Breathworks About section image

Privacy and Cookie Policy

Overview

We are committed to protecting your personal information and to being transparent about the information we hold about you. Using personal information allows us to develop a better understanding of our stakeholders’ needs and interests and in turn to provide you with relevant and timely information about the work that we do.

The purpose of this policy is to give you a clear explanation about how we collect and process personal information relating to potential and existing customers of Breathworks: through your use of our websites, including any data you may provide through these websites as well as other business systems; and when you sign up to our marketing communications, register for an event or more generally express an interest in finding out more about the work we are involved with or an aspect of that thereof.

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information. This privacy policy supplements our other policies and is not intended to override them.

We will use the information that we collect about you in accordance with:

• The Data Protection Act 1998
• The Privacy and Electronic Communications (EC Directive) Regulations 2003
• The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which becomes effective from 25 May 2018
• A genuine respect for the privacy and personal data of all regardless of the above laws.

This version of the privacy policy is effective as of the 24th May 2018

Breathworks may change this policy from time to time. You should check the Breathworks website Privacy Policy webpage from time to time to ensure that you are happy with any changes. Additionally we will also contact you to inform you of updates to this policy.

The data controller (or “controller” as defined in the General Data Protection Regulation) is Breathworks CIC Ltd, 16 – 20 Turner Street, Manchester, M4 1DZ, United Kingdom. Recipients of your data will in the first instance be Breathworks CIC Ltd, our employees, Breathworks associates, sub-contractors and volunteers as set out in this Privacy Policy and they are then processors of your data.

If you have queries re this Privacy Policy or how we process your personal information please contact us by:

Emailing our Data Protection Manager at info@breathworks.co.uk
• Writing to us at Breathworks CIC Ltd, 16 – 20 Turner St, Manchester, M4 1DZ, United Kingdom or call +44 (0)161 834 1110.

Sections

1.   Who we are
2.   Why do we need your data (and the consequences of not supplying it)?
3.   What personal information do we collect about you?
4.   How we collect your data
5.   How will we use information about you (and the legal basis for our processing)?
6.   Who are the recipients of your personal data outside of Breathworks CIC Limited?
7.   When is your data transferred to third countries?
8.   How do we keep your data secure?
9.   What are your rights (controlling your personal information that we hold)?
10. How will you know if the privacy policy changes?
11. How long will we keep your data?
12. How do we use cookies (on our website)?
13. Links to other websites (from our websites)

1. Who We Are

Breathworks CIC is an organisation delivering education and training in mindfulness and compassion for health and wellbeing. Breathworks CIC is a community interest company registered in England and Wales (number 05016384).

We are a not for profit social enterprise whose mission is to help people living with pain, stress and illness to lead happier, healthier lives.

Back to sections index

2. Why do we need your data (and the consequences of not supplying it)?

We require personal data from you in order to be able to provide and support you with goods, content and/or services. If you fail to provide any personal data requested we may not be able to provide our goods, content and/or services to you as intended. We may also not be able to contract with you and/or be unable to charge you and therefore be unable to provide our goods, content and/or services to you.

Back to sections index

3. What personal information do we collect about you?

Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed, i.e. anonymous data.

Information you give us:

Should you choose to visit our websites or interact with our services there are a number of ways you may provide us with your personal information, such as:

• by completing a registration form on one of our websites
• by corresponding with us via email, ‘phone or post
• by registering for an event
• by interacting with our other bespoke services through our website

We collect information about you when you register or make an enquiry with us. The information we collect depends on the nature of the registration, enquiry or transaction and the information we require to fulfil this. This may include personal details such as your full name, email address and payment processing information, as well as other personal information again depending on the nature of the registration or transaction.

We also collect information when you voluntarily complete surveys, provide feedback for one of our products or services or participate in competitions or interact with one of our websites.

Information we collect about you:

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

Identity Data includes first name, last name, username or similar identifier, title, date of birth, job title, workplace, gender, next of kin, ethnicity.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data includes purchases, orders and registrations made by you, your interests, preferences, feedback, survey responses, training records.
Medical History Data including disabilities, medical history and information.
Usage Data includes information about how you use our website, products and services (about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products or information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
Marketing and Communications Data includes your preferences in receiving marketing communications from us. This also includes us making a note of conversations we have had with you in person and/or communications you sent to Breathworks. This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Special Categories of Personal Data - If you are registering for an event with Breathworks we do ask you for data which is termed under the Special Categories of Personal Data Label (this includes details about your ethnicity, special requirements and information about your health and medical history) to ensure event suitability regarding your health and to meet your needs and preferences as much as possible.

Information we receive from other sources

This is information we may receive about you if you use any of the other websites we operate or the other services we provide or where third parties provide us with this information or where we collect it from a third party (including publicly available sources). We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). These may provide us with personal information about you.

Back to sections index

4. How we collect your data

We collect different information about you in a number of ways:

Information you give us

When you register/book onto an event on our website, buy products in our online shop, sign up to our newsletter/marketing communications, request marketing materials, give us feedback, make a donation or submit an enquiry, we will store the personal information you give to us such as your name, email address, postal address, telephone number. We will also keep a record of your purchases and donations as well as other data as outlined in section 3 depending on the services you are registering for/enquiring about or products you are purchasing from us.

Automated technologies or interactions

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. You are able to change your computer/device settings to enable you to have more control over this.

Information from third parties

We occasionally receive information about you from third parties as set out (but not exhaustive) in the list below:

  1. Analytics providers such as Google, Mailchimp and Social Media Providers
  2. Advertising networks such as Facebook
  3. Search information providers such as Google AdWords

Back to sections index

5. How will we use information about you (and the legal basis for our processing)

As a reflection of the products and services we provide to our community of stakeholders, we process personal data in a number of different ways.

(a) In relation to personal information you give us:

 

Purpose/Activity

Type of data

*Lawful basis for processing including basis of legitimate interest

To register you as a new customer and supply you with enquiry information, products and services requested or purchased via our websites, phone, email and postal registration e.g. event registration, product purchase and enquiries about our services and products

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(e) Profile

(f) Medical
(g) Marketing and Communications

Necessary for where you have registered with one or more of our websites or otherwise entered into an agreement with us; we may process your information in order to fulfil our contractual obligations or to take relevant pre-contractual steps. Otherwise we will process the information where the processing is necessary for the legitimate interests of Breathworks CIC Ltd, its accredited associates and sub contractors.

To process and deliver your payments including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey

(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw or complete a survey

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing and communications with you; customer relationships and experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

To administer the website and enable you to logon and access the site and any areas you are permitted to access

  • create a user profile whereby we can pre-fill registration forms with the latest information we hold on you for your speed and convenience
  • enable your use of the account settings section available on our websites

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(e) Profile

(f) Medical
(g) Marketing and Communications

Necessary to enable our users/customers use of our website and interaction with the products/services they have purchased and/or enquiry they have made.

Deal with enquiries and complaints made by or about you relating to the website or our services/products

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(e) Profile

(f) Medical
(g) Marketing and Communications

Necessary to successfully respond to enquiries and complaints you have made to us

Organise and secure trainers and teacher to deliver our programmes

a) Identity
(b) Contact
(c) Financial
(d) Transaction

(e) Profile

Necessary to contact Breathworks associates, trainers and teachers to discuss work opportunities for delivering our programmes.

Share details of vacancies or opportunities which we think may be of interest to you

(a) Identity
(b) Contact
(c) Profile

Necessary for our legitimate interests (for running our business)

Share specified personal data with a specified third party for a specified purpose (only accredited Breathworks associates, sub contractors and volunteers helping to deliver and organise our activities)

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(e) Profile

(f) Medical
(g) Marketing and Communications

Necessary for our legitimate interests (for running our business) to make sure the products and services purchased and/or enquiries made are delivered successfully and your needs are met.

 * Legal basis for processing: the processing is necessary for Breathworks to comply with the law.

Marketing Communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. This includes a weekly newsletter, events we are delivering or partaking in as well as other information we think will be of interest to you relating to mindfulness, compassion, pain, long-term conditions, stress and general wellbeing. To do this, we use data that we have stored about you, such as which events you have booked on in the past, as well as any contact preferences you may have told us about.

We use our legitimate organisational interest as the legal basis for communications primarily by email and occasionally by post and/or phone. You may opt out of receiving these at any time using the contact details at the end of this policy or by updating your contact preferences and/or clicking the unsubscribe link at the bottom of any email from us.

In the case of email, we will give you an opportunity to ‘opt in’ of receiving marketing communications during your first purchase, registration or enquiry with us, and/or by signing up to our newsletter and marketing communications on our website and at events we are delivering or attending. If you do ‘opt in’, we will provide you with an option to unsubscribe in every email that we send you subsequently. Alternatively, you can use the contact details near the end of this policy to update your contact preferences.

As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchase and visit.

(b) Information we collect about you:

The reasons we may need to process this personal information include:

• to provide you with a bespoke service, tailored to your individual interests on your repeat visits to our websites
• to tailor any marketing or other communications or content or services we share with you to reflect your interests or anticipated needs
• to better understand how people interact with our websites, events and other products and services
• to determine the effectiveness of promotional campaigns and advertising
• to create a user profile whereby we can identify products, events or services that may be of interest to you
• to monitor usage of our website

Legal basis for processing: the processing is necessary for the legitimate interests of Breathworks CIC

(c) Information we receive from other sources:

We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Legal basis for processing: where you have registered with one or more of our websites or otherwise entered into an agreement with us, we may process your information in order to fulfil our contractual obligations or to take relevant pre-contractual steps. Otherwise we will process the information where the processing is necessary for the legitimate interests of Breathworks CIC.

Back to sections index

6. Who are the recipients of your personal data outside of Breathworks CIC Limited?

Breathworks Associates, Sub Contractors and Volunteers and how they process my data

Breathworks Associates are accredited Breathworks teachers, trainers and supervisors who have been made associates or become trainers/supervisors on behalf of Breathworks. Breathworks contracts their services to run specific events based on their skills, expertise and availability. By being contracted to run events it is vital that they have access to some of the registered attendee’s personal information in order to plan successful delivery of the event and address the individual needs of attendees.

Sub Contractors are individuals who have been contracted by Breathworks to complete a specific project within a specific time frame and have the necessary skills and expertise to complete the project. Projects and the sub contractor are regularly reviewed where the contract in question may be reviewed and extended ongoingly. It is vital they have access to personal data in order to communicate with stakeholders that are key to the project.

Volunteers are individuals who have responded to an advert or freely approached Breathworks to offer their services and expertise on a voluntary basis. Volunteers are usually managed by one or more employees to fulfil specific tasks. It is vital they have access to certain personal data in order to communicate with stakeholders that are key to the tasks they have been given.

*All of these people are subject to appropriate vetting processes conducted by Breathworks CIC, adhering to Breathworks policies and obligations set out as per their contract.

Service providers

We may disclose personal information about you to third parties for processing purposes associated with payment processing, the supply of goods and services to you, for website supply and administration or for other purposes where we appoint a processor.

Other recipients

In addition, we may disclose your personal information:

• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• If our company or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of us, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction where relevant.
• To those entities which provide market research services

We do not sell personal details to third parties for any purpose.

Back to sections index

7. When is your data transferred to third countries?

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers as well as by our service providers where they are outside the EEA. This includes staff and/or sub contractors engaged in the provision of services you have registered for and/or purchased.

Where we transfer your personal data outside of the EEA we will only do so where permitted to do so by law e.g. the country in question is subject to an adequacy decision or where there are appropriate safeguards required by law (typically these will be standard data protection clauses adopted by the European Commission). Please contact us if you require further details of the countries to whom we may transfer your data and safeguards we use by contacting us at info@breathworks.co.uk

Back to sections index

8. How do we keep your data secure?

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard (https://www.pcisecuritystandards.org/pci_security/). Our payment processing partners may give you the option to store your card details safely for use in future transactions. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. They never store your 3 or 4-digit security code.

Security of your personal information

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same and that they will only process your personal information on our instructions. The third parties will also be subject to a duty of confidentiality.

We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR.

Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our site or systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

Back to sections index

9. What are your rights (controlling your personal information that we hold)?

We may process your data for carefully considered purposes, which are in our legitimate interests and enable us to enhance the services we provide. You have the right to object to this processing if you wish. You can exercise this right at any time by contacting us:

• Emailing our Data Protection Manager, info@breathworks.co.uk
• Writing to us at Breathworks CIC Ltd, 16-20 Turner St, Manchester, M4 1DZ, United Kingdom, or call +44 (0)161 834 1110

You also have the right to:

• request access to and rectification or erasure of your personal data;
• restrict processing of personal data relating to you;
• withdraw your consent to the processing of your personal data at any time where the legal basis of our processing is your consent; and
• object to processing or require that your data is moved elsewhere, as such rights are further provided in accordance with the Data Protection Act 1998 and the GDPR 2018 (as applicable from time to time).

You also have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes.

If you wish to exercise these rights or to opt out of receiving marketing communications please email info@breathworks.co.uk with the words EMAIL UNSUBSCRIBE, POST UNSUBSCRIBE or PHONE UNSUBSCRIBE, DO NOT CONTACT in the subject box or click the unsubscribe links on our email communications.

We apologise in advance if any technical issues arise during these requests, which mean the request was not recorded and actioned successfully. In these incidences it is advised that you phone us directly to speak to us about this where we can complete the request along with confirmation.

You can lodge a complaint regarding processing of your personal data by us with the Information Commissioner’s Office.

WARNING! Please note that if you ask us not to contact you any more or ask for your personal data to be deleted and fall into one or more of the following categories then this may result in us not being able to provide you with important information relating to the services/product you have purchased or an enquiry you have made as well as ongoing suppport:

• Have booked onto a course/event
• Are in the process of completing a course
• Are a student in our teacher training programme
• Are an accredited or unaccredited Breathworks teacher
• Have made an enquiry about our services/products
• Have made/tried to make a purchase of our products and services
• Have completed one or more courses with us in the past

You may choose to restrict the collection or use of your personal information in the following ways:

• if you have previously agreed to us holding your personal information for a course you are attending, you may change your mind at any time by writing to or emailing us at info@breathworks.co.uk or Breathworks, 16-20 Turner St, Manchester, M4 1DZ.
• if you have previously agreed to receiving our newsletter and marketing communications using your personal information, you may change your mind at any time by writing to or emailing us at info@breathworks.co.uk , Breathworks, 16-20 Turner St, Manchester, M4 1DZ or clicking unsubscribe at the bottom of these emails.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you have signed up to our newsletter and marketing communications.

You may make a request in writing if you require a copy of the data held on you by Breathworks under General Data Protection Regulations 2018 and the Data Protection Act 1998. Please address your request to the admin team, at info@breathworks.co.uk who will collate this information and supply it to you within 40 working days from the date the request is made. A fee of £10 must be paid when submitting your request.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will correct any information found to be incorrect promptly.

Back to sections index

10. How will you know if the privacy policy changes?

We reserve the right to add to or amend this privacy policy at our sole discretion, without prior notice to you. Please review our privacy policy on a regular basis to make sure you have read the latest version and you understand what we do with your personal information.

Should we plan a fundamental change to the nature of how we process your information or which may impact upon you, we will alert you to this change in advance by emailing you and/or advertising the change on our websites.

Back to sections index

11. How long will we keep your data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

We will hold your personal information on our systems for as long as is necessary for the relevant activity.

Back to sections index

12. How we use cookies (on our website)

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Back to sections index

13. Links to other websites (from our websites/communications)

Our website/other communications may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Back to sections index

Policy Review Date: 1/6/2019

You can also download a PDF version of this policy here: pdfPrivacy and Cookies Policy - GDPR Updated 24 May 2018 - P003a - Web Version.pdf166.30 KB