Website Privacy Notice

Last updated: September 16, 2023

Your information, what you need to know

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information which we receive through our website https://www.wellfounded.health/ (the Site or our website) or any other means and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

We act as a Data Controller in relation to any personal data you provide to us, which means we will only process and share your data in line with the requirements of the applicable data protection laws and we will take all necessary steps to ensure that those with whom we legitimately share your data are equally robust in their approach to data protection.

​​Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to WellFounded Health, Unit 3 42 Orchard Road, London N6 5TR.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: United Kingdom

Device means any device that can access the Service such as a computer, a mobile phone or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website refers toWellFounded Health, accessible from www.wellfounded.health

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Controller

WellFounded Health Ltd is the data controller and responsible for your personal data.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Address, State, Province, ZIP/Postal code, City

  • Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies on the Privacy Policies website article.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

  • Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

  • Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.

  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

  • To manage Your requests: To attend and manage Your requests to Us.

  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.

  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

Our basis for storing your data

1. Website Usage Data

Purpose: Analysing the use of, and improving, our website and services, security monitoring and fraud detection and to ensure our website is presented in the most effective manner.

Legal basis: Our legitimate interests, namely delivering and improving our website, informing marketing strategy, and ensuring the security of the Site.

2. Correspondence Data

Purpose: To communicate with you. If you have indicated your interest in our services then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time).

Legal basis: Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries. Where correspondence data relates to marketing, our legitimate interests in developing our business. Where correspondence relates to a potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you.

How do we store your data

Our company is hosted on the Squarespace platform. Squarespace provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Sqarespace’s data storage, databases and the general Squarespace applications. They store your data on secure servers behind a firewall.

We use MailChimp as our marketing platform. Your personal data will be shared with MailChimp for processing in accordance with their privacy policy:

https://mailchimp.com/legal/privacy/ so please only submit information which you happy to have processed by MailChimp. It will be retained for as long as you are subscribed to the news alerts. Your personal information will be securely disposed of if you unsubscribe from receiving news alerts.

Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem using the contact details below.

Where is your data stored

Your data is stored on servers in the UK. As part of the services offered to you through this website the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU

These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Transferring your personal data out of the UK/ EEA

To deliver services to UK based patients, it is necessary for us to share your personal data outside the UK as part of the international team, given the international dimension to the services we are providing to you. Under UK data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

1. the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);

2. there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or

3. a specific exception applies under data protection law

These are explained below.

Adequacy decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

1. all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);

2. Gibraltar; and

3. Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay. The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

For the US see: https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_7632

Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects. The safeguards will usually include using legally approved standard data protection contract clauses. In relation to transfers to our overseas offices or other companies within our group, the safeguards may instead include legally binding rules and policies that apply to Birketts LLP (known as binding corporate rules), which have been approved by the UK data protection regulator. Transfers under an exception In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under data protection law, e.g.:

1. you have explicitly consented to the proposed transfer after having been informed of the possible risks. By completing our Inquiry form, you are explicitly consenting to the storage of data in the US with the risks outlined here;

2. the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;

3. the transfer is necessary for a contract in your interests, between us and another person; or

4. the transfer is necessary to establish, exercise or defend legal claims

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

Sharing your data with others:

We will not share your personal data with anyone outside of the legal basis described above. There are certain parties/situations where we are legitimately permitted to share your data for specific purposes. These include:

Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we have described above. For example, we may disclose:

any personal data in our possession to suppliers which host the secure servers on which our data is stored, or who provide hosted software or systems, or communications services to us (and in particular to Squarespace and Mailchimp)

In particular, we may provide Communication Data to CHHP Research Ltd regarding UK or EU based interested parties.

We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.

Compliance. We may also disclose your personal data where necessary to comply with law.

Restructuring. If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations.

Data retention

We will comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not be kept for longer than is necessary for the relevant purposes. In particular:

  • correspondence data will be retained for the period of the enquiry or chain of correspondence and then deleted after twenty-four months, unless it relates to a client in which case it shall be retained for the same period as the related registration and health data specified in our Privacy Notice shared at the point of registration as a client of our services;

  • any data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Typically, this will be derived from usage data.

We maintain system backups for disaster recovery purposes. This means that information which is deleted from our live systems may still remain in backup until it is overwritten.

We may retain your personal data longer than set out above where necessary to comply with law or in connection with any legal claim.

Your rights

As an individual whose personal data is processed by WellFounded Health, you have:

  • The right to be informed: Transparency is a key requirement of data protection law. You have the right to be informed about the collection and use of your personal data. This privacy notice is designed to provide you with the information needed to allow you to see how and why your personal data is used when visiting this website.

  • The right to access the data we hold on you: You also have the right to ask for the personal data that we have about you to increase your awareness of and allow you to verify the lawfulness of the processing. To protect your privacy we may ask you to verify your identity.

  • The right to have your data rectified if it is inaccurate: If you believe that personal data we hold on you is inaccurate or misleading then you have the right to request that it is rectified.

  • The right to erasure (in limited circumstances): In some circumstances, you can ask for your personal information to be deleted, for example:

    • ​your personal information is no longer needed for the reason it was collected in the first place

    • you have removed your consent for us to use your information (where there is no other legal reason for us to use it)

    • there is no legal reason for the use of your information

      • Please note that we cannot delete your information where:

        • we're required to have it by law

        • it is necessary for legal claims

  • The right to have your data restricted or blocked from processing: In certain circumstances, if you raise a complaint on how we have handled your personal data, you may also request that we 'restrict processing' meaning that the data will be preserved from further processing 'as evidence' either while we investigate your complaint or to support your complaint

  • The right of data portability (in limited circumstances): Where you have provided your personal data directly to us that is processed by automated means and is done so purely on the basis of your consent, then you will have the right to obtain and reuse your personal data in an electronic format for your own purposes across different services.

  • The right to object to direct marketing: You have an unconditional right to object to direct marketing at any time. As noted within this privacy notice nibusinessinfo.co.uk will not send you direct marketing without your consent and you can withdraw your consent at any time by selecting the 'unsubscribe' link within each email.

  • The right to object to processing of your personal data: Processing is the term under data protection law that describes all uses of your personal data. This will include the collection, sharing, storage, retention and destruction of your data.

  • You have the right to object to any aspect of our processing of your personal data:

    • that is processed based on WellFouned Health's legitimate interests;

    • that is processed for purposes of scientific/historical research and statistics; and

    • if it involves any automated decision making or profiling carried out by WellFounded Health

If you would like to exercise your right of access in relation to information held on you by WellFounded Health, email team@wellfounded.health

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contacting us

If you have any specific data protection queries or concerns, you can address them to team@wellfounded.health