Welcome to Wellbeing Courses website. This privacy policy explains how we collect, use and protect your personal information. We will also explain what rights you have with regards to your personal information and how you can exercise those rights.

Wellbeing Courses is a jointly funded organisation committed to improving the wellbeing, health and happiness of everyone living in Bath and North East Somerset (BaNES). It also provides training to volunteers who support the Bath and North East Somerset Community Health and Care Services.

The service is provided by HCRG Care Services Limited (part of the HCRG Care Group). HCRG Care are contracted to run Wellbeing Courses as part of the Bath and North East Somerset Community Health and Care Services on behalf of NHS Bath and North East Somerset CCG and Bath and North East Somerset Council.

Our registered office is:

HCRG Care Services Limited, Lynton House,

7-12 Tavistock Square, London WC1H 9LT

Registered in England and Wales number: 07557877

We collect information from users in order to care for you in the best way and give you access to the courses you choose to attend.

This document is called a Privacy Notice and it tells you why we collect information about you, how we use that information, how we keep it safe and who we sometimes share it with.

Our service collects and holds information about you. This is known as Personal Data and includes details like:

• Full name
• Date of Birth
• Phone/Mobile number
• E-mail address
• Postcode 

We keep this information about you as we want to make sure that we can contact you with regards to your upcoming course and also gain feedback regarding the course that you have just attended. 

We also will share the essential information with the course tutors in order that they can contact you with regards to any last minute changes that may impact your attendance on a course.  

You input your information via the Wellbeing Courses website and we then use the information you have provided in order to communicate with you. This can be through emails, telephone calls, text messages and in person.

The Data Protection Act 2018 is a government law that allows us to collect information as long as we can show that we have good reasons for doing so; such as looking after your health and wellbeing and keeping you safe from harm. 

We have guidelines and rules that we follow to keep your information safe. Our staff who help to look after you have access to the information, we have about you.

We will only share your information with external parties if they are directly involved in your booking, i.e. course tutors.

REMEMBER! NEVER give out your information to people who you don’t know or don’t trust, and only give it out when you need to.

You have a right to contact us: 

• To update or change your personal information.
• To ask for a copy of the information we hold about you (we can provide a copy in 30 days).
• If you don’t want us to share your information with other organisations.
• If you no longer wish for us to keep your data.

WHO CAN YOU CONTACT ABOUT THE INFORMATION WE HOLD ABOUT YOU?

If you have any questions or are not happy with how we have handled your information, you and your parents can contact us at Information.governance@hcrgcaregroup.com  

Or write to us at the following address

Head of Information Governance & Data Protection Officer

HCRG Care Group

Heath Business & Technical Park

Runcorn

Cheshire

WA7 4QX

We collect, store and use information about you when you contact us about the courses provided by the Wellness Courses, or create a login using this website. Contact may be made via the website "Contact Us" page, website booking page, by phone, by email or in person. This includes the following categories of data:

• Name, phone number, email address and postcode.
• We may also receive information about you from our trusted subcontractors who provide technical support, record your marketing preferences and analytics support.

We may also collect, store, and use the following "special categories" of more sensitive personal information when create an account:

• Ethnicity
• Age band (whether you over the age of 16)

If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not receive your enquiry.

Use of your personal data

We use your personal information for the following purposes.

• To manage any communication between you and us about the course you are enquiring about or have booked.
• To respond to your compliments or complaints, claims or other enquiries.
• Communicating booking information and attendee names with our course providers.
• To ensure the safe operation and security of our website and obtain statistical information about its usage.
• To keep our records up to date.
• To keep you informed about our services, surveys, and courses.

We may share information with the following third parties:

• Course providers - we only share limited information such as your name, phone number and email address with your course tutor/provider(s). This will only be used for sharing course-related information and updates with you.
• Specific teams within the HCRG Care Group who provide our back-office support. For instance, the management of our IT, data protection enquiries, communications, complaints and claims, incidents, on a need-to-know basis for back-office support.
• Trusted third party suppliers such as our website providers and our Privacy Portal for managing requests about your information.

We process your information for legitimate interests:

• To manage our relationship with you, e.g. follow up on contacts made to Wellbeing Courses and to share minimal information with our tutors & providers to enable effective management of the course(s) you are attending.
• To support the resolution of claim, complaints, incident management and requests for personal data - we may share information with our corporate team within the HCRG Care Group for the purpose of managing any complaints, access to records requests via our third party hosted Privacy Portal or queries or IT support.
• For statistical analysis to ensure that we can improve our services and website
• Where it is necessary for the purposes of preventing or detecting a criminal offence.

During the sign up process you will be asked whether you want to sign up to the Wellbeing Courses email newsletter. If you do choose to opt-in, you can opt-out at any time by email or telephoning the Community Wellbeing Hub. 

We keep your training record in accordance with the national guidance: Records Management Code of Practice for Health and Social Care 2016, after which records and confidential information are securely destroyed in line with this code of practice. Your data will be securely recorded for 6 years.

We want you to be confident that your information is kept safe and secure with us and our trusted partners and held in line with data protection laws.

We take the utmost care when handling your personal and confidential information and ensure that we have appropriate organisational and technical security measures in place to prevent unauthorised access, accidental damage, destruction or loss.

We use computer safeguards such as firewalls, VPNs, data encryption and enforce physical access controls to our building and record to keep information safe and expect those who are employed or work in partnership with us have regular training and follow our policies and procedures. We take active steps to monitor compliance with these.

We enforce physical, electronic and procedural safeguards in connection with the collection, storage, disclosure and destruction of personal data.

We use cookies to offer you the best browsing experience of our website.

An HTTP cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember useful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields, such as names, addresses, passwords, and credit card numbers.

You can set your browser not to accept cookies and the following websites tell you how to remove cookies from your browser. You can opt-out from the implementation of cookies at any time. However, you may find that this impacts on your user experience when navigating the website.

This website uses Google Analytics to monitor usage of the website, so that we can understand, learn, and improve the quality of our website for you and other users. The Google Analytics cookies do not collect any information that can identify you. Information collected is anonymous and:

• Helps us to monitor which website our users arrived from.
• Provides statistics on how our site is used.
• Helps us improve the site.

To provide website visitors the ability to prevent their data from being used by Google Analytics, Google has developed the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout/

We also use Google Captcha, which uses cookies, to make sure that users of our website are humans and not 'bots'. Bots are automated computer processes that trawl the internet trying to access websites. It is very important that bots are not granted access to websites and security measures are needed to prevent them.

You may see a Captcha box appear on some of our webpages. Google Captcha uses very advanced technology to stay ahead of bots and although the processes are not published in detail by Google, they describe the overall process, and we would encourage you to read this.

You can set your browser not to accept cookies and the following websites tell you how to remove cookies from your browser. However, you may find that this impacts on your user experience when navigating the website.

For more information visit www.aboutcookies.org 

The Wellbeing Courses website is hosted by digitalalgorithms.com and contains links to other websites. Our privacy policy only applies to this website and the information we hold so when you link to other sites, please read their own privacy policies.

Data Protection laws provides you with the following rights:

The right to be informed: As a data controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided by our privacy policy).

The right of access: You are entitled to request a copy of the personal data we hold about you.

The right to rectification: You are entitled to request changes to information if it is inaccurate or incomplete.

The right to erasure: Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.

The right to restrict processing: Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data, but will not process it any further.

The right to data portability: Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation.

The right to object to processing: You have the right to object to our processing of your data where:

• Processing is based on legitimate interest.
• Processing is for the purpose of direct marketing.
• Processing is for the purposes of scientific or historic research.
• Processing involves automated decision-making and profiling.

Please note that the above rights may not apply in all circumstances, but we will respond within a month of any requests. If you have any questions or concerns about the information we hold about you, please contact our Data Protection Officer by one of the following options:

Email: information.governance@hcrgcaregroup.com 

Tel: 01925 302514

Post:

If you are not happy about the way your information is handled, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).

https://ico.org.uk/global/contact-us/ 

We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our data protection officer if you would like more information.

Last update: May 2023