Healthier Futures Privacy Notice

Privacy notice – What’s that?

Children have the same rights as adults do over their personal data/ information. So we have to make sure you know how we will use and keep your personal information, and that’s what a ‘privacy notice’ explains.   

This privacy notice gives you lots of information on how your personal information will be used when you choose to join the Healthier Futures Programme. This is a privacy notice issued on behalf of the controllers Pulse Healthcare Limited who are trading as Xyla. We are committed to ensuring that your privacy is protected. If you provide us with personal data, you can be assured that it will only be used for what is written in this privacy notice. 

Personal data/information – What’s that?

Personal information is any information about you, this includes information that is used to identify you. It can be something simple like the details of where you live, your name and email address/ telephone number. As we will be helping you take part in the programme, there might be things we need to know from your parents that will help us to make sure you have everything you need to take part in and enjoy the Healthier Futures Programme. 

Who are we?

Xyla is the company who will be running the Healthier Futures Programme, and we do lots of other things too, including helping adults make lifestyle changes to reduce their risk of Diabetes. The Healthier Futures Programme is a pilot, which means we are testing out whether the programme would be something we could use in schools permanently. The idea of the programme is to have fun whilst learning about a healthy lifestyle.  The choices we make throughout our lives, make a difference to our bodies and our minds, so we hope that you will get lots of information on how to make balanced choices, and how to move your body to make sure you stay healthy. We will run the programme over ten sessions, which will all have a slightly different topic, so that you can get all the information that might help you, in nice bitesize chunks.  

When we mention “we”, “us” or “our” in this privacy notice, we are talking about any company in the Acacium Group that will see your personal information. A full list of our group companies and their trading names can be found here all mention of the Acacium Group is talking about these companies. If you would like a paper copy of this privacy notice orf our group companies, please just ask and we will give you this. 

Get in touch

If you would like to know more about the personal information we have of yours, or if you would like to ask any questions, we would love to hear from you; if you are under age 13, your parent/ carer/ an adult who looks after you should get in touch on your behalf:

• by email to: dpo@acaciumgroup.com; or
• by writing to: Data Protection Officer, Acacium Group, 9 Appold Street, London, EC2A 2AP

If you have any worries about the personal data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us first.

We review this privacy notice on a regular basis and will update it where needed. We will let you know if there are any big changes and provide you with a copy.  This privacy notice was last updated on 13/07/2021.

The legal stuff

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for reasons below. These reasons are called the ‘lawful basis for processing’.

  • Processing is needed because it is legally required that we look after your data; this is something we have to do by law and is in the public interest. By processing your data, we are able to meet the needs of something called ‘the public task of health promotion and disease prevention under the Social Care Act 2012’. This ‘act’ is a document that guides us to make sure we are doing everything we can to promote health and prevent disease.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is in line with the original purpose in this privacy notice.

Please note you will not be subject to any automated decision making.

The table below sets out the personal data that we collect and use about you and the lawful basis we will rely on as mentioned above.

Personal data we obtain Purpose for processing Lawful basis
Basic contact details: full legal name; telephone number; email address; and postal address*      •  To enable you to have a preference as to how we contact you
•  To enable us to communicate and manage our relationship with you while we deliver the programme to you, this will include sending appointment reminders
Legitimate Interests
Date of birth*      •   To monitor results for demographics and improve our services in the future Legitimate Interests
Personal goals and achievements      •   To enable us to provide an individual service tailored to individual needs Legitimate Interests
Gender      •   To monitor results for demographics and improve our services in the future Legitimate Interests
Employment status      •   To monitor results for demographics and improve our services in the future Legitimate Interests
Marital status      •   To monitor results for demographics and improve our services in the future Legitimate Interests
Accommodation status      •   To monitor results for demographics and improve our services in the future Legitimate Interests
Opinions and evaluations of the service that we have provided      •   To enable us to provide a service that meets the individual’s needs and to address any concerns and improve our service Legitimate Interests
Measurements taken / provided at sessions (weight, height and BMI)      •   To enable us to monitor the individual’s progress through the programme, provide additional support if required and to evaluate the programme Legitimate Interests
Questionnaires about your lifestyle, wellbeing and physical activity levels      •   To enable us to signpost the individual to other relevant services, to ensure the programme is suitable for the individual and to evaluate programme Legitimate Interests
Communication *

•   recorded calls on office lines;

     •   Investigate or prevent any complaints or incidents raised Legitimate Interests
•   notes uploaded on to our patient record system Malinko

 

•   To carry out or assist with any legal or regulatory investigation Legal obligations
•   Email exchanges between Xyla and yourself •   To carry out or assist with any legal or regulatory investigation Legal obligations
What personal data must you provide to us as part of the programme?

Sometimes, we may need some of your personal data for us to be able to have you on the programme. Where this is needed, we have listed these situations in the table above with an “*”. If you don’t provide the personal data we need, we may not be able to have you on the programme or continue to offer the service, because legally we need this information to continue.  If you are unsure about what this means, or have a question please ask!

What special category data do we process about you?

Throughout your initial referral and throughout the programme, it will be necessary for us to collect and use personal data relating to the programme, such as your weight and details of your ethnic origin. This information is called “special category data.” We will only process special category data when needed for the provision or the treatment of health or social care.

How long do we keep your personal data for?

We will only keep your personal data for as long as is necessary for the purposes for which it was collected. In order to determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data. We will also consider legal and regulatory requirements.

Why is your personal data shared across the Acacium Group of companies?

The personal data collected may be shared anonymously across the Acacium group.

Will we share your data with third parties? (Other companies and people)

Throughout the programme we may share your personal data with the below third parties:

  • Our professional advisors;
    • Auditors;
    • Third parties who provide operational services for us, online platform providers; or
    • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.

Basically this means we may need to share your information with these people (third parties), to make sure we are doing everything right in terms of our finances, and to make sure we are following certain rules correctly- we need to do this to make sure we are keeping your personal information safe.

We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws. Where we share your personal data with third parties who provide operational services to us, we only permit them to process your personal data for specified purposes in accordance with our instructions.

Will we transfer your data outside of the European Economic Area?

As the program is based in the UK, we will generally keep your information within the UK. In the unlikely event that we are required to send your information outside of the EEA, for example to our group companies or we use a third party who is based outside of the EEA, we will always ensure that we have adequate safeguards in place. This means we will ensure that:

  • We only send your information to countries that will look after your information in a similar way to how we do so within the EEA; and/or
    • We will put in place an appropriate contract which includes rules that require the organisation to look after your information.
    If you would like more information about how we look after your information when we transfer this outside of the UK, please contact us at dpo@acaciumgroup.com.
How do we safeguard your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

In addition, we limit access to your personal data to only those who have a business need to know and they will only process your personal data on our instructions and they are subject to a duty of confidentiality.

What rights do you have in relation to your personal data?

You have the following data protection rights (which means your rights over the data we collect from you/your family) when we use your personal data:

a) Your right to see your personal data – this means you can see a copy of the data we have of yours at any time, and you are able to check that we are looking after your data as we have agreed to in this privacy notice.

b) Your right to request correction of the personal data that we hold about you – if you notice that we have incorrectly recorded some of your data, this is your right to let us know. We may ask for some evidence to make sure the new data is accurate, and then we can amend it.

c) Your right to request erasure of your personal data – this means that we can delete your data if you want us to, as long as there is no reason that we legally need to keep it.

e) Your right to request restriction of processing of your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

f) Your right to withdraw consent – this means you are allowed to remove your consent for us to process your data. However, this will not affect the law in terms of the way we process your data before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will let you know if this is the case at the time you withdraw your consent.

g) Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

If you would like to exercise any of these rights, please email dpo@acaciumgroup.com. In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.

How will your data be used for marketing?

As a service user as part of one of our programmes, we will occasionally send you information we feel would be of interest to you and your family. We hope this information supports you on your health journey and keeps you up to date with local events.

Xyla is a trading name of ICS Operations Ltd (Registered No 4793945), Pulse Healthcare Limited (Registered No 3156103), Carehome Selection Limited (Registered No 3091598), Independent Clinical Services Limited (Registered No 4768329) and CHS Healthcare Software Limited (Registered No 11582111)