Privacy policy

Your privacy is important to us. This privacy statement provides information about the personal information that we collect, and the ways in which we use that personal information.

The service and our online programmes are not intended for children and we do not knowingly collect data relating to children.

Controller

In relation to the provision of our services, Headsted Ltd is the controller and responsible for your personal data. If you have any questions about our privacy policy, including any request to exercise your legal rights as described below, you can contact the data privacy manager. The contact details are given below.

Contact details

Headsted Limited (UK Company Number: 9200049)
Name of data privacy manager: Kirsikka Kaipainen
Email address: kirsikka@headsted.co.uk
Postal address: Headsted Ltd, 31 Clarendon Avenue, Leamington Spa, Warwickshire CV32 4SQ

Personal information collection

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer the following kinds of personal information about you:

  • Contact data: your contact details, including information needed to create and use an account for our service, usually including email address, first name, and last name;
  • Disclosed data: information that you provide while using the website services, including your responses to surveys and exercises within the programmes;
  • Usage data: information about your use of this website, including when a programme has been started or sections completed;
  • Transaction data: about transactions you carry out over this website;
  • Subscription data: information that you provide for the purpose of subscribing to the website services, including the newsletter; and
  • any other information that you send to us.

Anonymized data for research and analysis

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you and is therefore no longer personal data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users completing a certain section of a programme.

Using personal information

We may use your personal information to:

  • enable your access to and use of the website services;
  • supply to you services that you purchase;
  • send to you statements and invoices;
  • collect payments from you; and
  • send you marketing communications, provided you have given us explicit permission to do so.

We may disclose your personal information to our agents or sub-contractors for these purposes. The agent or sub-contractor in question will then be obligated to use that personal information in accordance with the terms of this privacy statement.

We may disclose your personal information in an anonymized form to external research bodies for research purposes, provided you have given us your consent to do so.

In addition to the disclosures reasonably necessary for the purposes identified above, we may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend our legal rights.

Securing your data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on a secure server located in the EU.

We have set procedures to follow if we suspect any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal information.

  • Access to information: You have the right to request a copy of the information we hold about you.
  • Ensuring accuracy of information: We want to make sure that your personal information is accurate and up-to-date. You may ask us to correct or complete information that is inaccurate or incomplete.
  • Ability to restrict processing: You may also have the right to require us to restrict our use of your personal information in certain circumstances. This may apply, for example, where you have notified us that the information we hold about you is incorrect and you would like us to stop using such information until we have verified that it is accurate.
  • Right to erasure: You may have a right to erasure, which is more commonly known as the 'right to be forgotten'. This means that in certain circumstances you can require us to delete personal information held about you.
  • Right to data portability: You may have the right to receive personal information we hold about you in a format that enables you to transfer such information to another data controller (e.g. such as another service provider).
  • Preventing direct marketing: We do not sell your personal information or send you direct marketing without your explicit permission. We will always inform you and ask for your permission if we intend to use your personal information or if we intend to disclose your information to any third party for such purposes.
  • Objecting to other uses of your information: You may also have the right to object to our use of your information in other circumstances. In particular, where you have consented to our use of your personal information, you have the right to withdraw such consent at any time.
  • Review by an independent authority: You will always have the right to lodge a complaint with a supervisory body, including the Information Commissioner’s Office.

Cross-border data transfers

Information that we collect may be stored and processed in and transferred between any of the EEA countries to enable the use of the information in accordance with this privacy policy. Any transfers of information will be in full compliance with all aspects of the data protection act. You agree to such cross-border transfers of personal information.

Updating this statement

We may update this privacy policy by posting a new version on this website. You should check this page occasionally to ensure you are familiar with any changes.

Other websites

This website contains links to other websites. We are not responsible for the privacy policies or practices of any third party.

Registration with the Information Commissioner’s Office

Headsted is registered with the Information Commissioner’s Office under reference ZA111977.