AHS Wellbeing Online CIC, trading as AHS Wellbeing, is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws in the territories that we operate within. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. You should read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
If you have any questions regarding our use or storage of your data please contact us via the Contact page.
Last updated – 1st Febuary 2021
The personal data we might collect
AHS Wellbeing Online CIC may collect and/or create or otherwise obtain and process the following data about you:
- Information about you that you provide by filling in forms while registering for activities and/or making purchases on our websites
- Information about you from third parties where you are a patient of said party and have consented that your personal information can be shared with us, for us to help facilitate your care.
AHS Wellbeing Online CIC websites:
This includes information provided at the time of registering to use our websites, becoming a participant or volunteer at the Mid Sussex Marathon, being referred to us as part of the Well Balanced falls prevention programme, subscribing to our communications, posting material, booking onto, entering, attending and/or volunteering at events or activities we manage or requesting further services.
- Information from your social media accounts but only where you have given us permission to use it. For example, posts, pictures and video footage you share on sites such as Facebook and Twitter.
- We may also ask you for information when you report a problem or make a complaint and, if you contact us, we may keep a record of that correspondence.
- We may also ask you to complete optional surveys that we use for research purposes and to provide you with a more relevant customer experience.
- Information about emails and other communications we have sent to you and your interaction with them.
- Information from third parties where you consent to those other organisations sharing information, they hold on you with us, and where those other organisations lawfully share your information with us.
How we use your personal data
AHS Wellbeing Online CIC will use your personal information to:
- Ensure that content from our websites is presented in the most effective manner;
- Authenticate you when you register;
- Carry out our obligations arising from any contracts entered into between you and AHS Wellbeing Online CIC;
- Provide you with information, products or services that you request from AHS Wellbeing Online CIC or which we feel may interest you, where we are legally entitled to do so;
- Enable people to join events, activities and groups and communicate with each other via systems we provide as part of that activity;
- Allow you to participate in interactive features of AHS Wellbeing Online CIC’s service when you choose to do so;
- Notify you about changes to our service;
- To gather statistics about memberships and people interested in our events and activities; or
- To segment your personal data to make sure that you only receive information that is relevant to you. For example, if you are based in Cardiff, to make sure that you do not receive information about events in Glasgow.
- Publish and maintain a comprehensive set of results and rankings for the events and activities we provide where it is appropriate to do so
Lawful basis for processing your personal data
AHS Wellbeing Online CIC will not use any of the personal information we collect from you to make automated business decisions.
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where we:
- Have your consent to do so;
- Need the personal data to form and fulfil a contracted product or service with you;
- Need to process your personal information for our legitimate interests and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms;
- Have a legal obligation to collect personal information from you; or
- Need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).
AHS Wellbeing Online CIC will take all steps reasonably necessary to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. This includes the maintenance and enforcement of robust policies and procedures to ensure information security and data protection is at the forefront of the services we provide to you. Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your personal data transmitted to us via the internet, we cannot guarantee the security of your data transmitted to our website from your device. Any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share such a password with anyone.
Where any payments are being collected on our behalf, we require our payment providers to be compliant with the Payment Card Industry’s Data Security Standards (PCI-DSS).
We understand the importance of your privacy, which is why we apply (and require our service providers to apply) appropriate physical, technical and administrative safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to do so.
Providing your personal data to others
We do not pass your details to third parties unless it is part of a service that we are providing to you which requires us to do so. Where we pass your personal data on to third-party service providers contracted to AHS Wellbeing CIC Online in the course of dealing with you, any third parties that we may share your data with are obliged to keep your details securely, and to use them only to provide the services we require.
When they no longer need your data to fulfil this service, they will dispose of the details in line with our policies and procedures.
Trusted third parties who assist us in providing our products and services may include and is not limited to:
- Marketing agencies – to provide relevant digital content to our customers
- Database hosting companies – to host AHS Wellbeing Online CIC digital platforms (e.g. the Mid Sussex Marathon website) and associated customer databases to enable customers to log in and interact with the website
- Email broadcasting companies – to send emails to our customers
- SMS broadcasting companies – to send SMS and text messages to our customers
- Mailing houses – To send products and benefits to our customers that are not directly produced by ourselves (e.g. publications)
- Market research companies – to undertake research of our own customers
- Social media companies (e.g. Facebook/Twitter) – to verify your identity when you register on our web site using ‘register with’ functions and to provide you with relevant social media posts
- Online learning hosting companies – to enable our customers to take part in online training and learning
- Governing bodies of sports and activities in which we are operating – to assist in event management, disciplinary issues and maintenance of competition licences (Run Britain and other federations)
- AHS Wellbeing Online CIC registered event organisers, event/activity leaders and officials – to enable event organisers, event/activity leaders and officials to manage AHS Wellbeing Online CIC registered activities and communicate with participants and appointed volunteers.
- Sports results agencies – to collate results and reports for the AHS Wellbeing Online CIC website on behalf of AHS Wellbeing Online CIC
- Healthcare providers and agencies who referred you to us for participation in Falls Prevention or other health & wellbeing activities where we are required to keep them informed of your participation, progress and wellbeing.
International transfers of your personal data
We do not envisage transferring any information about or relating to individuals to anyone who is located outside of the UK or EEA (European Economic Area).
However, on some occasions, the information we collect may be transferred to organisations who may store and use such data at premises in other countries. Examples of this may be the use of Eventbrite or other online booking and reservation services for our events. Where we allow an organisation to process your personal information outside of the UK/EEA, we will ensure that we create and maintain appropriate safeguards with those organisations so that your personal information is subject to the same standards and protections as when we are processing your personal information inside the UK/EEA.
If you choose to sign-up with Facebook/Twitter when you register on our website were we to provide that option to you, AHS Wellbeing Online CIC may access your personal data in your Facebook/Twitter account, depending on your settings, and we may post information submitted on our websites to Facebook/Twitter who will store such information in the United States.
Where the international transfer of data is required to provide our services to you, then AHS Wellbeing CIC Online will always seek to have in place Standard Contractual Clauses (SCC) that specifically outline data sharing and transfer agreements with between AHS and third-parties/suppliers.
We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows:
- As long as you continue to log into our website or use our services (including engaging with emails, entering events and/or participating in activities, making purchases, entering prize draws or downloading content) we will retain and process information about you. In such cases, you will be an ‘active’ customer. If you have not been ‘active’ as a customer for a period of three years, AHS Wellbeing Online CIC will deactivate your customer account and anonymise any personal data relating to you.
- Any data relating to the obligations of AHS Wellbeing Online CIC to maintain a comprehensive published index of results in the course of our work with National Governing Bodies for sports will be retained. This would not include more than your name, age category and gender alongside details of the event in which an individual took part.
- Any data we are required to hold in the course of our management of Falls Prevention or other health & wellbeing activities/programmes for which you have been referred to us will be retained for the period deemed appropriate by the authorised referring agency, and, will be securely destroyed in accordance with that agencies guidance at such time as they instruct us to do so or where we are required to do so under the applicable data protection legislation.
- Personal data linked to the processing of insurance claims, subject access requests, disputes, safeguarding investigations, disciplinary or police matters will only be kept for as long as is necessary for those purposes, as each is applicable.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:
- Right of access – You have the right to obtain a copy of the information we hold about you
- Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example, if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
- Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
- Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
- Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
- Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
- Right of Complaint – You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.
- Right to Opt-out of Marketing Communications – You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
You also have the right to make a complaint with regard to our processing of your personal information to the relevant data protection authority in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner’s Office. You can find out more about raising a concern on their website at https://ico.org.uk/concerns/, or by contacting them directly:
Information Commissioner’s Office
Tel: +44(0)303 123 1113