Be Well Walsall is committed to ensuring all information we collect and process is secure and that information is always kept confidential.
Be Well Walsall is commissioned by Walsall Council, and for the purposes of the programme, Walsall Council are Data Controller and Be Well Walsall and Maximus UK Services Limited, when trading as “Be Well Walsall” are Data Processors under UK-GDPR.
Data protection and confidentiality are essential aspects of the ethical codes of conduct, professional body guidelines and codes of practice that we and our employees are required to adopt. These are central to the relationship that we have with our employees and service providers as well as our customers and their families.
Services we provide
- Wellbeing support
- Adult Weight Management
- Smoking Cessation Support
- NHS Health Checks
- Online / Digital Behaviour Change Support
- Onward referral to third party healthy lifestyle service providers, such as exercise on referral
Data we hold about you and why
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data
includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data
includes address, email address, telephone numbers, parental contact details
- Special Category or Wellbeing Data
includes translation requirements, NHS number, GP surgery details, disability status, height, weight, BMI, smoking status, physical activity status, alcohol consumption levels, long-term health condition information, weight management service history, anxiety/PHQ assessment information, sleeping status, or ethnic origin.
- Technical Data includes information about your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communication Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We will only use your personal data when the law allows us to, usually in the following circumstances:
- Where we need to perform the contract, we are about to enter or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
- Where we have your consent before the processing starts.
The table below describes the ways we plan to use your personal data, and which legal base(s) we rely on to do so. We have also identified legitimate interests where appropriate.
|Type of data
|Lawful basis for processing including basis of legitimate interest
|To register you as a new participant
|Providing the services to you, and managing our relationship with you, which will include:
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|To deliver relevant website content to you and measure or understand the effectiveness of the advertising we serve to you
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|To enable you to partake in a prize draw, competition or complete a survey
|To refer you to other related services, provided by the Council, or other third parties on their behalf, that may be of interest to you
We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. If you require further details regarding the specific lawful basis we are relying on to process your personal data, please contact us.
How do we collect your personal data?
We use different methods to collect data from and about you including through:
- Direct interactions.
You may give us your Identity, Contact, Special Category Data by using our portal, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you complete any lifestyle or other assessment with us, create an account on our website, or apply for or subscribe to our services.
- Automated technologies or interactions.
- Third parties. We will receive personal data about you from various third parties as set out below:
- Identity, Contact and Special Category from the following parties:
- Local authorities, health or social care professionals and your GPs where those parties have completed a referral on your behalf; and other mobile application providers such as Google Health, Fitbit, and Apple Health to the extent that you opt-in to sync those applications with our platform.
- Technical Data from the following parties:
analytics providers such as Google based outside the UK; and
advertising networks such as Facebook and Instagram based outside the UK.
Not all calls are recorded although we may record and/or monitor phone calls and/or consultations to:
- Improve the quality of the services we provide.
- Train and provide our employees with feedback.
- Resolve any complaints or concerns that may arise.
Recordings are held in an encrypted state on our servers for up to 2 years after which they are fully deleted. Controls are in place to ensure that only authorised staff have access to phone recordings, and where it is held by us, we can provide a copy of any recording relating to an individual on request.
Please tell us as soon as possible or at the start of a call if you have any concerns with your call being recorded.
Audit and Reporting
We may audit records as part of our contractual requirements with the commissioner of the Be Healthy Bucks programme. When we provide aggregated reports, data will be anonymised, so no individual will be identifiable except in limited circumstances.
Customer Satisfaction Surveys and Feedback
Where we invite you to take part in a customer satisfaction survey, or you provide feedback via forms on this website, any data you provide will be handled in line with this privacy statement.
Right of Access Requests
Individuals may request copies of their records or parts thereof, at any time. Where applicable, using your portal account you can access some of the information relating to your cases(s) directly.
If you require more information, you can submit a Right of Access Request (RoAR).
If you require access to your records, we ask that the request be made in writing to ensure the security of sensitive data.
You can send a letter or email, which must include the following information:
- Full Name (including any previous names used)
- Date of birth
- Email / Address
You should also, where possible, include proof of identity which includes your signature. On receipt of your request, we may require further information to enable us to locate your records and we may make additional security checks to ensure you are who you say you are. This is designed to protect your personal information.
If you have any questions about this privacy statement, want to exercise your rights or want to make a complaint about how Be Healthy Bucks has processed your information please email: email@example.com
The ICO is the government body responsible for data protection in the United Kingdom. Should you have any queries regarding data protection there is further information available on the UK’s ICO website at www.ico.org.uk.