Illuminate VR Services Ltd – Data Privacy Policy

This privacy policy sets out how Illuminate VR Services Ltd (Illuminate) uses and protects any information that you give Illuminate VR Services Ltd when you use this website or make use of our services.

Illuminate VR Services Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified then you can be assured that it will only be used in accordance with this privacy statement.

Illuminate VR Services Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from June 2020.

 

Personal Data Collected

Illuminate provide vocational rehabilitation, consultancy services and training to support organisations to better manage mental health and disability in the workplace leading to decreased absenteeism, higher productivity and lower staff turnover.

The data we collect to fulfil these services is almost entirely from business or corporate individuals and will be processed for business purposes as a data processor. The personal information which we use will be taken when:

  • you enquire to use our services
  • you attend or approach us to attend one of our training events
  • you contact us or use our website
  • you are a recipient of our services
  • you enquire, apply to join or work for Illuminate

We may collect the following types of information:

  • your name, role, business address, email address, telephone number(s) and other contact details
  • your organisation name and the address, and contact telephone numbers
  • information required to provide you with a service (eg. details of any employees and their circumstances or data on which you need our advice and guidance)
  • details of our services that you have used
  • your payment or financial information such as credit or debit card details and bank account details

 

Special Categories of data

As a vocational rehabilitation services provider we may be involved in cases related to the wellbeing and to process the health data of some of your employees. This may involve the collection of special category data of the employees of our clients for individual case support and guidance. This data will be processed as part of our contractual obligation with you but also with the full consent or agreement of the employee that is referred

We are a data processor for the provision of these services and the personal data will used in a confidential and secured manner in line with the contractual agreements

Illuminate do not collect any social category data for processing in our own right as a data controller

 

Why do we collect this information?
We collect your personal information:

  • to provide you with services that you may request from us under our contracted agreement
  • for internal record keeping and the administration of the services to you as a client
  • for our legitimate interests in the relationship we have with you as a business contact or client
  • to meet our legal and regulatory obligations
  • for the safeguarding and care of our staff and guests
  • we may also periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • from time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests

 

How do we collect this information?
We collect personal information:

  • directly from you: e.g. when you apply to receive our services; enquire on our website or attend one of our training events
  • directly from clients e.g when an employee situation is referred to us for guidance
  • from the employee of a client e.g when someone is using or benefiting from our VR support
  • from GPs or medical practioners e.g where an employee has consented to a medical report or information being shared as part of the services we provide
  • from publicly available sources: eg. social media, internet services.

We are committed to keeping your information up to date as far as is reasonably possible. However, if you believe that we have made an error, then please contact us as we have outlined below and we will use reasonable endeavours to correct.

 

Keeping your information safe and secure.

Your personal data is importation and we are committed to ensuring that it is secure and protected from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in paper form. We only provide access to your data to staff who require access.

Further, as a processor of any special category or sensitive data we ensure that the security measures we use are fully appropriate for the risk associated with this data and as required by law and our clients

 

Sharing your data with Third parties

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations. We do not, and will never, sell or share your personal information with other third parties.

For our general data processing activities, we use the following to help us administer and monitor the services we provide:

  • for the Client Management System database we use to manage our clients, office admin and training events
  • to help us promote Illuminate training or advertise our events
  • for any legal guidance in the provision of our services
  • for any external IT support to help us protect our client files and assets

In our normal business activities, we do not share data outside the EEA. In any circumstances where this may become necessary in the future it will be undertaken in full compliance with the legal requirements

 

How long do we keep personal information?

We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general terms we will retain the data:

  • Of our clients for the duration of the services provided and up to a maximum of 6 years after (or sooner should you require).
  • During the period of our support services we will potentially capture the personal data on your employees; specific to where our VR service is required. This data will be retained for purposes of us satisfying our professional commitments or as agreed by you. At the cessation of any client relationship we will check with each client their requirements for the continued retention of this data
  • For anyone who applies or enquires about joining Illuminate but does not work for us we will hold your details for a maximum of 6 months
  • For our staff the records are held in line with HMRC requirements for up to 6 years after you leave us

 

Marketing & Market Research

Illuminate do not undertake any marketing activity with our clients but may make use of Social media channels such as Facebook, Linked In and Twitter for business promotion.

We may make unsolicited approaches and calling to new potential contacts or business clients, using prospect information held within our records or using information drawn from publicly-available sources. These approaches are made in a fully complaint manner as governed by PECR (the Privacy of Electronic Communications Regulation), with the contacts being given the option to opt out from such contact

Any changes to our marketing activities will be up dated in this Policy and we will ensure that the activity we undertake will be compliant with UK and European data protection regulations

 

How we use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

For more information about cookies, including how to block or delete them, visit AboutCookies.org

 

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

 

Controlling your personal information (Your Rights)

It is important that the personal information we hold about you is accurate and current. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.

Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR) in relation to your personal information. You may have the right to:

  • access information held about you. Your right of access can be exercised in accordance with data protection law;
  • object to us processing, or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time.
  • ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
  • ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements
  • Request a transfer of your personal information (in certain circumstances).

If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or are unhappy with any aspect of how we use your data please contact us at

lisa.whittleton@illuminatevr.co.uk

or by writing to

Data Protection Lead, Illuminate VR Services Ltd, 37 Elmdene Road, Kenilworth, Warwickshire, CV8 2BW

Alternatively, you can telephone us on 07784 558552.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

We are a registered Data controller with the Information Commissioner’s Office our ICO registration number is: ZA061862