top of page
  • Instagram
  • Facebook
  • YouTube
Data Protection Policy

1. Introduction

This Data Protection Policy sets out how The Wellbeing Designer ("we," "us," "our") collects, uses, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all personal data processed by us, including data relating to our customers, employees, contractors, and any other individuals whose data we may process.

2. Principles of Data Protection

We are committed to complying with the principles of data protection as outlined in the UK GDPR. This means that personal data will be:

  • Processed lawfully, fairly, and in a transparent manner.

  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

  • Accurate and, where necessary, kept up to date.

  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

3. Lawful Basis for Processing

We will only process personal data when we have a lawful basis for doing so. These bases include:

  • Consent: The individual has given clear consent for us to process their personal data for a specific purpose.

  • Contract: The processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

  • Legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).

  • Vital interests: The processing is necessary to protect someone's life.

  • Public task: The processing is necessary for us to perform a task in the public interest or for our official functions, and the task has a clear basis in law.

  • Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

4. Types of Data Collected

We collect various types of personal data, including:

  • Customer data: Names, contact information, payment details, workshop registration information, and feedback.

  • Employee data: Names, contact information, employment history, payroll information, performance data.

  • Website data: IP addresses, browsing behaviour (collected via cookies – see our Cookie Policy).

5. How We Use Personal Data

We use personal data for various purposes, including:

  • To provide our services and workshops.

  • To manage customer relationships.

  • To process payments.

  • To communicate with customers and provide information about our services.

  • To manage our employees.

  • To comply with legal obligations.

6. Data Sharing and Disclosure

We may share personal data with:

  • Service providers: Third-party providers who provide services on our behalf (e.g., payment processors, IT support).

  • Legal authorities: When required to do so by law.

We will only share personal data with third parties who ensure an adequate level of data protection.

 

7. Data Security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, use, or disclosure. These measures include:

  • Encryption

  • Access controls

  • Secure storage

  • Regular security assessments

8. Data Retention

We will only retain personal data for as long as is necessary for the purposes for which it was collected, or as required by law.

9. Individual Rights

Individuals have the following rights regarding their personal data:

  • Right to access: The right to obtain confirmation that their data is being processed and to access that data.

  • Right to rectification: The right to have inaccurate data corrected.

  • Right to erasure: The right to have their data deleted ("right to be forgotten").

  • Right to restriction of processing: The right to restrict the processing of their data.

  • Right to data portability: The right to receive their data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • Right to object: The right to object to the processing of their data.

  • Right not to be subject to automated decision-making: The right not to be subject to a decision based solely on automated processing, including profiling.

To exercise these rights, please contact our Data Protection Officer (see section 11).

10. International Data Transfers

We will only transfer personal data outside the UK to countries that have been deemed to provide an adequate level of protection by the UK government, or where appropriate safeguards are in place (e.g., Standard Contractual Clauses).

11. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection compliance. The DPO's contact details are:

Cindy Juliana Esquivel

contact@thewellbeingdesinger.com

12. Complaints

If you have any concerns about our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

13. Changes to this Policy

We may update this Data Protection Policy from time to time. We will notify you of any significant changes.

14. Review

This policy will be reviewed annually.

Last review 29-04-2025

bottom of page