Privacy Policy
Effective date: 22/10/2025
Who we are: Integral Workplace Wellness Ltd (“IWW”, “we”, “us”, “our”)
Company no.: 13014917 • ICO reg.: ZB064003
Registered address: IWW House, C/O CJM Associates, Floor 2 Lakeside Point Lakeside Business Park, Walkmill Lane, Cannock, Staffs, United Kingdom, WS11 0XE
Contact: info@integralworkplacewellness.com
1) Scope
This notice explains how we process personal data when you:
make an enquiry or join our mailing list;
book or receive our services (e.g., wellbeing calls, training, workshops), including when a lead booker from a client organisation provides staff details to us.
It applies to data we process as a controller under UK GDPR and the Data Protection Act 2018.
2) What personal data we collect
A) Website & marketing
Identifiers & contact: name, work email, phone, organisation, role.
Usage data: IP address, device/browser info, pages viewed, links clicked (via cookies/analytics—see Cookies below).
Preferences: your marketing opt-in/opt-out.
B) Service delivery (B2B clients)
Provided by you (lead booker) or by attendees directly:
Attendee details: name, work email, role/department, manager contact, availability, booking history.
Call/admin data: call notes limited to administration (e.g., attendance, reschedule requests, signposting given).
We do not request clinical or diagnostic information. If access needs or wellbeing notes are shared, we ask that attendees submit them directly to us via a secure form. Please do not include special category data in bulk spreadsheets.
C) Special category data (rare/optional)
Only where necessary and proportionate, and typically with the individual’s explicit consent (or in limited cases vital interests/legal claims): e.g., information about health or access needs so we can make reasonable adjustments.
3) Lead bookers providing others’ data
If you provide staff/attendee details, you confirm you are authorised to do so, have informed those individuals that you will share their details with IWW, and have directed them to this Privacy Policy.
4) Why we use personal data (purposes) & lawful bases
To respond to enquiries and provide quotations – Legitimate interests / Contract.
To set up and deliver services (scheduling, attendance, facilitation, follow-up resources, certificates if applicable) – Contract (with your organisation) and Legitimate interests (to run our services).
To provide adjustments where requested – Explicit consent (health/access info) or Legal obligation (equality duties), and Legitimate interests (inclusive service).
To send service communications (confirmations, reminders, material updates) – Contract/Legitimate interests.
To improve our services, report anonymised outcomes to the client – Legitimate interests (we aggregate/anonymise wherever possible).
To comply with legal/insurance obligations (records, tax, safeguarding, legal claims) – Legal obligation/Legitimate interests.
Marketing emails to named individuals – Consent (opt-in). You can withdraw at any time.
We do not make automated decisions that produce legal or similarly significant effects.
5) Who we share data with
Within IWW: limited to staff/contractors who need access under confidentiality.
Our processors (under contract): email and productivity tools (e.g., Microsoft/Google), scheduling platforms, e-signature/forms (e.g., Jotform), telephony/VOIP, secure cloud storage, website/analytics providers, payment processors (if you pay us online).
Client organisation: we may share attendance/completion summaries with your employer/commissioning client. Individual wellbeing content is not shared unless agreed, required by law, or safeguarding applies.
Legal/insurance: where required to comply with law, enforce our terms, or manage/defend claims; and in a business transfer.
6) International transfers
Some processors may store data outside the UK. Where they do, we ensure appropriate safeguards (e.g., UK IDTA/ICO-approved SCCs) or an adequacy decision is in place.
7) How long we keep data (retention)
We keep personal data only as long as needed for the purposes above, then securely delete or anonymise it. Typical periods:
Enquiries (no contract): up to 12 months.
Service delivery/attendance records: 6 years after the end of the contract (limitation period/insurance).
Health/access info (if collected): keep only as long as needed to provide the adjustment, then minimise or delete per policy.
Marketing contacts: until you unsubscribe or after 24 months of inactivity.
Your organisation’s contract may set specific retention terms; if so, we follow those.
8) Security
We use appropriate technical and organisational measures, including encryption in transit, access controls, least-privilege access, and staff confidentiality. No method is 100% secure, but we take reasonable steps to protect data against loss, misuse, and unauthorised access.
9) Your rights
You have rights under UK GDPR, including access, rectification, erasure, restriction, objection, and data portability (where applicable). You can withdraw consent where consent is our basis.
To exercise rights: contact info@integralworkplacewellness.com
You also have the right to complain to the ICO (ico.org.uk), but please contact us first so we can try to resolve your concern.
10) Children
Our services are commissioned by organisations for adults in the workplace. We do not knowingly collect data from children. If you believe a child has provided personal data, contact us and we will delete it.
11) Cookies & analytics
We use cookies and similar technologies to run the site and understand engagement. For details, see our Cookie Policy.
12) Changes to this notice
We may update this policy from time to time. The latest version will always be on this page with an updated effective date.
13) How to contact us
Data protection queries: info@integralworkplacewellness.com • 0800 779 7750
Postal: IWW House, 16 Wharf Road, Rugeley, Staffordshire WS15 1BL