Privacy Notice

At The Employee Resilience Company Limited, we store your data in line with contractual and legal requirements. The Employee Resilience Company Limited is part of the Perkbox-Vivup group including SME HCI Limited, trading as “Vivup”, Perkbox Limited, Let’s Connect IT Solutions Limited, Work&Life Partners Limited, and Vivup Financial Services Ltd.

Purpose of this privacy notice
The Employee Resilience Company Limited respects your privacy and is committed to protecting your personal data in accordance with all applicable data protection laws.

This privacy notice aims to provide you information on how The Employee Resilience Company Limited collects and processes your personal data through your use of this web site or through our counselling services. The privacy notice will tell you about your privacy rights and how the law protects you.

This website is not intended for children (under the age of 18) and children are prohibited from registering as per our terms.

It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.

The Employee Resilience Company Limited are committed to protecting your data and complying with our obligations under all relevant data protection law.

The Employee Resilience Company Limited is the data controller.

This means that The Employee Resilience Company Limited is responsible for deciding how your personal data is held and used.

This statement sets out what personal data we process, how and why. It also explains your rights as a data subject. You can get further general information around your rights from the website of the UK Regulator, the Information Commissioners Office at https://ico.org.uk/for-the-public/.

Your Data Matters.

What this Notice applies to;
Where we refer to Data Protection Law this means;

The UK General Data Protection Regulation ('UK GDPR') and the Data Protection Act 2018 ('the Act'), and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK, and then any successor legislation to the GDPR or the Data Protection Act 2018

What type of information we have
This Privacy Notice relates to Existing, former and prospective clinical clients. If you are a Former, existing or prospective employee you will receive a separate privacy notice prior to our processing your data.

Existing, former and prospective clinical clients
We collect the following types of personal data for you for the following reasons. We have to have a lawful basis to process your data and the lawful basis that applies is noted in the section below.

How we get the information and why we have it.
We collect your information in the following ways from the following sources.

We collect your data by; Electronic Mail, Phone (voice and text), Post, Through our website(s).

We collect your data from: Yourself directly, Your GP, a referral from your employer/manager or employer Occupational Health referral.

We hold;
Your personal details (name, address, date of birth, email address and telephone number). Our lawful basis for processing this data is; Consent

Your employment records which could include; your contract, performance, absence, disputes at work, recruitment records, training and personal development records, electronic and paper file notes relating to any conversations that have taken place between the clinical client and the individual(s) working for or representing The Employee Resilience Company Limited. Our lawful basis for processing this data is; Consent

We also process what is called Special Category Data. This is data that is considered particularly sensitive therefore
additional measures are taken to protect that data. We process the following Special Category data;

Your mental and physical health information where relevant to the support being provided. Our lawful basis for processing this data is; Consent

Your sex life and sexual orientation where relevant to the support being provided. Our lawful basis for processing this data is; Consent

Your racial or ethnic origin. Our lawful basis for processing this data is; Consent

Our additional condition as required under Article 9 of the GDPR for processing the above special categories of data is; (a) Explicit consent

When you visit the TERC website at https://www.tercltd.co.uk/ the following information may be collected;

We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. Further information can be found at https://www.tercltd.co.uk/cookie-policy/ Our lawful basis for processing this data is Legitimate Interest.

You have the right to withdraw your consent to specific processing at any time. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, once we have received notification by your contacting us in one of the ways outlined in the Our Contact Details section of this Privacy Notice, that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law (see below, What we do with the information)

What we do with the information

Will we share your data with anyone?

In order to provide you with a broad range of services, some services are facilitated through group companies (SME HCI Limited) and our approved partners. At The Employee Resilience Company Limited we only work with trusted partners and suppliers who have agreed to the terms of a Data Sharing Agreement, or a Data Processor Agreement, to safeguard your information and in accordance with the requirements of all relevant data protection law. This includes the outsourcing of the EAP services to Optima Health UK Limited and the sharing of personal data between The Employee Resilience Company Limited and Optima Health UK Limited.

A schedule of our processors is provided below

Company	Purpose	Registration Number	Data Hosting Location
Core Information Management Systems Limited (CORE-net)	Clinical CRM	Z1973189	UK
Dr Julian Medical Group Limited	Clinical CRM	ZA201584	UK
My Life Counselling Practice LTD	Counselling Service	ZB921858	UK
Heidi Health Ltd	AI Medical Scribe	ZB671518	UK
Microsoft Limited	Email and communications	Z6296785	UK
SME HCI Limited	Infrastructure and group finance	Z1947713	UK

Company	Purpose	Registration Number	Data Hosting Location
Core Information Management Systems Limited (CORE-net)	Clinical CRM	Z1973189	UK
Dr Julian Medical Group Limited	Clinical CRM	ZA201584	UK
My Life Counselling Practice LTD	Counselling Service	ZB921858	UK
Heidi Health Ltd	AI Medical Scribe	ZB671518	UK
Microsoft Limited	Email and communications	Z6296785	UK

A schedule of our processors is provided below

How long will we keep your data for?

At The Employee Resilience Company Limited, we store your data in line with contractual requirements. For litigation and operational purposes, this means retaining data for seven years after the cancellation of a contract with your employer and for up to seven years for clinical data.

We are committed to storing all of your data securely for the full duration of its retention.

Will we use your data to make solely automated decisions?

No.

How we store your information

We store your data in secure UK locations to enable us to provide support to you.

We only retain your data for as long as it is legally or commercially necessary to do so and in accordance with your rights as a Data Subject. Our Retention Schedule details along with how data will be securely destroyed or disposed of once no longer being processed. For more information on destruction/disposal contact our Data Protection Officer.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. Please note that any request will be considered on a case-by-case basis and in line with our requirements to retain data set out above.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing
You have the right to object to processing if we are using your data for;

a task carried out in the public interest;
the exercise of official authority;
our legitimate interests;
scientific or historical research, or statistical purposes; or
direct marketing purposes.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Whilst we do not process data for criminal law enforcement purposes, there may be instances where our obligation to safeguard exempts you from some of the above rights. If you wish to discuss our Safeguarding and Confidentiality Policies please contact us.

You are not usually required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us using the information provided below If you wish to make a request.

Your rights may differ depending upon the lawful basis for processing. For example, some rights will not apply, see the table below from the regulator, the ICO;

Statement on Anonymous Data Collection for Clinical Client Feedback Surveys

To ensure we provide the best possible service to all our clinical clients we send out a feedback form link at certain points in the clinical client journey. To ensure we receive both candid feedback and process personal data only when required, all such feedback submissions are completely anonymous and configured to ensure that we have no way of being able to link any respondents to clinical clients or identify any clinical clients from the responses.

Our contact details
We have appointed a data protection officer (“DPO”) who is responsible for overseeing our compliance with data protection laws. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below:

By post or in person at our offices: The Data Protection Officer, The Employee Resilience Company Ltd, 3 Dorset Rise, London, England, EC4Y 8EN.

Email address: DPO@tercltd.co.uk
You have the right to make a complaint at any time to the (“ICO”), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We have appointed IT Governance Europe Limited to act as our EU Representative for privacy matters relating to data subjects residing in the EU only. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at  or post your request or query to:

EU Representative, IT Governance Europe, The Mill Enterprise Hub, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland.

When contacting our Representative please ensure you include our company name in any correspondence.

Changes to the privacy policy and your duty to inform us of changes
We reserve the right to make changes to this Privacy Notice at any time and for any reason. We will notify you where changes to this privacy notice are made.

This version was last updated on 08/04/2026.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.  Failure to provide accurate and current information may mean we are unable to proceed with counselling.