This Privacy Notice sets out the details of how the To Be U Ltd () as data controller, collects and processes your personal data through our website located at www.qmanager.to-be-u.com ( ) and the app Q Manager (By To Be U) (“the App”).
For the purposes of this Notice, personal data means any information that can be used to identify an individual whether directly or indirectly.
Please read through the content of this Privacy Notice carefully and ensure that you understand it. If you do not understand the content of this Privacy Notice or do not accept or agree with it then you must stop using the Website immediately. By accessing the Website and providing us with your personal data you are warranting that you are over 13 years of age.
If you have any questions about this Privacy Notice or require more information concerning our privacy practices please contact us at email@example.com
We may process personal data that you provide to us by subscribing to our email list, requesting information through our contact forms, completing questionnaires, or by any other communication via email, text, FB Messenger, or through our Website or other online platforms and social media channels.
We may also process your personal data to comply with any government requests such as the NHS Tack and Trace.
We may also process data received from third parties such as Google, Facebook, Pinterest, Instagram, Youtube or other analytic, search, advertising, or online information providers based outside of the EU or Paypal, Stripe or other payment processing providers based outside of the EU.
When we process your personal data we will comply with the relevant data protection laws and principles such as the General Data Protection Regulation (EU Regulation 2016/679) which means that your data will be used lawfully, fairly and in a transparent way, kept securely and only for as long as necessary for the purposes we have told you about.
We shall only collect and process your personal data for purposes that are clearly outlined prior to you providing us with your data, or for a legitimate reason.
Whenever we process your personal data we do so on the basis of a lawful condition, this will either be because you have given your consent for us to process your data, where we are under a contractual or legal obligation, or where it is in our legitimate interests to do so.
We do not carry out automated decision making or any type of automated profiling.
The types of personal data which we process will vary depending on your own specific circumstances but typically can include:
We may also process your personal data to deliver or send relevant advertisements to you through our Website, App and other online platforms and to analyse the success and effectiveness of such adverts for our legitimate interest purposes of promoting and growing our business.
In accordance with the Privacy and Electronic Communications Regulations (PECR) we may also send you relevant advertisements or marketing information if you:
1. have ever purchased or enquired about our products or services; and
2. have ever book services from a particular business (vendor)
3. at the time of your purchase or enquiry you agreed to receive advertising or marketing information from us and you have not opted out from receiving that information
Where we contact you through email, we shall ensure that our emails clearly display the location of the sender and include clear options for you to opt-out from receiving contact from us in accordance with the CAN-SPAM act.
We do not collect any sensitive data about you. Sensitive data includes data relating to your health, race or ethnicity, political opinion, religious or philosophical beliefs, trade union membership, genetics, biometrics, sex life or sexual orientation. We do not process any data relating to criminal offences and convictions.
We may use any of the following external service providers to support our business and may share your personal data with those third parties:
1. Businesses you book services with;
2. Government for services such as NHS Track and Trace;
11. MC Widget;
We understand that all of these third parties have appropriate technical and security processes in place to protect your data.
We may also share your personal data as follows:
1. where it is necessary for external service providers who have been engaged by us to assist in the provision of services to our clients and customers;
2. where it is required by our professional support teams;
3. where we are required by a government body or legal obligation or to protect our rights;
4. where it is required in connection with the sale or purchase of any business or assets;
5. with any other member or company of our group.
Where we have outsourced a function or activity to an external service provider, we will only disclose personal data that the service provider needs to undertake that function or activity, and we require external service providers to agree to keep your personal data secure in accordance with the relevant law.
We agree not to share your personal data with any third party for that third party’s marketing purposes unless we have obtained your consent to do so.
Our Website is located within the United Kingdom and we comply with the Internet laws applicable to the United Kingdom which includes the GDPR. Your data will be processed within the United Kingdom.
We may also transfer your data to a third-party service provider which requires your data to be transferred outside of the EEA. Where your data is transferred outside of the EEA by our third-party service providers, we understand that they comply with the following standards relating to the security of your personal data:
1. Infusionsoft use the EU Model Contract which governs the lawful transfer of data from the EEA to countries outside of the EEA. In respect of any payment or financial information Infusionsoft also complies with the Payment Card Industry Data Security Standards;
2. Facebook complies with the General Data Protection Regulation and is certified under the Privacy shield for data transfers;
3. Google complies with the General Data Protection Regulation and is certified under the privacy shield for data transfers. Google also complies with the Payment Card Industry Data Security Standards;
4. Paypal relies on Binding Corporate Rules approved by competent Supervisory authorities;
5. Stripe is certified under the EU-US Privacy Shield as well as EU Standard Contractual Clauses and Binding Corporate Rules.
6. Zoom is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield;
7. Whatsapp is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield;
8. Dubsado Is self-certified under the Privacy Shield Framework;
9. Thinkific follows industry standards to keep data secure.
Where we transfer data to parties not listed above that are outside of the EEA then we will ensure that at least one of the following conditions is met:
1. You have given your express consent;
2. The country has an approved adequate level of protection for personal data;
3. It is legally required;
4. It is authorised by the relevant data protection authority.
We take the protection of your personal data seriously and have taken suitable and reasonable steps to protect the personal data we hold from misuse, loss, unauthorised access, and any modification or disclosure.
We limit access to your personal data to those employees, agents, contractor or third parties who have a business need to know. They will only process your data on our instructions and must keep it confidential.
If you are submitting personal data over the internet that you wish to remain private, please note that while attempts are made to secure information transmitted to this site, there are inherent risks in transmitting information across the internet. If you prefer, you can contact us by alternative means using phone or mail.
We will not keep your personal data for longer than is required with regard to the purpose for which it was collected by us or provided by you including any legal or record keeping requirements and will take reasonable steps to destroy or permanently de-identify your personal data when it is no longer required.
You have rights in relation to your personal data these include the right to access and receive a copy of your personal data, to ask us to correct any errors, to erase your personal data, to restrict or object to how your information is processed. You can find out more about your rights by visiting https://ico.org.uk/your-data-matters/.
To ensure the information we hold about you remains accurate please contact us using the email address above if at any time your personal details change.
Where you have provided your consent for us to process your personal data you can withdraw that consent at any time. Should you wish to do so please contact us at the above email address.
If you are not happy with how we process your personal data you have the right to lodge a complaint with the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.
The Website may contain links to other sites. We are not responsible for the privacy practices of those web sites and have no knowledge of whether cookies or other tracking devices are used on any such linked sites. If you have any concerns regarding the privacy of your information you should ensure you are aware of the privacy policies of those sites before disclosing any personal information.
We reserve the right to alter or amend it without notice. Should the Privacy Notice be altered, the new policy will be posted on the Website.
Your first use of our Website after the date of any amendments or alterations will constitute your acceptance of such changes therefore, we recommend you review this Privacy Notice regularly to keep informed of any changes.