WHO WE ARE

Very Well is operating the authorised website for Very Well (www.verywellhealth.uk) and licensed to market Very Well products. Very Well (“we”, “us”, or “our”) are committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.

The statement applies to personal data provided to us, both by individuals themselves or by others on behalf of individuals. We may use personal data provided to us for the purposes described in this privacy statement or as made clear in another form before collecting personal data.

Very Well is located at 2nd Floor Gadd House, Arcadia Avenue, London, England, N3 2JU.
Their official website, www.verywellhealth.uk, is managed and run by Very Well itself.

PERSONAL DATA

Under the (‘UK GDPR’) and Data Protection Act 2018 (‘the Act’), personal data is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose differ, and are set out in the relevant sections below.

The personal data that is provided to us is provided either directly from the individual concerned, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches, and Companies House).

Where we receive personal data from a third-party that relates to an individual, we request that this third-party informs the individual of the necessary information regarding the use of their data and we check upon the third-party in accordance with the Data Processing Agreement. In addition, at the very first communication with the individual, we inform them where we collected the data from.

THE DATA CONTROLLER

A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. VERY WELL is the data controller as defined by relevant data protection laws and regulation.

 LAWFUL PROCESSING

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:

(a) Consent: you have given Very Well (e.g. any of the following depending on the situation freely, specific, informed or unambiguous) consent for your personal data to be processed for a specific purpose.

(c) Compliance with legal obligation: the processing is necessary for Very Well to comply with the law (e.g., the tax/social security obligation/employment law) (not including contractual obligations).

(f) Legitimate interests: the processing is necessary for Very Well legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

DATA RIGHTS

Your data subject rights are listed below:

• the right of access.
• the right to rectification.
• the right to erasure or right to be forgotten.
• the right to restriction of processing.
• the right to be informed.
• the right to data portability.
• the right to object.
• the right not to be subject to a decision based solely on automated processing.

Under the UK GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date.

To exercise any of the above rights, please write to:

Head of Data Privacy

Very Well
2nd Floor Gadd House
Arcadia Avenue, London
England, N3 2JU

Email: info@verywellhealth.uk

DATA THAT WE HOLD

Contacts

Personal data from our contacts, which covers both potential and prior customers, as well as potential and prior employees, are held in our Customer Relationship Management Database.

This information is entered into the Customer Relationship Management Database as part of the process to complete the services to you.

We use the Customer Relationship Management Database to improve our services and to update our customers of additional products and services we provide. We rely on the lawful basis of contract, consent and legitimate interest, depending on the situation. Contacts can withdraw their consent, update their preferences at any time by visiting the website or using a link within one of our emails.

Why do we process data?

Where personal data on business contacts is held, it is used for the following purposes:

• Updating the customer on services
• Promotion and development of our offerings
• Communication of technical updates
• Hosting and facilitating of events
• Feedback
• Managing of our relationships and administration and management

Where do we store data?

Personal data that may be stored in the Customer Relationship Management Database includes, but is not limited to, names, email addresses, physical addresses, and details of the initial interaction.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

What data do we hold?

The data that we hold depends on what data was entered and for what purpose.

Where data was entered in order to engage with functionality of our website, that personal data may include names and e-mail addresses.

Where data is collected automatically, include technical information, such as IP addresses used to connect an individual’s computer to the internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

We may also collect other data about an individual’s visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

Our website uses cookies to distinguish individuals from one another. This helps us to provide a better experience when individuals browse our website and, also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Why do we process data?

There are several reasons why we will process the personal data that an individual may provide to us when visiting our websites.

For examples, these include:

• Administration – to administer our website and to improve internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. For example, we use this data to ensure that the website is presented well for individuals and is optimised appropriately.
• Functionality – in order to allow individuals to use some functionality of our website, certain personal data must be entered in order for features to work as intended.
• Security – in order to keep our website safe and secure, we may sometimes collect personal data, for instance login information and other data that can be used to vouch an individual’s identity.
• Promotion and development of our offerings – some personal data may be used in order to measure or understand the effectiveness of advertising we serve to individuals, and to ensure that only relevant advertising appears.

SHARING PERSONAL DATA

When may share your personal data with third parties when we are legally permitted to do so. Before engaging with third parties, we conduct vendor risk assessments and regulation tests to verify the compliance level of those third parties. When we decide to share your data with those third parties, we put contractual arrangements and security mechanisms in place to protect your data in order to maintain compliance with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

Third party organisations that provide applications/functionality, data collection and processing or IT services to us – we use third parties to support us in providing our services, obtaining feedback from our customers and prospective customers and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services;

Auditors and other professional advisers; and

Law enforcement or regulatory agencies or those required by law or regulations.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

THIRD PARTY WEBSITES

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

LOCATIONS OF PROCESSING

The data that we collect from you will be processed at our servers in the UK. We may also store your information in our cloud servers based in the EU and the transfer is conducted in line with the requirements set out in Chapter 5 of UK GDPR.

If personal data is transferred outside the UK to a country without a designated adequacy rating, Very Well will request the data subject’s consent before processing the data. Consent will not be sought where the processor’s Binding Corporate Rules, Standard Contractual Clauses or ad-hoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.

If personal data is transferred outside the UK to a country without a designated adequacy rating, Very Well will request the data subject’s consent before processing the data. Consent will not be sought where the processor’s Binding Corporate Rules, Standard Contractual Clauses or ad-hoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.

SECURITY OF YOUR INFORMATION

To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

HOW LONG WE STORE YOUR PERSONAL DATA FOR

We store your personal data in accordance with our data retention policy commonly known as the Record Retention and Destruction Policy (RR&D). This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.

In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.

Furthermore, as outlined in this policy we collect data for different purposes and from different groups, for which is retain the information in different ways:

Professional Services

We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as

required by applicable law or regulation, typically 6 years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our customers.

Personal data we do not use is securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

People who use our website, mobile apps, and other means

For more information about our data retention schedule, please email us at info@verywellhealth.uk

CHANGES TO THE THIS PRIVACY POLICY

This privacy policy was last updated on 02/10/2023. Very Well reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to Very Well will be deemed to signify your acceptance to the variations.

COMPLAINTS

For further information on your rights and how to complain to the ICO, please refer to the ICO website.

Contact details:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Data controller and contact information

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Head of Data Privacy

Very Well
2nd Floor Gadd House
Arcadia Avenue, London
England, N3 2JU

Email: info@verywellhealth.uk