Privacy Policy

Updated: 04/10/2023

Privacy Policy

This Privacy Policy (“Policy”) sets out how Wondrous People Limited, registered in England and Wales, No. 06451106, collects, uses, stores, shares and protects any information that you provide, or we receive about you when you engage with us in relation to our services or use our website. This Policy also explains our processing of your personal data in connection with our digital coaching platform which you may access via your browser or the mobile app (“Digital Platform”), including during or as part of any testing and/or development phase of the Digital Platform. It explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

We are committed to ensuring that your privacy is protected, and we comply with the UK General Data Protection Regulation (“UK GDPR”). We are also subject to the EU General Data Protection Regulation (“EU GDPR”) in relation to services we offer in the European Economic Area (“EEA”).
Wondrous People Limited is registered with the Information Commissioner’s Office (“ICO”) as a controller, registration number: Z1871422.

Wondrous People Limited may change this Policy from time to time by updating it on our website and on the Digital Platform. You should check this Policy from time to time to ensure that you are happy with any changes.

What information do we collect from you?

Wondrous People Limited uses your personal data to manage and administer your account/programme, when providing services to, or receiving services from, you (including our website and the Digital Platform) and to keep in contact with you for these purposes. If you do not provide the personal data we ask for, it may delay or prevent us from providing these services to, or receiving these services from, you.

We may collect and use the following information about you:

  • name and job title;
  • contact information including email address and telephone number;
  • basic employment details; and
  • information about the devices from which you access or install our services (including the Digital Platform) for technical security monitoring purposes such as your IP address and the version of your browser.

Depending on the service we provide to you as an individual or your company, we may also collect and use the following additional information about you:

  • demographic information such as your age, date of birth, nationality, gender, preferred pronouns, location and (where relevant) your personal preferences as to the characteristics of your coach or coachee;
  • special category data that is provided voluntarily by you, such as information about your ethnicity, race, religion, sexual orientation, disability, neurodiversity, physical or mental health (“Special Category Data”);
  • more detailed information about your employment. For example, the department, function or team you work in, the grade or level of your employment, your line manager, the length of employment and professional experience, your objectives / goals and your progression against those objectives;
  • calendar data which (depending on your calendar provider) may include available dates and times, event titles, meetings and participant information; and
  • a short biography or video about you (prepared by you).

We may collect personal data in the following ways:

  • directly from you;
  • from an authorised third party on your behalf (e.g. if you are a coachee, your employer);
  • from a linked system or database; and
  • through your interaction with systems and/or services provided by us (including our website and the Digital Platform).

Why do we collect this information?

For personal data to be processed lawfully, we must process it on one of the legal grounds set out in data protection laws. For the processing of ordinary personal data (i.e. personal data which is not special category data), we will rely on one of the following lawful grounds:• you have given your consent to the processing;

  • the processing is necessary for the performance of a contract with you;
  • the processing is necessary for us (or a third party) to be able to comply with our legal obligations; or
  • the processing is in our legitimate interests, or the legitimate interests of a third party.

A legitimate interest is when we or a third party have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our or a third party’s interests against your own.

We will always tell you how we intend to use your personal data. The main purpose of collecting your personal data is to provide the service you have requested (including via Digital Platform), or we are contracted to provide in relation to your account/programme e.g. executive or individual coaching, leadership and team development.

We collect this information to understand your needs and to provide a better service, and in particular for the following reasons:

  • to provide reporting to our clients (employers) about progress made by individuals involved in our programmes against their objectives (the information is provided in a format which does not identify the individual);
  • to contact you in response to a specific enquiry or to remind you (with a message, alert or notification) of planned meetings;
  • for internal record keeping purposes;
  • to improve our products and services;
  • we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided; and
  • from time to time, we may use your personal data to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Where we rely on your consent, such as any consent we seek for email marketing, you can withdraw this consent at any time.

If you are a coach or coachee, we also use your personal data (including Special Category Data) for the purposes of:

  • matching coaches with coachees – we do this by combining the data we process about you to create a profile; using automated systems, we then compare a coachee’s profile with our coaches’ profiles to present a shortlist of coaches for each coachee;
  • analysing the diversity of the community of coaches on the Digital Platform; and
  • analysing anonymised data to evaluate differences in coachee behavioural trends across demographics to enable us to improve our services.

We will only collect and use Special Category Data from you:

  • for those purposes for which we have your explicit consent to do so; or
  • if the processing is necessary to establish, exercise or defend legal claims.

You can withdraw your consent to our use of your Special Category Data for these purposes at any time in the Preferences page of your Account or by updating your information to “Prefer not to say”. If you do so, we will stop using your Special Category Data for those purposes. Please note that this will not affect the lawfulness of the processing before your consent was withdrawn.

If you are a coach or a coachee, we may also collect and store any personal data (including Special Category Data) you voluntarily share during the course of a session; if

  • you consent to the session being recorded; or
  • you consent to notes being taken of the session.

We will store any recordings and notes of your session on the Digital Platform. We will have limited access to those recordings and notes for the purposes of servicing and maintaining the platform. Otherwise, only the coachee and, potentially, the coach will have access to them; the coachee can decide whether to share those notes and recordings with their line manager(s). Please contact us if you would like us to delete any recordings and/or notes relating to your session(s) which are stored on the Digital Platform.

Our Digital Platform may collect and use calendar data from you. This data is collected from all coaches and is voluntarily requested from coachees. This data enables both coaches and coachees to check diary availability for session booking and allows us to provide you with reminders of your sessions. All calendar data collected by us is automatically anonymised within our systems almost immediately following collection. Only coaches and coachees associated with your sessions can access this information. Coachees can contact us to delete calendar data stored within the Digital Platform.

Who we share your information with and transferring your information out of the UK and EEA

Wondrous People Limited work with a number of coaches, consultants and facilitators and your data may be shared directly with any of them that are directly associated with your project/account/programme and/or the services we provide to you.

Wondrous People Limited will not supply your data to third parties for marketing purposes.

We only allow third parties to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

To deliver services (including the Digital Platform) to you, it is sometimes necessary for us to share your personal data with third parties, some of which will be located outside the UK/EEA e.g:

  • with our service providers (including providers of digital development and technical and support services);
  • where there is a European and/or international dimension to the services we are providing to you; or
  • to our coaches, consultants and facilitators in order to provide the services to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the UK government or, where the EU GDPR applies, the European Commission, has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law.

These are explained below:

Adequacy Decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the “EEA”);
  • Gibraltar; and
  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country or international organisation, if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses. To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us.

Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  •  the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  •  the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

How long do we keep hold of your information?

Wondrous People Limited will hold your data while you have an account with us and while we are providing services to you or receiving services from you. Thereafter, we will keep your data for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly; and/or
  • to keep records required by law.

We will not keep your data for longer than necessary.

Where data is held by authorised third parties, in support of the services we provide to you, they are contractually bound to delete data upon our request, delete data at the end of our contract with them, or to anonymise data after 2 years of receipt.

We keep your Special Category Data for no longer than is necessary to achieve the relevant purpose for which you have given us your explicit consent, or, in relation to Special Category Data collected inadvertently through recordings or notes of sessions, when you request that we delete such recordings/notes.

Your rights

You have the following rights which you can exercise free of charge:

 

Access The right to be provided with a copy of your personal data
Rectification The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten) The right to require us to delete your personal data – in certain situations
Restriction of processing The right to require us to restrict processing of your personal data in certain circumstances e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations
To object The right to object:
At any time to your personal data being processed for direct marketing (including profiling);
In certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If we rely on your consent to use your personal data in a particular way, but you later change your mind, you may withdraw your consent at any time by contacting us and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide the services to you or receive the services from you.

To contact us about your personal data and your rights, please contact us at the address below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office (ICO).

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Data Breach

Wondrous People Limited has a Data Breach Management Procedure in place. A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.

When a personal data breach has occurred, we will establish the likelihood and severity of the resulting risk. If the nature of the data breach requires Wondrous People Limited to inform the ICO, we will do so within 72 hours of becoming aware of the data breach. If you are notifying us of a data breach, notifications must include: your name and contact details, the date and time of the breach you are reporting, the date and time it was detected and any other information that will help us investigate the issue.

How we use cookies and other tracking technologies

A cookie is a small file which asks permission to be placed on your computer or other device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Similar tracking technologies are used on mobile applications.

We use cookies and similar tracking technologies (such as Google Analytics and Sentry) to identify how our websites and apps (including the Digital Platform) are being used. For more information, see the Google Privacy Policy and the Sentry Privacy Policy.

Those cookies and similar tracking technologies help us analyse data about how our services are used, and to improve our services over time. We only use this information for statistical analysis purposes and then the data is removed from the system.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website and Digital Platform may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us by email, by writing to us or calling us.
  • Except as described in this Privacy Policy, we will not share, sell or lease your personal data to third parties unless we have your permission or are required by law to do so.
  • You may request details of personal information which we hold about you under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). If you would like a copy of the information held on you, please write to:

Wondrous People Limited,
201 Borough High Street,
London, United Kingdom,
SE1 1JA

Candidate Privacy Statement

This policy extends our privacy policy to provide specific guidance about how we use data we hold about people who are candidates for roles at Wondrous.

Why do we collect data about you when you apply for a role at Wondrous?

Wondrous is a private limited company delivering a range of services to support organisations to deliver next-level results through transforming leadership and culture.
We collect information about you when you apply for a permanent, temporary or contract role, or make an enquiry about becoming a Wondrous Partner practitioner (a consultant, coach or facilitator).

Much of the information we hold will have been provided by you, but some may have come from external sources, such as your LinkedIn profile, and comments from your referees.

What information do we collect about you when you apply for a role at Wondrous?

We gather information so that we can make decisions as to your suitability for the role that you have expressed an interest in.

This includes;

  • Your CV and covering letter.
  • A copy of your LinkedIn profile (if you have indicated that you have one).
  • Details of any qualifications that you have.
  • Hand written and electronic copies of interview notes gathered during the process.
  • Details of results of any interview tests used, including psychometric profiles
  • Copies of written references, or notes of verbal references obtained from referees whose details you have provided to us.
  • Details of your proof of right to work in the UK.
  • Details of any adjustments you have asked to be made to the recruitment process.
  • We do not use automated decision making at any time during the recruitment and selection process.
  • Some of the information we collect about you may include Sensitive personal data as defined in the Data Protection Act 1998. We will not utilise this data unless we have your explicit consent. If we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

How do we store your information

The security of your personal data is very important to us.

We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data. All data will be stored on Wondrous systems based in locations either in the EU or USA within data storage platforms that fully comply with EU data protection laws.

Who do we share your information with?

We may transfer information about you to other companies or independent consultants for purposes connected with your prospective employment or the management of the company’s business.

For example, we may share your information with Clients or Consultants as part of the recruitment process or we may choose to use third party providers to carry out data processing such as testing and referencing.

If we share your information with any external third party we will ensure that they fully comply with the requirements for the handling, storage and security of your data.
How long do we keep your information?

We will retain your information for nine months after the vacancy has been filled and then it will be destroyed, unless you explicitly request for your details to remain on file to be matched to future opportunities.

If you are successful in your application, your details we have gathered will then be used to raise a contract of employment, or a contract for services. You will then be provided with details of how we store and manage your data as an Employee of the company.

Your rights

Under the General Data Protection Regulation (“GDPR”) and The Data Protection Act 2018 (“DPA”) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

Wondrous People Ltd. is the controller and processor of data for the purposes of the DPA 18 and GDPR.

If you have any concerns as to how your data is processed you can contact us on +44 (0) 203 817 7625 or wondrous@wondrouspeople.com

You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.

Your journey to flourishing starts here

Let's Talk

The pioneers of a deeply human approach

© Wondrous 2023. All Rights Reserved. Built by Pivitt