Business to Business Privacy Policy

Owner and Data Controller

RCH invites you to read this privacy policy (“Policy”) which explains how we treat personal information we obtain about you, how it is used by RCH, how we may share it with third parties and how you can manage the information we hold about you.

Our Policy has been developed in accordance with the requirements of new data protection laws contained in the General Data Protection Regulation and the Data Protection Act 2018 (together, the “Data Protection Legislation”)  which are in force on 25 May 2018.

This version of our Policy is live from 25 May 2018

 

Data Controller

The controller of your personal information is Raw Corporate Health Limited trading as RCH, Unit 9; Earlsfield Business Centre, 9 Lydden Road, London, SW18 4LT.

We also operate under the trading names Raw Corporate Health and Educated Body.

If you have any questions about how we treat your personal information, please contact us at the address above or by sending an email to privacy@rawcorporatehealth.com    

 

Data that we collect

We collect personal information from which you can be identified. This information is defined as “personal data” under the Data Protection Legislation. We obtain personal data from you with your consent when you contact us about our services. We also collect your personal data when you respond and give consent to our marketing partners or through our advertising campaigns.  This data includes your personal contact information including name, address, phone number and email address, business address and employer.

We provide more detail on the data collected by each system we use in the following sections of our privacy policy.

We collect this data from you when you sign up to use our services. We also collect some automated usage data when you visit our web applications. Some of this data is mandatory and without it we will be unable to provide certain services to you.

 

How we process your data and the locations this takes place

We process your data in accordance with the relevant laws of England and Wales which relate to data protection and implement the Data Protection Legislation and we take appropriate technical and organisational security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

We process your data using computers and/or IT enabled systems/tools following our strict company procedures and only for the purposes we have set out in this policy. In addition to the data controller, in some instances, the data may be accessible to certain types of person involved in charge of or involved with the operation of our sites including administrators, facilities managers, concierge services and other related parties. We may also process your data with external parties who provide services to us such as third party technical services, hosting companies, mail carriers and IT companies appointed as data processors by the controller. These providers are outlined in the detailed processing information below.

We also process your data using paper forms and manual processes and these documents are indexed and stored securely.  

We process your data in a variety of locations within the European Union and where we use processing services located outside the European Union we ensure that those locations are included in agreements ensuring that all personal data are protected. You may request further information from us in specific instances.

 

Retention of your data

We retain your data for the time that you are actively communicating with us as an individual on behalf of our customers’ business.

Once you cease to represent our customers we retain all of your data for seven years from the time that you cease to be a customer of our business.  

We review the retention of data annually.

 

How we use your data  

We use your data to allow us to provide our services to your business. We also use your data for the following purposes: Analytics and reporting to facility owners, management or developers, Interaction with external social networks and platforms, Advertising, Managing contacts and sending messages via telephone or emails including newsletters, User database management, Contacting the User, Displaying content from external platforms, Handling payments, Hosting and backend infrastructure, Infrastructure monitoring, Interaction with support and feedback platforms, Managing support and contact requests, Registration and authentication and Commercial affiliation.

 

Detailed information on the processing of Personal Data

We use various platforms and processors for the management of customer records within our business, inclusive of platforms holding details of your staff contacts and their preferences for receiving communications from us through our CRM platforms, expenditure and project information document handling and transfer, health and safety reporting, staff recruiting, website management, communications such as announcements and marketing information, website use tracking and obtaining information through social media.  Where such information is personal data, we put in place appropriate contractual safeguards if any of our processors process personal data outside the European Economic Area or outside those jurisdictions where data protection laws have been found to be adequate and/or we seek consent where appropriate and necessary.

 

Data Security

As with all information transmitted over the Internet, security cannot be guaranteed. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and technical and organisational security measures to try to prevent unauthorized access.

All data is collected and/or accessed over secure https connections and any credit card data is only held within systems which are certified as PCI DSS Level 1 security compliant. For more information on PCI DSS please visit:

https://www.pcisecuritystandards.org/pci_security/

 

Information Sharing

We will not give your personal information to a third party outside RCH (Raw Corporate Health Ltd) without your express consent or unless required to do so by law or a court order.

 

How we use the information we process

We use information held about you in the following ways:

To communicate with your business

To help us deliver our services safely and effectively in our facilities.

For the purposes of capacity planning, service delivery, product development and purchasing decisions.

For the purposes of contract compliance with organisations who contract us to deliver services on your behalf.

To ensure that content from our site is presented in the most effective manner for you and for your computer.

To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.

To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.

 

Accessing, correcting, deleting and managing the data we hold about you

The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation.

If you wish to make a subject access request please mark all correspondence “for the attention of the data controller” and send via email to Privacy@rawcorporatehealth.com  

Alternatively make your request in writing via post to the registered address at the top of this privacy policy.

To ensure data security we may ask you to provide identity documents such as a passport, utility bill, driving licence to confirm you are the person entitled to make the request for data. Once we have established your identity we will destroy all copies of the documents provided.

You can also request that

  • we correct information which is incorrect or incomplete and ask for a copy of your data which will be provided in a machine-readable format such as .xls or .csv
  • we delete data which is no longer relevant subject to our reasonable processing requirements outlined in our data retention policies and regardless of our legitimate interests.
  • we stop processing your data whilst we retain the data for the periods we have described in our retention policy.
  • we erase your personal information completely from systems that are under the RCH’s full power and control.

In addition to these rights, you also have the right

  • not to be subject to any decisions made by RCH that are based on any profiling or automated decision making if they produce legal effects or significant effect you

 

How we will contact you

We will offer you the option to consent to receive essential mailings and separately for general marketing mailings.

If you provide us with your consent, we will contact you by email, text, or letter when we feel there is information you would like to be aware of. Essential mailings will include unplanned studio closures and changes to the pricing structure as well as booking confirmations and reminders and other automated emails linked to your booking activity. Studio guests who prefer to have no contact under any circumstances, can opt out entirely but must make it clear that they understand that RCH (Raw Corporate Health) will take no responsibility when they may be unaware of these essential details.

You can ask us to opt you out of any communications by clicking on an opt out link at the bottom of the email or if you have a login and access to your online account by going to your profile page and editing your contact preferences. You can also contact us and ask to change your consents to receive essential and marketing emails.

 

Cookie Policy

As with most websites when you visit our site a cookie (a type of code also known as a web beacon) will be downloaded to your computer. This will allow RCH (Raw Corporate Health) to identify your computer in the future. This information may be used in conjunction with information on your Members Only pages of our site and used to track your use of the website.

A cookie is a small text file that is sent to your browser from a website and stored on your computer’s hard drive. Cookies cannot read data from your hard disk or read cookie files that were created by other sites – the website that creates a cookie is the only one a browser will permit to access it.

Like many other websites and applications, the Website and App use cookies to obtain certain types of information. For example, RCH (Raw Corporate Health) might use cookies to control access to certain features such as your password and account, to customize content areas, or to analyse  site activity and user behaviour. RCH (Raw Corporate Health) reserves the right to use cookies in the future in conjunction with new content or expanded functionality.

If you are concerned about the use of cookies, you can explore your web browser’s options to notify you whenever a cookie is set, or to disallow cookies altogether. You should be aware that prohibiting the use of cookies will significantly restrict access to certain types of content or features.

Cookies may be issued by websites that you enter through links from our site. Please refer to the privacy policy of these websites for information on how these cookies will be used. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

 

Changes

RCH can change this Policy at any time, so you should check this page frequently to see any updates.

 

Questions and comments

Questions, comments and requests regarding this Policy are welcome and should be sent to privacy@rawcorporatehealth.com