At THE EMPLOYEE RESILIENCE COMPANY Ltd, we store your data in line with contractual and legal requirements. THE EMPLOYEE RESILIENCE COMPANY Ltd is part of the Perkbox-Vivup group including SME HCI Limited, trading as “Vivup”, Perkbox Limited, Let’s Connect IT Solutions Limited, Work&Life Partners Limited, and Vivup Financial Services Ltd. For litigation and operational purposes, this means retaining both clinical and non-clinical data for seven years after the cancellation of a contract with your employer and for up to seven years for clinical data. For training and accreditation purposes, the retention period is six years. We are committed to storing all of your data securely for the full duration of its retention. THE EMPLOYEE RESILIENCE COMPANY Ltd are committed to protecting your data and complying with our obligations under all relevant data protection law. THE EMPLOYEE RESILIENCE COMPANY Ltd is the data controller. This means that THE EMPLOYEE RESILIENCE COMPANY Ltd is responsible for deciding how your personal data is held and used. This statement sets out what personal data we process, how and why. It also explains your rights as a data subject. You can get further general information around your rights from the website of the UK Regulator, the Information Commissioners Office at https://ico.org.uk/for-the-public/. Your Data Matters. Our contact details We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below: By post or in person at our offices: The Data Protection Officer, The Employee Resilience Company Ltd, 3 Dorset Rise, London, England, EC4Y 8EN. Email address: dpo@vivup.co.uk
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact Vivup, who will respond on our behalf, in the first instance. We have appointed IT Governance Europe Limited to act as our EU Representative for privacy matters relating to data subjects residing in the EU only. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at eurep@itgovernance.eu or post your request or query to: EU Representative, IT Governance Europe, The Mill Enterprise Hub, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland. When contacting our Representative please ensure you include our company name in any correspondence. What this Notice applies to; Where we refer to Data Protection Law this means;
The UK General Data Protection Regulation (Regulation (EU) (2016/679) ('UK GDPR') and the Data Protection Act 2018 ('the Act'), and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK, and then any successor legislation to the GDPR or the Data Protection Act 2018
What type of information we have This Privacy Notice relates to Existing, former and prospective clients. If you are a Former, existing or prospective employee you will receive a separate privacy notice prior to our processing your data. Existing, former and prospective clients We collect the following types of personal data for you for the following reasons. We have to have a lawful basis to process your data and the lawful basis that applies is noted in the section below. How we get the information and why we have it. We collect your information in the following ways from the following sources. We collect your data by; Electronic Mail, Phone (voice and text), Post, Through our website(s). We collect your data from: Yourself directly, Your GP, a referral from your employer/manager or employer Occupational Health referral. We hold; Your personal details (name, address, date of birth, email address and telephone number). Our lawful basis for processing this data is; Consent Your employment records which could include; your contract, performance, absence, disputes at work, recruitment records, training and personal development records, electronic and paper file notes relating to any conversations that have taken place between the client and the individual(s) working for or representing THE EMPLOYEE RESILIENCE COMPANY Ltd. Our lawful basis for processing this data is; Consent We also process what is called Special Category Data. This is data that is considered particularly sensitive thereforeadditional measures are taken to protect that data. We process the following Special Category data; Your mental and physical health information where relevant to the support being provided. Our lawful basis for processing this data is; Consent Your sex life and sexual orientation where relevant to the support being provided. Our lawful basis for processing this data is; Consent Your racial or ethnic origin. Our lawful basis for processing this data is; Consent
Our additional condition as required under Article 9 of the GDPR for processing the above special categories of data is; (a) Explicit consent When you visit the TERC website at https://www.tercltd.co.uk/ the following information may be collected; We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. Further information can be found at https://www.tercltd.co.uk/cookie-policy/ Our lawful basis for processing this data is Legitimate Interest. You have the right to withdraw your consent to specific processing at any time. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, once we have received notification by your contacting us in one of the ways outlined in the Our Contact Details section of this Privacy Notice, that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law (see below, What we do with the information) What we do with the information Will we share your data with anyone? In order to provide you with a broad range of services, some services are facilitated through our approved partners. At THE EMPLOYEE RESILIENCE COMPANY Ltd we only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement, so as to safeguard your information and in accordance with the requirements of all relevant data protection law How long will we keep your data for? At THE EMPLOYEE RESILIENCE COMPANY Ltd, we store your data in line with contractual requirements. For litigation and operational purposes, this means retaining non-clinical data for seven years after the cancellation of a contract with your employer and for up to seven years for clinical data. We are committed to storing all of your data securely for the full duration of its retention. Will we use your data to make automated decisions? No. How we store your information We store your data in secure UK locations to enable us to provide support to you. Data is stored in the following locations; Office365 platform, CORE, CLIVE CRM system, Proofpoint AntiSpam Email Filter. All data is held in the UK. We only retain your data for as long as it is legally or commercially necessary to do so and in accordance with your rights as a Data Subject. Our Retention Schedule details along with how data will be securely destroyed or disposed of once no longer being processed. For more information on destruction/disposal contact our Data Protection Officer. Your data protection rights Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Your right of access You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Your right to erasure You have the right to ask us to erase your personal information in certain circumstances. Your right to restriction of processing You have the right to ask us to restrict the processing of your information in certain circumstances. Your right to object to processing You have the right to object to processing if we are using your data for;
Your right to data portability This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Whilst we do not process data for criminal law enforcement purposes, there may be instances where our obligation to safeguard exempts you from some of the above rights. If you wish to discuss our Safeguarding and Confidentiality Policies please contact us. You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us on dpo@tercltd.co.uk If you wish to make a request, or contact us on 03303 800975 Your rights may differ depending upon the lawful basis for processing. For example, some rights will not apply, see the table below from the regulator, the ICO (https://ico.org.uk/media/images/graphics/2258510/lawful-basis-table.png);
Statement on Anonymous Data Collection for Client Feedback Surveys To ensure we provide the best possible service to all our clients we send out a feedback form link at certain points in the client journey. To ensure we receive both candid feedback and process personal data only when required, all such feedback submissions are completely anonymous and configured to ensure that we have no way of being able to link any respondents to clients or identify any clients from the responses. Changes to the privacy policy and your duty to inform us of changes We keep our privacy policy under regular review. This version was last updated on 04/06/2025. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.