Connected Life Limited trading as “Capacity at Work”
This policy applies to Connected Life Limited trading as “Capacity At Work”
2. Who We Are
It is required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) for us to provide you with the following information as a 'data controller':
www.relationalcapacity.com is operated by Connected Life Limited trading as “Capacity at Work”
Connected Life Limited incorporated and registered in England and Wales with company number 8022801whose registered office is at Suite 3, Duke's House, 4-6 High Street, Windsor, SL4 1LD
The Connected Life Limited Data Protection Officer is Meeta and she can be contacted at email@example.com
3. Health Care Services
Connected Life Limited provides the following health care and consultancy services:
4. What information we collect
We may collect and process the following data about you – be it directly from you or a third party:
Identity data - including name, username or similar identifier, occupation
Contact data - including email address(es), postal address and telephone number(s).
Next of Kin – name, date of birth, email address(es), postal address and telephone number(s).
Parent or Guardian – if you are under 18 years of age we will collect the data of your guardian including name, date of birth, email address, postal address and telephone number(s).
Medical data, including medication, gender, sex life and sexual orientation, your mental, emotional and physical health, genetic and biometric data.
Complaints or Grievances, you have raised that relate to the services of Connected Life Limited.
Financial data, including bank account and payment details as well as your private medical insurance provider
Transaction data, including details about payments to and from you and other details of services you have purchased from us.
Technical data, including IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology you use to access our site.
Profile data, including your interests, preferences, feedback and survey responses.
Usage data, including information about how you use our website and services .
Marketing and communication data, including your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific website feature.
We collect Special Categories of Personal Data information relating to your health which can include examination findings, medical imaging data relating to your care, diagnostic test results, correspondence and communication from other clinical professionals relating to your current or past clinical care as well as criminal convictions and offences. This includes clinical notes.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
a) you have given consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of treatment for you;
c) processing is necessary for compliance with a legal obligation to which we are subject;
d) processing is necessary to protect the vital interests of you or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, other medical expert, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.
We use different methods to collect data from and about you, including:
Direct interactions when you purchase our services, request marketing/information be sent to you, enter a promotion or survey, or give us feedback or contact us.
6. How we use what we collect
We use information about you to:
Provide information and services that you request, or (with your consent or if we have another lawful basis) which we think may interest you.
Carry out our services directly with you.
Tell you our fees and process payment.
Liaise with others who are connected to, or could potentially be connected to your health and wellbeing, as it relates to the services and support we currently provide you with. These may include doctors, other healthcare clinicians, hospitals, police and other law enforcement agencies, social services, parents/guardians if you are under 18 as well as any person you have specifically authorized us to share information with.
Record and maintain clinical records as required by our Regulatory bodies (UKCP and BACP) to ensure safe and effective care.
If you are already our patient/client, we will only contact you electronically about your personal treatment and things similar to services previously engaged by you.
If you don’t want us to use your personal data for any of the reasons set out in this section 5, you can let us know at any time by contacting us at firstname.lastname@example.org and we will delete your data from our systems. However, you acknowledge this may limit our ability to provide our services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
Please find below further information as to the purposes and lawful basis of the personal data that we collect and process.
Type(s) of data
Clients, their employees and contractors
Contact information, including name, address, telephone number and e-mail address
Communication data including e-mail communication, text and other messaging services
Financial data including bank account and payment card details
Transaction data including details about payments to and from customers.
To ensure that we can supply the services requested by the client, including facilitating invoicing and payment.
Necessary for the performance of a contract.
Clients, their employees and contractors
Contact information, including name, address, telephone number and e-mail address.
Consent required for use in any Capacity at Work white paper or newsletter.
Suppliers, partners, subcontractors and their employees
Contact information, including name, address, telephone number and e-mail address; bank details.
To enable compliance with obligations under relevant contracts, including logging and payment of invoices.
Necessary for the performance of a contract
Contact information, including name, company name, job position, address, telephone number and e-mail address, including those available via business networking websites, such as LinkedIn.
Legitimate interests of all parties
1. The legitimate interests of both the Company and its business contacts is to network in the context of business.
2. It is necessary to exchange, keep and otherwise process contact information in order to network in the context of business.
3. There is normally a positive action taken by all parties to provide their contact details during networking with the expectation that such contact details, including personal data, may be used by the recipient for business networking.
Contact information, including name, company name, job position, address, telephone number and e-mail address, including those available via event websites such as Meetup and EventBrite.
Event registration, communication of future events and any future newsletter.
Consent required for any Capacity at Work events communications.
7. Where we store your data
We store all your personal data on a secure system that is within the European Economic Area (EEA). Should we need to transfer your data outside the EEA, we will ensure they have adequate levels of protection of personal data by the European commission; or we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or we may transfer data to US based providers that are part of the Privacy Shield.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
If we give you a password, you must keep it confidential. Please don't share it. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.
We only keep your personal data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it. In any event, we will conduct regular reviews to ascertain whether we need to keep your personal data. Your personal data will be deleted if we no longer need it.
8. Disclosing your information
The following categories of recipients may receive your personal information and process it for the purposes outlined in this Privacy Statement:
Third party companies, agents, contractors, service providers or related companies (including payment processors) if this is necessary to provide you with our products and services, respond to your enquiries or for any other related purposes. These are the third parties that have access to your information:
Dropbox - storage and access of documents
Microsoft Office 365 – storage and access of documents
third parties who support our information technology or handle mailings or events on our behalf;
law enforcement agencies, other governmental agencies or third parties if we are required by law to do so, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Site, our technology assets or the rights, property or personal safety of any person);
other business entities should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity; and
any successor in interest, in the event of a liquidation or administration of Connected Life Limited.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
9. Your rights
At any time, you have the right:
to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from whom it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
to request access to or a copy of any personal data which we hold about you;
to rectification of your personal data, if you consider that it is inaccurate;
to ask us to delete your personal data, if you consider that we do not have the right to hold it;
to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
to ask us to stop or start sending you information (e.g. our blog/newsletter/social media) at any time by using the below contact details;
to restrict processing of your personal data;
to data portability (moving some of your personal data elsewhere) in certain circumstances;
to object to your personal data being processed in certain circumstances; and
not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
Lodge a complaint with a Regulatory organisation (e.g. UKCP or BACP) preferably after consultation with ourselves. However, you have the right to lodge a complaint directly with one of the Regulatory organisations.
Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.
We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change by emailing email@example.com
10. Links to other sites
Please note that our terms and conditions and our policies will not apply to other websites that you visit via a link from our site. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
12. Automated Decision-Making and Profiling
We do not undertake any automated decision-making, including profiling.
13. Copyright Notice
This Privacy Notice has been created for Connected Life Limited trading as ‘Capacity at Work’.
Connected Life Limited trading as ‘Capacity at Work’ has the right to edit the text contained within this notice as they require, as long as it remains solely for the use of Connected Life Limited.
Any redistribution or reproduction of part of all of the contents, in any form, is prohibited. You are forbidden from distributing or commercially exploiting this content, without our express written permission.