Privacy Policy

Type of personal data being processed

The type of personal data being processed may include:

Name
Address
Email address
Telephone number
Demographic information such as postcode
Medical conditions
GP Practice

How personal data is collected

Personal data is obtained from one or more of the following:

Visits and use of our websites
Use of Up and Active social media
Use of Google Analytics
Attendees of corporate seminars hosted by Up and Active
Subscribers to Up and Active updates
Parties entering into agreements with Up and Active
Requests for information about products and services offered by Up and Active

Why personal data is collected

Personal data is collected to provide legitimate business services which include:

For us to review and reply to your enquiry
To provide an opinion for a service you have requested
To meet our statutory monitoring and reporting responsibilities
To handle and communicate orders, billings and payment, delivery of products and services
To improve Up and Active services and product offering

Where indicated, however, some of the information is optional and you can choose not to complete.

How personal data is used

Personal data may be used to:

Carry out our obligations arising from any contracts entered into by you and us
Comply with legal requirements
We may need to pass the information we collect to other departments within Up and Active for administrative purposes
Seek your views or comments on the services we provide
Notify you of changes to our services
Send you communications which you have requested and that may be of interest to you. These may include information about service updates, newsletters, and relevant events
To inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of Up and Active. Each marketing communication sent to you by Up and Active will provide you with the option to unsubscribe and manage your data profile and communication preferences from Up and Active at any time
Process a job application
Create a profile of your interests and preferences so that we can contact you with information relevant to you.

Who hosts the Up and Active website

The website is hosted on a United Kingdom based server and managed by Portfolio.

Where is the data stored for the Up and Active online form

Data entered into the online enquiry form is held within a secure Data Collection and Reporting Service (DCRS). This database had been developed by NHS Midlands and Lancashire Commissioning Support Unit to hold relevant personal details relating to individuals participating in non-clinical community health programmes. Data is stored in the United Kingdom.

What security measures are in place for the data

Data is stored in a database which is protected by firewall allowing access for Portfolio for administrative purpose (by IP address) and access by the site code.

What contingency plans are in place in the event of a breach (data storage site)

Data loss is mitigated by backups that take place every 24 hours. Regarding data breach, we would advise the client of the breach (Up and Active). We would liaise with the client to contact users and advise that there had been a breach and what steps are being taken to further secure data. All data breaches would be kept on record.

How is the data accessed (data site)

Data is accessed via the Up and Active site. It is also accessed using database management software for administrative purposes.

Is there an encryption certificate?

Yes, the site is secured with a SSL certificate.

How long personal data is stored

Electronic and automated deletion of client records after current year +6.

Who has access to personal data

DCRS Licence Holders are granted access to customer information. This is ensured by the use of strict operational processes and procedures.

Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.

Personal information provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key icon displayed on the address bar of modern web browsers such as Google Chrome, Apple Safari, or Microsoft Edge. Information supplied by you on these web pages is securely stored and can only be accessed for the purposes for which it was provided.

All IT systems are kept in a secure environment with appropriate access control. We are audited on a regular basis by independent security companies, plus internal audits by our local authority partners.

Third-party service providers working on our behalf:

When we use third party service providers, we have a contract in place that requires them to keep your information secure and assurances of GDPR compliance.

Third-party product providers we work in association with:

We work closely with various third-party product providers to bring you a range of quality and reliable services designed to meet your needs. In some cases, they will be acting as a data controller of your information and, therefore, we advise you to read their privacy policy. These third-party product providers will NOT share your information with anyone.

We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Individuals’ rights

Different rules apply depending on the type of lawful processing being undertaken. Many of the following individuals’ rights apply:

The right to be informed how personal data is processed
The right of access to their personal data
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting Lscicb-el.lifestylehub@nhs.net. You can request that your data is updated and/or deleted at any time, unless Up and Active can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.

Links to other websites/from other websites

Up and Active websites may contain links to other websites run by other organisations. Then Up and Active privacy policy only applies to Up and Active websites and you are encouraged to read the privacy statements on the third party websites that you visit. Up and Active is not responsible for the privacy policies and practices of other websites even if they were accessed via a Up and Active website. Equally, if you link to a Up and Active website from a third-party site, Up and Active is not responsible for the privacy policies and practices of that third-party site.

16 or under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Questions, complaints and Subject Access Requests (SARS)

Any questions or Subject Access Requests (SARs) should be sent to Lscicb-el.lifestylehub@nhs.net.

You have a right to lodge a complaint in the event that you believe that Up and Active has not upheld the rights, obligations and responsibilities set out in this privacy policy. Please send any complaints to Lscicb-el.lifestylehub@nhs.net.

This privacy policy was last updated in October 2022.