This privacy policy was updated in February 2024 and sets out how we use and protect any information that you give us when you use this website, our surveys, applications or work with us.
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.
Welbee is a trading name of School Wellbeing Accelerator Ltd, a limited company registered in England and Wales (Company number 11600110) with registered address; International House, 307 Cotton Exchange, Old Hall Street, Liverpool, L3 9LQ.
For the purposes of this privacy policy, Welbee is the ‘Data Controller’ for Data collected to manage and run Staff User Accounts and assumes that role under the UK Data Protection Act 2018, for this purpose.
This also includes any personal Data provided directly by the Staff User in performing their role and Data received by Welbee for the purposes of enabling third party authorisation tools when these are used by the User to access their User account.
The school or trust is the data controller for staff, student and parent demographic information provided to Welbee, for example through their Management Information System (MIS) and for Data provided by their stakeholders participating in Welbee surveys. In these cases, Welbee is the Data Processor.
We are registered with the Information Commissioner’s Office, registration number ZA809755 and have appointed a nominated Officer who is responsible for all privacy related matters.
If you have any questions, please contact: support@welbee.co.uk
Our Contact Details
Name of Data Protection Officer: Mark Solomons
ICO Registration Number: ZA809755
E-mail address: support@welbee.co.uk
Address: International House, 307 Cotton Exchange, Old Hall Street, Liverpool, L3 9LQ.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We will always endeavour to resolve any complaint or issue directly, should you contact us in the first instance.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at the above address.
We may collect the following information
Employee information
This is where you provide us with employee information to allow us to run effective surveys and filters on your behalf, and provide other agreed services, such as the Welbee toolkit. We may collect information regarding job title, job role, start date, age, employment type, department information and details of line managers. This is in order to provide our services to you (a survey, toolkit and other services) and to allow employees to participate. You do not have to provide this information, but we cannot provide our services without it. Where you provide us with this information, it is your responsibility to ensure that you have employee consent to provide this to us. The lawful basis for collecting this information is to perform a contract with you.
We may also collect information directly from employees.
More specifically, we collect the following information:
Information provided by employers and employees is used to analyse and report on surveys carried out by client multi-academy trusts and schools. Information is summarised and aggregated with that of all employees and employers. It may be compared with benchmarks and with past or future data.
Information will never be used to identify individuals, unless it is clearly stated, for example if a school/trust choose to run a non-anonymous survey. There is no requirement for employees to complete our surveys.
We share product information with clients and users, including new features and benefits. We ask clients to share feedback on how we might improve our products and services and may also use information to effectively manage any questions or complaints.
We do not collect any Sensitive employee Data. Sensitive Data refers to data that includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
When you provide us with this information, for example from your Management Information System, and if we collect it from employees themselves on your behalf, we are the data processor and you are the data controller.
Student and Parent Information
This is where schools/trusts provide us with student and parent information to allow us to run effective surveys and filters on their behalf. Where this information is provided, it is their responsibility to ensure that they have the consent to provide this to us. The lawful basis for collecting this information is to perform a contract for them.
Information provided by students and parents is used to analyse and report on surveys carried out by client multi-academy trusts and schools. Information is summarised and aggregated with that of other students and parents. It may be compared with benchmarks and with past or future data.
Information will never be used to identify individuals, unless it is clearly stated, for example if a school/trust chooses to run a non-anonymous survey. There is no requirement for students or parents to complete our surveys.
Data collected may include sensitive data and we collect this directly from client Management Information Systems, through Wonde Ltd, a third party integration, known to and available to the majority of UK schools, or through direct API connection. The school/trust has full control over what information they choose to share and will be able to share all or subsets of the information they hold, for example FSM, pupil premium, behaviour, absence, ethnicity and more. However, if no or only limited sensitive data is shared, this will prevent us from fulfilling our full service.
When a school/trust provides us with this information, for example from Management Information Systems, and where we collect survey responses, we are the data processor and the school/trust is the data controller.
Other information we may collect:
Identity: This may include first name, surname, username, title, and gender. We use this information to allow us to provide our products or services to schools/trusts, and to enable them to create an account on our site. Our lawful basis for collecting this information is to perform a contract for them.
Contact information: This includes e-mail addresses, phone numbers, delivery addresses and billing or school/trust addresses. We use this information to allow us to contact them regarding their purchase of our products or services. Our lawful basis for collecting this information is to perform a contract for them.
Financial: This includes bank account and payment card details. This is ordinarily not collected for individuals, as we routinely collect financial details of schools/trusts only. However, on occasion, we may collect financial details of individuals, where an individual’s payment card is used to make a purchase. Regardless, we use a third-party payment processor, who will process your payment details in accordance with their privacy policy. We do not capture or store this information.
Transaction: This may include details about payments and other details of purchases made by schools/trusts. As above, this normally relates to transactions of schools,/trusts and on occasion, there may be transactions that pertain to individuals. We collect this information in order to keep track of payments and our contractual obligations. Our lawful basis for doing so is our legitimate interest to ensure we are satisfying our contractual obligations with our clients.
Technical: This may include login data, usage of our site, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices used to access our websites. This information is aggregated and does not identify individuals. We use this information to improve our website experience. Our lawful basis for doing so is out legitimate interest to continuously improve the website we provide
Marketing and Communications: This includes email addresses and preferences in receiving marketing communications, or information regarding competitions, prize draws, promotions or surveys, from us and our third parties. We will always ask for consent before adding individuals to our marketing lists. Our lawful basis for processing this information is consent. Or we will send emails where individuals click links to access information from us. This is based on our legitimate interest to provide information we believe individuals will have an interest in receiving.
We also make it easy to opt-out of communications by providing direct opportunities on the emails or texts we send.
Where individuals opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions or where we have a legal obligation to retain your financial transaction data.
We may use this for
Automated technologies
We may receive personal data about individuals from various third parties and public sources as set out below:
Analytics providers such as Google based outside the EU or the UK;
Advertising networks which we may utilise from time-to-time
Contact, Financial & Transaction Data from technical, payment & delivery service providers.
How we use cookies
Cookies are small pieces of information sent by a website to a visitor’s computer. Cookies cannot be used to run programs or deliver viruses to your computer. By continuing to visit our websites, individuals agree to the placement of cookies on their devices. We may also place cookies from third parties for functional and marketing purposes. The use of cookies is widespread on the internet and benefits visitors.
Individuals can choose to accept or decline cookies. Most web browsers automatically accept cookies, but individuals can usually modify browser setting to decline cookies if they prefer. This may prevent them from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites. However, once these links are used to leave our site, we do not have any control over other websites.
Therefore, we cannot be responsible for the protection and privacy of any information which is provided while visiting such sites and such sites are not governed by this privacy statement. Individuals should look at the privacy statement applicable to the website in question.
Controlling your personal information
Individuals may choose to restrict the collection or use of personal information in the following ways:
Purpose
We will only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use personal data for a purpose unrelated to the purpose for which we collected the data, we will notify individuals and explain the legal ground of processing.
We may process personal data without the knowledge or consent of individuals where this is required or permitted by law.
Disclosure of your personal data
We may be required to share personal data with the parties set out below:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer data to respect the security of personal data and to treat it in accordance with the law. We only allow such third parties to process personal data for specified purposes and in accordance with our instructions.
Third Party Processors
Carefully selected partners and service providers may process personal information about individuals on our behalf as described below:
Third party Integration Providers, Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
Data Security
We are committed to ensuring that all information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process personal data on our instructions and they are subject to a duty of confidentiality.
Data Retention
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances:
Individuals can ask us to delete their data: see below for further information.
We will anonymise personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We will store school/trust data for as long as the school remains a client. In the event that your school/trust stops using our services, we will not maintain data, unless it is anonymised, beyond a further period of 12 months.
Your Legal Rights
Under certain circumstances, individuals have rights under data protection laws in relation to their personal data. These include the right to:
You can see more about these rights at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual- rights/
If individuals wish to exercise any of the rights set out above, they should email us at support@welbee.co.uk
They will not have to pay a fee to access their personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if their request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with their request in these circumstances.
We may need to request specific information from them to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact individuals to ask them for further information in relation to any request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if a request is particularly complex or individuals have made a number of requests. In this case, we will notify them and keep them updated.
Privacy Policy Updates
Where we make minor changes, we will update our Privacy Policy with a new effective date.
Our processing of information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Where we make major changes to our Privacy Policy or intend to use information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify our customers by email (where possible) or by posting a notice on our website.
We will provide them with the information about the change in question and the purpose and any other relevant information before we use their information for that new purpose.
Wherever required, we will obtain prior consent before using information for a purpose that is different from the purposes for which we originally collected it.