top of page

Privacy Notice – Wellbeing Enterprises CIC

1. Introduction

This Privacy Notice explains in detail the type’s of personal data we may collect about you when you interact with us or access our services. It also explains how we’ll store and process that data and how we’ll keep it safe.

2. What is Wellbeing Enterprises?

  • Wellbeing Enterprises was established in 2005 as the first Wellbeing Community Interest Company in the UK.

  • Wellbeing Enterprises is a pioneering leader in the health and wellbeing sector that offers bespoke products and services to improve the health and wellbeing of individuals and communities.

  • Wellbeing Enterprises also provide specialist support to health and social care professionals and organisations to enable them to put wellbeing at the core of what they do.

  • For simplicity throughout this notice, ‘we’ and ‘us’ means Wellbeing Enterprises.


3. Explaining the legal bases we rely on

The General Data Protection Regulation sets out a number of different reasons for which an organisation may collect and process your data. These include:


In specific situations, we can collect and process your data with your consent.For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in condition with a particular service.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, A contract is an agreement between parties which is binding in law and therefore we will have to supply anonymised data to our commissioners who fund us to demonstrate the work we have delivered.

Legal compliance

If the law requires us to, we may need to collect and process your data.

For example, we can pass on details of people involved in criminal activity affecting the organisation to law enforcement.


Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, where processing enables us to enhance, modify, and improve the services we deliver to the community


4. When do we collect your personal data?

We collect your personal information in a number of ways:

  • Referral form (when an individual first comes in contact with our services)

  • Via our website through the booking form system, subscribing to email newsletters, and ‘Contact Us’ form

  • Questionnaires when first accessing our services

  • Through the registration process of our Happy Place app

  • Via our Welljoy Shop website purchasing/payment form


5. What sort of personal data do we collect?

We collect the following personal information;

  • Name

  • Gender

  • Date of Birth

  • Address

  • Email

  • Telephone

  • Information gathered by the use of cookies in your web browser

  • Information gathered by use of GPS on our Happy Place app

  • Information gathered by Google Analytics

  • Credit/debit card information when purchasing via the Welljoy Shop website


6. How and why do we use your personal data?

We collect this information for the following purposes:

  • To protect our organisation and you from fraud and other illegal activities. (Legal compliance)

  • To comply with our contractual or legal obligations to share data with law enforcement. (Legal compliance)

  • To supply anonymised data to the commissioners who fund us to demonstrate the work we have delivered. (Contractual obligation)

  • To send you email newsletters about our services. (Consent)

  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide to you. For example, updates to this Privacy Notice. These service messages do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations. (Legitimate interest)

  • To enhance, modify, and improve the services we deliver to the community. (Legitimate interest)

  • To participate in research studies to evidence the benefits our service has on the people and communities it supports. (Your information will not be shared for this purpose without your consent). (Legitimate interest)


7. How we protect your personal data

  • We know how much data security matters to all of our clients. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.

  • We secure access to all transactional areas of our website and apps using ‘https’ and ‘SSL’ technology.

  • Google Analytics is committed to GDPR and the protection of the data it stores. Google Analytics is certified by the EU Privacy Shield and ISO 27001. Further information regarding how Google Analytics safeguards your data can be found here.

  • Access to your electronic personal data is password-protected and can only be accessed when on Wellbeing Enterprises office premises. Copies of paper based personal information is locked away securely in our filing systems and does not leave the premises

  • We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.


8. How long will we keep your personal data for?

  • Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected.

  • At the end of that retention period, your data will either be deleted completely or anonymised so that it can be used in a non-identifiable way for statistical analysis and reporting to funders.


Examples of data retention periods:

  • Employee records are kept for 6 years following termination of Contract.

  • Patient/client data is kept for 7 years and then becomes anonymised for the purposes mentioned above.

  • Personal information collected in relation to children is kept indefinitely.


9. Who do we share your personal data with?

We sometimes share your personal data with trusted third parties. When we share your data, we make sure that:

  • We provide only the information they need to perform their specific services.

  • They may only use your data for the exact purposes we specify in our contract with them.

  • We work closely with them to ensure that your privacy is respected and protected at all times.

  • If we stop using their services, any of your data held by them will either be deleted or anonymised.


Sharing your data with third parties for their own purposes:

We will only do this in very specific circumstances, for example:

  • We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so.

  • For fraud management, we may share information about fraudulent or potentially fraudulent activity on our premises or in our systems. This may include sharing data about individuals with law enforcement bodies.


We currently share personal information with the following organisations who will process your data as part of their contracts with us:

  • NHS Halton CCG

  • North West Boroughs Healthcare NHS Foundation Trust

  • UnLtd

  • Royal Liverpool and Broadgreen University NHS Trust

  • Aintree University Hospitals NHS Foundation Trust


10. Where could your personal data be processed?

The data Wellbeing Enterprises collects is processed and stored exclusively within the United Kingdom.


11. What are your rights over your personal data?

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.

  • The correction of your personal data when incorrect, out of date or incomplete.

  • That we stop any consent-based processed of your personal data after you withdraw that consent.

  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).

  • The right to request that all of your personal data is erased from our systems.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.


Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We will then do this unless we believe we have a legitimate overriding reason to continue processing your personal data.


Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.


Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. You can contact us to request to exercise these rights at any time as follows:


If we choose not to action your above requests we will explain to you the reasons for our refusal.


12. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any request that you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or go online to


13. Any questions?

If you have any questions that haven’t been covered please contact Helen McPeake who will be pleased to help you:

  • Telephone: 01928 589 799

  • Address: Bridgewater House, Old Coach Rd, Runcorn, WA7 1QT

bottom of page