU through one or more of our corporate affiliates (including any entity that directly or indirectly controls, is controlled by or is under common control with us). If Essential Parent or its assets are acquired by another entity, that entity will assume our rights and obligations as described in this TOU. You may not assign your rights or obligations under this TOU, by operation of law or otherwise, without our prior written consent.
20.Arbitration Clause
ARBITRATION NOTICE: Any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in London, before a single arbitrator. The arbitration shall be administered JAMS, pursuant to its Comprehensive Arbitration Rules and Procedures. Judgment on the arbitration award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.
TO THE FULLEST EXTENT PERMITTED BY LAW, YOU AGREE THAT (I) NO ARBITRATION SHALL BE JOINED WITH ANY OTHER; (II) THERE IS NO RIGHT OR AUTHORITY FOR ANY DISPUTE TO BE ARBITRATED ON A CLASS-ACTION BASIS OR TO UTILISE CLASS ACTION PROCEDURES; AND (III) THERE IS NO RIGHT OR AUTHORITY FOR ANY DISPUTE TO BE BROUGHT IN A PURPORTED REPRESENTATIVE CAPACITY ON BEHALF OF THE GENERAL PUBLIC OR ANY OTHER PERSONS. If the specific provision of this paragraph is found to be unenforceable, then the entirety of this Section entitled “Binding Arbitration” shall be null and void.
YOU AGREE TO WAIVE YOUR RIGHT TO A JURY TRIAL AND UNDERSTAND THAT, ABSENT THIS PROVISION, YOU WOULD HAVE THE RIGHT TO SUE IN COURT. THE SCOPE OF THIS WAIVER IS INTENDED TO BE ALL-ENCOMPASSING OF ANY AND ALL DISPUTES THAT MAY BE FILED IN ANY COURT AND THAT RELATE TO THE SUBJECT MATTER OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, CONTRACT CLAIMS, TORT CLAIMS AND ALL OTHER COMMON LAW AND STATUTORY CLAIMS.
21.Updates
We may modify these TOU at any time, as we deem appropriate. If you disagree with the changes to the TOU, you must discontinue your use of the Sites and Services, and if you have registered as a member, cancel your registration. Your continued access or use of any of the Sites or Services following such notice signifies your acceptance of the modified TOU. It is your responsibility to review the TOU regularly to be aware of such modifications. We reserve the right to modify or discontinue the Sites or Services with or without notice. We will not be liable to you or any third party should we exercise our right to modify or discontinue the Sites or Services. If you object to any such changes, your sole recourse will be to cease access to the Sites or Services. Continued access to the Sites or Services following notice of any such changes will indicate your acknowledgement of such changes and acceptance of the Sites or Services as so modified and your use of new Services will be governed by these TOU.
22.Data Protection Policy
1.Purpose & Scope
This Policy sets out the obligations of TEP a company registered in England, under number 07535196, whose registered office is at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS regarding data protection and the rights of staff, service users and business contacts in respect of their personal data under the Data Protection Legislation.
This Policy sets the company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the company, its employees, agents, contractors, or other parties working on behalf of the company.
2.Roles and Responsibilities
The Data Protection Officer (DPO) has overall responsibility for ensuring the organisation complies with Data Protection legislation and reports to the SIRO.
The Data Protection Officer (DPO):
Assists with the monitoring of internal compliance, informs and advises on data protection obligations, provides advice regarding Privacy Impact Assessments (PIAs) and acts as a contact point for data subjects and the supervisory authority.
The DPO tasks are as follows:
- to inform and advise the company about obligations to comply with the legislation.
- to monitor compliance with the legislation including managing internal data protection activities; raising awareness of data protection issues, training staff and conducting internal audits
- to advise on, and to monitor, data protection impact assessments
- to cooperate with the supervisory authority
- Maintain the Register of Processing Activities
- to be the first point of contact for supervisory authorities and for individuals whose 0data is processed (employees, public etc).
The Board (TB):
Responsible for;
- Ensuring that the staff complete annual training.
- Ensuring that any Data Protection issues including breaches of confidentiality and security, are investigated and appropriate action taken as necessary.
- Ensuring that the Register of Processing Activities is maintained and relevant to the organisation.
Staff
All staff, whether permanent or associated are responsible for ensuring that they are aware of the data protection policy and of the obligations incumbent upon them. If staff are unsure about any aspect of this policy and how it affects them, they should contact the DPO.
3.The Data Protection Principles
The Data Protection Legislation sets out the following principles with which any party handling personal data must comply. All personal data must be:
- processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the Data Protection Legislation in order to safeguard the rights and freedoms of the data subject;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
4.Lawful Basis for Processing Personal & Special Category Data
Under the ‘Legislation”, any organisation that processes personal data must have at least one of the following lawful bases for doing so;
- The individual has given clear consent for the company to process their personal data for a specific purpose.
- It is necessary for the performance of a contract or to take steps to enter into a contract with the data subject.
- It is necessary for compliance with a legal obligation.
- It is necessary to protect the vital interests of a data subject or another person.
- It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- It is necessary for the purposes of legitimate interests pursued by the data controller or a third party.
If the data being processed is classed as “Special Category” then as well as the basis identified above, one of the following bases must also be present;
- the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is carried out in the course of its legitimate activities with appropriate safeguards;
- processing relates to personal data which are manifestly made public by the data subject;
- processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
- processing is necessary for reasons of public interest in the area of public health;
- processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
The lawful basis for each processing activity must be recorded as part of a formal “Register of Processing Activities”.
5.Data Protection by Design
Data Protection by design is a concept where Data Protection is considered as a core aspect of a project or change management process which promotes privacy and data protection compliance from the start. The Data Protection Impact Assessment (DPIA) is a mandatory tool as part of the data protection by design process.
This approach ensures that privacy and data protection is a key consideration in the early stages of any project and then throughout its lifecycle. For example, when:
- building new IT systems for storing or accessing personal data;
- developing policy or strategies that have privacy implications;
- embarking on a data sharing initiative; or
- using or collecting data for new purposes.
Data protection by design is formulated around the use of the DPIA. The stages described below set out the process to be followed when one of the following triggers has been identified;
- The need for a change in the collection, use and/or storage of data.
- The need to undergo a project which could potentially affect data.
Stage 1
Consideration by the SIRO or DPO as to whether there is a requirement to undertake a DPIA. A DPIA must be completed if the change or project;
- Results in a change to existing (or introduces new) data processing which is likely to result in a high risk (including some specified types of processing).
- May have an impact on an individuals’ rights and freedoms, including (but not limited to) privacy rights.
Where it is considered that a DPIA may not be required, justification for this must be sent to the DPO to review. The DPO will either accept this justification or request that a DPIA is completed. Where it was agreed by the DPO that a DPIA is not required the project documentation must provide evidence that the DPIA had been considered.
Stage 2
Where it is identified that a DPIA is required, the DPIA document must be completed and sent to the DPO who will provide advice, comments and recommend any actions required to be undertaken.
The DPO will return the DPIA to the originating Manager should there be specific queries prior to authorisation.
Stage 3
Where the DPIA has been completed, approved and the DPO’s recommendations are being implemented, the manager will;
- Incorporate identified actions from the DPIA into the project action plans.
- Agree frequency of updates to the DPO; the frequency of updates must be linked to the developments and timescales linked to the project.
Where a DPIA has been completed, approved and the DPO’s actions and advice are not being followed the following actions are required by the Manager;
- Document the justification for not following the DPO’s recommendations.
- Present the completed DPIA along with the justification for not adhering to DPO’s recommendations to the SIRO for approval.
6.Personal Data of Company Staff
Information we collect about you
We may collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Gender.
- Marital status and dependants.
- Next of kin and emergency contact information.
- National Insurance number.
- Bank account details, payroll records and tax status information.
- Salary, annual leave, pension and benefits information.
- Start date.
- Location of employment or workplace.
- Copy of driving licence and / or other photographic ID such as a passport.
- Recruitment information (including copies of right to work documentation, references, interview notes and opinions taken during and following interviews and other information included in a CV or cover letter or as part of the application process).
- Employment records (including job titles, work history, working hours, training records and professional memberships).
- Any test results, psychometric or other, included in the recruitment process
- Compensation history.
- Performance information.
- Disciplinary and grievance information.
- Information about your use of our information and communications systems.
- Photographs.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
How we collect information about you
We typically collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
We will collect additional personal information in the course of job-related activities throughout the period of you working for us. This will usually be directly from you but may be from third parties such as medical practitioners.
What we do with your personal information
We need information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The situations in which we will process your personal information are listed below:
- Deciding about your recruitment or appointment.
- Determining the terms on which you work for us.
- Checking you are legally entitled to work in the UK.
- Paying you and, if you are an employee, deducting tax and National Insurance contributions.
- Providing the following benefits to you:
- Healthcare
- Sick Pay
- Death in service
- Pension
- Childcare vouchers
- Liaising with your pension provider.
- Administering the contract, we have entered into with you.
- Business management and planning, including accounting and auditing.
- Conducting performance reviews, managing performance and determining performance requirements.
- Making decisions about salary reviews and compensation.
- Assessing qualifications for a particular job or task, including decisions about promotions.
- Gathering evidence for possible grievance or disciplinary hearings.
- Making decisions about your continued employment or engagement.
- Making arrangements for the termination of our working relationship.
- Education, training and development requirements.
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
- Ascertaining your fitness to work.
- Managing sickness absence.
- Complying with health and safety obligations.
- To monitor your use of our information and communication systems to ensure compliance with our IT policies.
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communication systems and preventing malicious software distribution.
Please note this is not an exhaustive list and some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. The majority of the above types of processing will be justified on the basis of being necessary to perform a contract and / or so that we comply with a legal obligation.
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law, for example, to ensure we provide you with a safe place of work or to consider making reasonable adjustments. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Information about criminal convictions
We do not envisage that we will hold information about criminal convictions.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to decide without human intervention.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Data sharing
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
“Third parties” includes third-party service providers (including contractors and designated agents). The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Right to withdraw consent
In some circumstances you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose. You have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
7.Other Personal Data
As a business, we may process information on behalf of a client. Where this information is deemed to be “Personal” or “Special Category”, we must ensure that it is treated in line with the “Legislation” and that we are clear before any processing commences that;
- We have a contract with the client that stipulates the requirement for us to process the data;
- We have a Data Sharing Agreement in place with the client that details the data we will receive, the purpose for the processing and the appropriate legal basis for doing so;
- Where necessary, the client has provided a copy of a “Data Protection Impact Assessment”;
- We have logged the processing activity on the Register of Processing Activities file;
- The DPO has seen and approved the processing.
8.An Individual’s Rights under the “Legislation”
As with all Personal Data, wherever it is held, “the Legislation” provides the following rights for individuals:
- the right to be informed: to be informed about the collection or use of their personal data.
- the right of access: to request access to the information held by the organisation about them.
- the right to rectification: to have inaccurate personal data rectified or completed if it is incomplete.
- the right to erasure: to have personal data erased ‘the right to be forgotten’.
- the right to restrict processing: to restrict the processing of their personal data in certain circumstances.
- the right to data portability: to receive personal data they have provided to the organisation in a structured, commonly used and machine-readable format.
- the right to object: to processing of their data based on legitimate interests or public interest/exercise of official authority, direct marketing or processing for purposes of scientific / historical research and statistics.
- rights in relation to automated decision making and profiling: To stop decisions being taken about them without human intervention.
See https://ico.org.uk/your-data-matters/ for further details.
9.How to action the “Rights”
If you require to invoke any of the rights provided under the “legislation” or have received a request from outside of the organisation relating to data protection rights, please contact the DPO.
10.Monitoring and Audit
The company will regularly monitor and audit its compliance with this document. The audit will:
- Follow a mechanism for adapting the policy to cover missing areas if these are critical to processes, and use a subsidiary development plan if there are major changes to be made;
- Set and maintain standards by implementing new procedures, including obtaining feedback where the procedures do not match the desired levels of performance; and
- Highlight where non-conformance to both the policy and record keeping guidance is occurring and suggest a tightening of controls and adjustment to related procedures.
Appendix A: Definitions
Term | Definition | |
Data Controller | A controller determines the purposes and means of processing personal data. | |
GDPR | The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. | |
Data processor | A processor is responsible for processing personal data on behalf of a controller. Any member of staff who processes employee or client data is a data processor. | |
Personal data | Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier | |
Special Category Data | Any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation | |
Consent | Freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data | |
Data Erasure | Also known as the Right to be Forgotten, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data | |
Data Portability | The requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller | |
Data Protection Officer | An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR | |
Encrypted Data | Personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access | |
Personal Data Breach | A breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data | |
Register of Processing Activities | A formal log of all personal data processing that is undertaken, together with the corresponding lawful basis and management arrangement. | |
Data Protection (Privacy) Impact Assessment | A tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data | |
Pseudonymisation | The processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution | |
Subject Access Right | Also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them | |
Supervisory Authority | A public authority which is established by a member state in accordance with article 46 | |