Threes Sixty Wellbeing Ltd (Registered number 13819238) is responsible for protecting your personal data governed by Data Protection Act 2018.
The ICO registration number ZB309412
Data Protection Officer; Satswana Ltd, St Christopher’s Place, Pembroke House, Farnborough, GU14 0NH
This summary explains how we collect and use your personal information to help you and our business. Please read this notice and any specific links within the notice.
1 Who we are
1.1 This privacy notice (the “Privacy Notice”) applies to all information we collect, use and process about you as a customer in relation to the products/services you receive from us carried out by Three Sixty Wellbeing Ltd (“360 Wellbeing”).
1.2 360 Wellbeing is a data controller in respect of personal information that we process in connection with our business (including the products and services that we provide). In this notice, references to “we”, “us” or “our” are references to 360 Wellbeing.
1.3 Our principal address is Pembroke House, St Christopher’s Place, Farnborough, GU14 0NH.
1.4 We respect individuals’ rights to privacy and to the protection of personal information. The purpose of this Privacy Notice is to explain how we collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information).
2 The information we process
2.1 We collect and process various categories of personal and confidential information at the start of, and for the duration of, your relationship with us and beyond. We will limit the collection and processing to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal and confidential information may include:
- a) basic personal information, including name and address, date of birth, contact details, nationality, the fact you are our customer/client.
- b) financial information, including payment card and transactional information and history, payment, and payee details.
- c) information about your family, lifestyle and social circumstances and preferences.
- d) education, employment, and business information.
- e) goods and services provided.
- f) online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your App profile and login information, Internet
Protocol (IP) address, smart device information, location coordinates, App security authentication, mobile phone network information, searches, site visits and usage patterns; and
- g) our Payment Services company, STRIPE, may collect information relating to transactions performed by card holders.
2.2 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing crime, it is in the wider public interest (for example, to protect customers’ well-being), to make our services accessible to customers or for reporting of complaints for regulatory purposes. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the purposes and activities for which the information is provided as set out in Schedule A). This may include information revealing:
- a) information revealing racial or ethnic origin,
- b) religious or philosophical beliefs.
- c) trade union membership.
- d) biometric information used for identification purposes including physical, physiological and behavioural identification.
- e) information concerning health; and
- f) data concerning a person’s sex life and sexual orientation.
2.3 Where permitted by law we may process information about criminal convictions, criminal offences, related security details, alleged offences including unproven allegations, spent or previous convictions, or other details provided in relation to a criminal reference check or similar.
2.4 Where you have provided your consent for us to process your special category data, such as biometric data, you can change it any time by contacting us.
3 How we obtain information
3.1 Your personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your activities. It includes:
- a) information you give to us,
- b) information that we receive from third parties – including other associate group companies,
(i) third parties who provide services to you or us,
(ii) industry and trade bodies, and
- c) information that we learn about you through our relationship with you and the way you operate your App accounts and/or services.
- d) information that we gather through cookies or similar tracking tools (e.g. pixels) when you use our websites, 360 App or web chat services. Advertising or targeting cookies or similar technologies may also be used to track your responses to particular adverts, messages or forms, which helps us to ensure we present you with the most relevant content in the future; When running email campaigns and notifications we also track delivery and log when emails are opened. For example, when you open the email a small image file known as a GIF may be downloaded to your web browser or email programme. You can restrict or block this type of technology through your web browser or email programme settings by preventing automatic downloading. Cookies may also be set if you click on a link within the email.
We track delivery and analyse the overall open and click rates of bulk emails in order to:
- Identify delivery problems with Internet Service Providers.
- Provide evidence that regulatory messages are being opened.
- Ensure subject lines and email content are clear and helpful.
- Measure the overall performance of communication campaigns.
- Make our communications more relevant.
By default, tracking logs are deleted after 6 months.
- e) information that we gather from the technology which you use to access our services (for example device data location data from your device, or an IP address or telephone number) and how you use it (for example pattern recognition); and
- f) information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines. Information that you make public on social media e.g. Facebook, Twitter.
4 Your rights
4.1 We want to make sure that you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in the table below. If you wish to exercise any of these rights, if you have any queries about how we use your personal information that are not answered here, or if you wish to complain to our independent Data Protection Officer, Satswana Ltd at [email protected] (Reference 360 Wellbeing), contact us by phone +44 (0) 020 3951 9360 or write to us to 360 Ltd, Pembroke House, St Christopher’s Place, Farnborough, GU14 0NH
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
Rights Description
Access – You have a right to get access to the personal information we hold about you.
Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information. If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information. Please note that if you request us to restrict processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Erasure – You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that:
- we no longer need to process your information for the purposes for which it was provided.
- we have requested your permission to process your personal information where required for a particular purpose and you wish to withdraw your consent; or
- we are not using your information in a lawful manner.
Please note that if you request that we delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Restriction – You have a right to request that we restrict the processing of your personal information. You may request that we restrict processing your personal information if you believe that:
- any of the information that we hold about you is inaccurate.
- we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or
- we are not using your information in a lawful manner.
Please note that if you request that we restrict processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Portability – You have a right to data portability. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering a contract with us, you have a right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
Objection – You have a right to object to the processing of your personal information. You have a right to object to us processing your personal information (and to request us to restrict processing) for the purposes described in Section C of Schedule A – Purposes of Processing (below), unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal information altogether or, where requested, delete your information. Please note that if you object to us processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Marketing – You have a right to object to direct marketing. You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing.
Withdraw consent – You have a right to withdraw your consent. Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
Lodge complaints – You have a right to lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit www.ico.org.uk
5 Changes to the way we use your information
From time to time, we may change the way we use your information. When we do, we will communicate any changes to you and publish the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it. Where we believe you may not reasonably expect such a change, we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes, it may not be possible for us to continue to operate your account and/or provide certain products and services to you. Where relevant, we may also include further details or information in relation to a particular service or activity at the point information is collected or the product or service is considered.
6 How we use and share your information
We will only use and share your information with other associate group companies where it is necessary for us to lawfully carry out our business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail.
7 Sharing with other third parties
7.1 We will not share your information with anyone outside 360 Wellbeing
- a) where we have your permission,
- b) where required, whether directly or indirectly, for your product or service, which could include in relation to your wellbeing or accessibility requirements,
- c) with law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory or trade bodies,
- d) with third parties providing services to us, such as market analysis and benchmarking, agents and sub-contractors acting on our behalf, such as the companies which provides technical support, where advice or services are required or requested in connection with our legal, regulatory or contractual rights or obligations relating to products or services provided to you.
- e) with social media companies (in a secure format) or other third-party advertisers and marketing companies so they can display or send relevant messages to you and others or compile information relevant to marketing to you about our products and services on our behalf. Third party advertisers may also use information about your previous web activity to tailor adverts which are displayed to you.
- f) with credit reference agencies and with third parties in relation to debt collection and related activities.
- g) with third-party guarantors or other companies that provide you with benefits or services (such as insurance cover) associated with your product or service.
- h) where required for a proposed or actual sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business where such data is shared with a third party it is done so under strict duties of confidentiality.
- i) in anonymised form as part of statistics or other aggregated data shared with third parties; or
- j) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
7.2 If you ask us to, we will share information with any third party that provides you with payment services, you’re allowing that third party to access information relating to your account. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
7.3 In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
7.4 360 Wellbeing will not share your information with third parties for their own marketing purposes without your permission.
8 Transferring information overseas
8.1 We will not transfer your information to organisations in other countries, all our business is conducted in United Kingdom.
9 Marketing information
Unless you have opted in, we will not send you any marketing information. Even after your consent, you may opt out from receiving marketing information by contacting us.
10 Communications about your account
10.1 We will contact you with information relevant to the operation and maintenance of your account (including updated information about how we process your personal information), by a variety of means including via 360 App, email, text message, post and/or telephone. If at any point in the future you change your contact details you should tell us promptly about those changes.
10.2 We may monitor or record calls, emails, text messages, webchat, or other communications in accordance with applicable laws for the business purposes.
10.3 We may contact you if we have concerns about your wellbeing and offer support.
11 How long we keep your information
11.1 By providing you with products or services, we create records that contain your information, such as customer account records, activity records. Records can be held on a variety of media (physical or electronic) and formats.
11.2 We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
11.3 Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which we operate. Retention periods may be changed from time to time based on business or legal and regulatory requirements. No records will be kept longer then it necessary / required.
11.4 We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that 360 wellbeing will be able to produce records as evidence if they’re needed.
12 Security
We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf. All our servers are based within EEA and all necessary back up and recovery plans are in place.
13 Automated Processing
13.1 In the course of providing products and services to you we may process your personal information by automated means, to include profiling. What this means is that we will use computer software or predictive analysis to automatically evaluate your personal circumstances in order to identify risks or to predict certain outcomes and the identification of customers in vulnerable situations so that we can offer them support or protection.
13.2 Profiling is a useful tool as we try to understand our customers and their specific needs in more detail. It gives us the opportunity to use personal information to tailor our marketing and product offering but also to ensure that we achieve fair customer outcomes. However, our customers do have rights and entitlements in relation to automated processing and these are covered in table above. You also have the right to opt out of profiling for marketing purposes.
Schedule of Purposes of Processing
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other associate group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:
A Contractual necessity
We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
This may include processing to:
- a) assess and process applications for products or services.
- b) provide and administer those products and services throughout your relationship with us, including opening, setting up or closing your accounts or products; collecting and issuing all necessary documentation; executing your instructions. Calls to our service centre and communications to our mobile and online helplines may be recorded and monitored for these purposes.
- c) manage and maintain our relationships with you and for ongoing customer service. This may involve sharing your information with other associate group companies to improve the availability of our services.
- d) administer any credit facilities or debts, including agreeing repayment options; and
- e) communicate with you about your account(s) or the products and services you receive from us.
B Legal obligation
When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
- f) confirm your identity, (including using biometric information and voice-recognition technology and other identification procedures, for example fingerprint verification where we have a valid legal basis e.g. consent);
- g) perform checks and monitor transactions and location data for the purpose of preventing and detecting fraud.
- h) assess affordability and suitability of products and services.
- i) deliver mandatory communications to customers or communicating updates to product and service terms and conditions.
- j) conduct investigations into breaches of conduct and corporate policies by our employees;
- k) perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality.
- l) monitor dealings to prevent market abuse; and
- m) accessibility and providing reasonable adjustments.
C Legitimate interests
We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
- a) We may process your information in the day-to-day running of our business, to manage our business and to protect our customers, employees, and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
(i) monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services.
(ii) ensure business continuity and disaster recovery and respond to information technology and business incidents and emergencies.
(iii) ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
(iv) provide assurance on our material risks and reporting to internal management and supervisory authorities on whether we are managing them effectively.
(v) perform general, financial, and regulatory accounting and reporting.
(vi) protect our legal rights and interests.
(vii) manage and monitor our properties and branches (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
(viii) enable a proposed or actual sale, reorganisation, transfer, or other transaction relating to our business; and
(ix) enable our payment Services companies for collection of account subscriptions.
- b) It is in our interest as a business to ensure that we provide you with the most appropriate products and services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:
(i) identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
(ii) send you relevant marketing information (including details of other products or services provided by us.
(iii) understand our customers’ actions, behaviour, preferences, expectations, feedback history to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services.
(iv) research your experiences with us and to monitor the performance and effectiveness of products and services.
(v) assess the quality of our customer services and to provide staff training. Calls to our service centres, video calls and communications to our mobile and online helplines may be recorded and monitored for these purposes.
(vi) perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers.
- c) It is in our interest as a business to manage our risk and to determine what products and services we can offer and the terms of those products and services. It is also in our interest to protect our business and customers and others by preventing, fraud and other criminal activities.
This Privacy Notice was updated on 11th February 2022.