Privacy Policy

In order to comply with its contractual, statutory, and management obligations and responsibilities, Healthier Heroes CIC is required to process personal data relating to its personnel, including ‘sensitive’ personal data, as defined in the General Data Protection Regulations 2018 (the “GDPR”) which includes information relating to health, racial or ethnic origin, and criminal convictions. 

All such data will be processed in accordance with the provisions of the GDPR and Healthier Heroes CIC Policy on Data Protection as amended from time to time. (See the current Healthier Heroes CIC Data Protection Policy.) 

For the purposes of the GDPR, the term ‘processing’ includes the initial collection of personal data, the holding and use of such data, as well as access and disclosure, through to final destruction. In certain circumstances, the provisions of the GDPR, permit Healthier Heroes CIC to process a person’s personal data, and, in certain circumstances, sensitive personal data, without their explicit consent.  Further information on what data is collected and the purposes for which it is processed is given below.

1. Definitions

1.1. Company Personnel

1.1.1. All employees, workers (including contractors, agency workers and consultants), directors, members and others (including volunteers, interns and apprentices).

1.2. Controller

1.2.1. A person or Company that determines when, why and how to process Personal Data. As a data controller Healthier Heroes CIC is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.

1.3. Data Subject

1.3.1. A living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data. This could be you, your colleagues, customers and suppliers or indeed any other person.

1.4. Data Subject Rights

1.4.1. The GDPR provides the following rights for individuals:

Ø The right to be informed

Ø The right of access

Ø The right to rectification

Ø The right to erasure

Ø The right to restrict processing

Ø The right to data portability

Ø The right to object

Ø Rights in relation to automated decision making and profiling

1.5. Data Protection Officer (DPO)

1.5.1. The person required to be appointed in specific circumstances under the GDPR. – Andrew Powell Managing Director

2. General Data Protection Regulation (GDPR)

The General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.

2.1. Personal Data

2.1.1. Any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access, including but not limited to, data held in a filing system. Personal Data includes Special Categories of Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. 

Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. This could include information in an electronic, paper or other format (e.g. images, multimedia, etc.)

2.2. Personal Data Breach

2.2.1. Any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of Personal Data. 

2.3. Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies 

2.3.1. Separate notices setting out information that may be provided to Data Subjects when Healthier Heroes CIC collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one time privacy statements covering Processing related to a specific purpose.

2.4. Processing or Process 

2.4.1. Any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

2.5. Special Category

2.5.1. Any data set which includes details or reveals: race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, generic data, biometric data, data concerning health, sex, sexual orientation or sex life.

2.6. Contractual responsibilities

2.6.1. Healthier Heroes CIC contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll; bank account; postal address; sick pay; leave; maternity pay; and pension and emergency contacts.

2.7. Statutory responsibilities

2.7.1. Healthier Heroes CIC statutory responsibilities are those imposed on Healthier Heroes CIC by legislation. 

The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring.

2.8. Management responsibilities

2.8.1. Healthier Heroes CIC management responsibilities are those necessary for the organisational functioning of Healthier Heroes CIC. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; health and safety; security, e-mail address, telephone number; and criminal convictions.

2.9. Sensitive personal data

2.9.1. The GDPR, defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual life; and criminal allegations, proceedings or convictions. In certain limited circumstances, the GDPR, permits Healthier Heroes CIC to collect and process sensitive personal data without requiring the explicit consent of the employee.

a. Healthier Heroes CIC will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.

b. Save in exceptional circumstances, Healthier Heroes CIC will process data about an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding Healthier Heroes CIC equal opportunities policies and related provisions.

c. Data about an employee’s criminal convictions will be held as necessary.

2.10. Disclosure of personal data to other bodies

2.10.1. For the performance of the employment contract, Healthier Heroes CIC is required to transfer an employee’s personal data to third parties, for example, to payroll services providers, pension providers and HM Revenue & Customs.

2.10.2. In order to fulfil its statutory responsibilities, Healthier Heroes CIC is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.

2.11. Keeping personal data up-to-date

The GDPR requires Healthier 

Heroes CIC to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is the responsibility of the individual employee to inform Healthier Heroes CIC of any changes to the personal data that they have supplied to it during the course of their employment.

2.12. Requesting information

2.12.1. Under the GDPR, it is possible for individuals to request access to any of their personal data held by Healthier Heroes CIC, subject to certain restrictions. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to Andrew@healthierheroescic.co.uk.