Healthya

GDPR Policy

Data Protection and GDPR Compliance

The data controller for the purposes of UK GDPR and the Data Protection Act 2018 is ADDVantage Digital Solutions Ltd, trading as healthya.

At healthya, safeguarding your personal data is a fundamental priority. This section outlines our compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws and guidelines.

Overview of Data Protection Legislation

The UK GDPR, alongside the Data Protection Act 2018, establishes the framework for protecting individuals’ personal data. These regulations enhance individuals’ rights and impose strict obligations on organisations processing personal data. Our commitment is to uphold these principles and embed data protection into all aspects of our operations.

Key Principles of Data Protection

We adhere to the following data protection principles, which govern how we collect, process, and store your personal data:

  • Lawfulness, Fairness, and Transparency: Data is processed fairly, lawfully, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only.
  • Data Minimisation: Only data necessary for the intended purpose is collected and processed.
  • Accuracy: Data is kept accurate and up to date.
  • Storage Limitation: Data is retained no longer than necessary, in line with retention policies.
  • Integrity and Confidentiality: Data is processed securely to protect against unauthorised access, loss, or damage.
  • Accountability: We take responsibility for compliance and can demonstrate it through policies and audits.
  • International Transfers: Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to EU Standard Contractual Clauses.

Lawful Bases for Processing Your Data

We process personal data only when a valid legal basis applies, such as:

  • Your explicit consent (which you may withdraw at any time).
  • Performance of a contract with you.
  • Compliance with legal obligations.
  • Protection of vital interests.
  • Tasks carried out in the public interest or under official authority.
  • Legitimate interests of healthya that do not override your rights.

Special Category Data

We process special category data, such as health information, only where a UK GDPR Article 9 condition applies, for example where this is necessary for employment, social protection, or social security law obligations, medical purposes, public health, or with explicit consent where appropriate.

Your Rights Under Data Protection Law

You have essential rights regarding your personal data, including:

  • The right to be informed how data is used.
  • The right of access to your personal data.
  • The right to correct inaccurate or incomplete data.
  • The right to request erasure of your data, where this right applies.
  • The right to restrict or object to certain types of processing.
  • The right to data portability.
  • Rights concerning automated decision-making and profiling.

Requests to exercise these rights can be made via email to conxsupport@healthya.co.uk or by contacting our Data Protection Officer. We aim to respond within one month as required by law.

Employee Data Management

We maintain employee records securely and lawfully to meet statutory requirements and operational needs. Employee data is stored only for as long as necessary and includes, but is not limited to, recruitment documents, employment contracts, absence records, and performance information.

Data Breach Reporting and Management

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO without undue delay and, where required, within 72 hours. Where a breach is likely to result in a high risk to individuals, we will also inform affected individuals without undue delay.

Accountability and Governance

Our organisation implements ongoing assessments, audits, and staff training to ensure compliance. We appoint a Data Protection Officer responsible for overseeing data protection strategy and implementation.

Data Subject Access Requests (DSARs)

You may request access to personal data we hold about you. We will respond to valid requests within one month of receipt, subject to lawful extension where requests are complex or numerous.

Additional Regulatory Frameworks and Guidance

Our data protection practices align with:

  • The Privacy and Electronic Communications Regulations (PECR).
  • The Age-Appropriate Design Code (Children’s Code) concerning the processing of children’s data.
  • Information Commissioner’s Office (ICO) guidance and best practices.
  • Data Protection Impact Assessments (DPIA) for high-risk processing activities.

For more detailed information, please visit the ICO’s website at https://ico.org.uk.

Contact Details

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please do not hesitate to contact us:

Data Protection Officer (DPO)

Email: dpo@healthya.co.uk

Customer Support: ConXSupport@healthya.co.uk

Registered Address: ADDVantage Digital Solutions Ltd, Clive House, Clive Street, Bolton BL1 1ET, United Kingdom

For complaints about data protection or if you are unsatisfied with our response, you may contact the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

Website: https://ico.org.uk

Telephone: 0303 123 1113 (UK helpline)

Summary FAQ: Your Data Protection Rights and Our Commitments

  • Q: What personal data do you collect?
  1. A: We collect data you provide directly (e.g., name, contact details) and technical data automatically (e.g., IP address, browser type), in accordance with the purposes outlined.
  • Q: How do you use my information?
  1. A: To provide services, fulfil contracts, communicate with you, send marketing (with your consent), improve our website, prevent fraud, and comply with legal obligations.
  • Q: Can I withdraw my consent?
  1. A: Yes, you can withdraw consent at any time for marketing and other consent-based processing by contacting us via the healthya App or email.
  • Q: Will my data be shared with third parties?
  1. A: We only share data with trusted partners necessary for service delivery or with your consent. We never sell your data.
  • Q: How do you protect my data?
  1. A: We use technical, administrative, and organisational safeguards compliant with UK GDPR and best practices; however, internet transmission is never completely risk-free.
  • Q: How long do you retain my data?
  1. A: Personal data is retained only for as long as necessary for the purpose collected and in line with our retention schedule and legal obligations.
  • Q: What are my rights?
  1. A: You have rights to access, correct, delete, restrict processing, data portability, object to processing, and rights concerning automated decisions. Requests can be made via the healthya App or our DPO.
  • Q: What happens if there is a data breach?
  1. A: We have procedures to manage breaches, including notifying the ICO and affected individuals when legally required.
  • Q: How do I make a complaint about data protection?
  1. A: Contact us directly or lodge a complaint with the ICO using the contact details above.