School Wellbeing Services – Privacy Notice

About Us

School Wellbeing is a trading name of Make A Difference (UK) Limited, a UK company (registration number 04476666). Our ICO registration number is ZA786690.

Make A Difference (UK) Limited is committed to ensuring that the personal data of member organisations and their staff is protected. This Privacy Notice provides details of the information that we may process to assist with the administration and management of this service.

Make A Difference (UK) Limited acts as a Data Controller for all personal data processed when a Member organisation enquires about or contracts our services.

We may also collect and process personal data when Member organisations:

• Complete voluntary surveys
• Provide feedback on services
• Communicate with us by phone, email, post, website, or social media

Make A Difference (UK) Limited acts as a Data Processor when receiving and handling personal data related to staff eligible for wellbeing services. Member organisations remain responsible for:

• Meeting their data protection obligations
• Documenting their lawful basis for sharing data with us

---

Who This Notice Applies To

This notice applies to:

• Organisations entering into an agreement for Wellbeing services
• Staff and authorised stakeholders managing the organisation’s account

---

How We Collect Data

We collect data:

• Via our website
• Over the phone
• Via email or written communication (including social media)
• Face-to-face (e.g. conferences and exhibitions)

---

Data Protection Principles

We process personal data in line with the following principles:

• Used lawfully, fairly and transparently
• Collected only for specified, legitimate purposes
• Relevant and limited to what is necessary
• Accurate and kept up to date
• Retained only as long as necessary
• Kept secure

---

Where We Collect Personal Data From

We may collect personal data from:

• The potential or actual Member organisation
• You directly (as a stakeholder)
• Third parties such as:
  • Business partners
  • Third-party processors
  • Payment providers

---

Categories of Personal Data We Collect

Potential Member Organisations

• Names, roles, email addresses, and phone numbers of decision-makers
• Marketing preferences
• Customer satisfaction feedback
• Recorded calls (for training/monitoring)

Member Organisations

• Staff contact details (name, role, email, phone number)
• Recorded calls and communications
• Marketing preferences and surveys

Additionally, Member organisations may provide staff data for wellbeing services, including:

• Name
• Date of birth
• Gender
• Marital status
• Address
• Medical history

This data is governed by the Member organisation as Data Controller.

---

How We Use Personal Data

We use personal data to:

• Provide quotations
• Set up accounts
• Manage agreements
• Deliver wellbeing services
• Comply with legal obligations
• Handle complaints
• Analyse service performance
• Send marketing and service communications

---

Lawful Bases for Processing

When acting as a Data Controller, our lawful bases include:

• Contractual necessity
• Legal obligations
• Vital interests
• Legitimate interests, including:
  • Service delivery and quality monitoring
  • Marketing and relationship management
• Consent

Special Category Data

Processed under:

• Explicit consent
• Legal claims (establish, exercise, defend)

---

Data Storage and Retention

• Data is stored on encrypted servers within the UK
• Retained only as long as necessary

Typically retained:

• During the agreement period
• To meet legal/regulatory requirements
• Up to 7 years after agreement ends

Longer retention may apply in case of disputes or legal proceedings.

---

Who We Share Personal Data With

We may share data with third-party providers such as:

• Be Well Support
• Medical and wellbeing service providers

We ensure:

• Data-sharing agreements are in place
• Data is shared only where necessary

We may also share organisation contact details within our group where relevant.

---

Data Security

We implement appropriate security measures to prevent:

• Unauthorised access
• Data loss or misuse

Access is restricted to authorised personnel only.

We have procedures in place for data breaches and will notify relevant parties where required.

---

Your Data Protection Rights

You have the right to:

• Access your data (Subject Access Request)
• Withdraw consent
• Request correction or deletion
• Restrict or object to processing
• Opt out of marketing
• Challenge legitimate interest processing
• Request data portability
• Be notified of data breaches
• Lodge a complaint with the ICO

We do not use automated decision-making or profiling.

---

Your Responsibility

You must ensure that the information we hold is accurate and up to date. Please inform us of any changes.

---

Subject Access Requests (SARs)

Where we act as Data Controller, you can contact us directly to exercise your rights.

Where we act as Data Processor:

• Requests will be forwarded to the Member organisation
• We will assist them where required

---

Contact Details

Make A Difference (UK) Limited
44 Tyndall Court
Peterborough
United Kingdom
PE2 6LR

📧 Email: dpo@uk-sas.co.uk

Or write to:
Data Protection Officer
Trigg House
11 Maisies Way
South Normanton
Derbyshire
DE55 2DS

If unresolved, you can contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/