Privacy Policy

1. Introduction

Well At Work Project Limited ("we", "us", or "our") is committed to protecting your personal information and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and share personal data when you:

  • Visit our website

  • Engage with our services

  • Use the Well at Work Project Platform (WAWPP), including Display Screen Equipment (DSE) assessments

We act as a data controller for personal data processed through our website and the Well at Work Project Platform (WAWPP).

Data Protection Contact
Email: bernitta@wellatworkproject.com
Phone: 01487 209 084
Address: Well At Work Project Limited, 10a Mill Green, Warboys, Cambridgeshire, PE28 2SA

2. Information We Collect

2.1 Website and general enquiries

We collect personal information when you:

  • Request information about our services

  • Book a DSE assessment or consultation

  • Subscribe to newsletters or blogs

  • Contact us via email or online forms

This may include:

  • Name and contact details

  • Company name and job role

  • Communication preferences

2.2 Well at Work Project Platform (WAWPP) – Level 1 DSE assessments

When using the Well at Work Project Platform (WAWPP), we collect information necessary to deliver Level 1 DSE screening assessments, including:

  • Employee name

  • Job role

  • Work email address

  • Workstation and work environment information

  • Information relating to discomfort or pain associated with screen work

  • Training, equipment, or adjustment needs

Level 1 assessments are used for screening and risk identification purposes only and do not constitute medical or clinical assessments.

2.3 Level 2 and Level 3 specialist DSE assessments

Where escalation is required, more detailed health-related information may be collected as part of Level 2 or Level 3 DSE assessments.

These assessments are:

  • Conducted separately from the Well at Work Project Platform (WAWPP)

  • Stored within a secure medical records system

  • Not held within the WAWPP platform

Level 2 and Level 3 assessments are delivered through our sister company, The Waterside Practice, which acts as data controller for those specialist assessment records.

2.4 Technical data

When you visit our website, we may automatically collect:

  • IP address

  • Browser type and device information

  • Pages visited and time spent on pages

  • Referring websites

2.5 Cookies

Our website uses cookies to support functionality and improve user experience. Cookie settings can be managed through your browser preferences.

3. How We Use Your Information

We use personal data to:

  • Deliver DSE assessments and workplace wellbeing services

  • Support employers in meeting health and safety obligations

  • Identify and manage DSE-related risks

  • Recommend reasonable workplace adjustments

  • Communicate with clients and users

  • Improve our services and platform

  • Comply with legal and regulatory obligations

4. Legal Basis for Processing

We process personal data on the following legal bases under the UK General Data Protection Regulation (UK GDPR):

  • Contract – where processing is necessary to deliver services commissioned by an organisation

  • Legitimate interests – to support workplace health, safety, and service improvement, provided these interests are not overridden by individual rights

  • Consent – where you opt in to receive marketing communications

  • Legal obligation – where processing is required to comply with applicable laws and regulations

Processing of health-related information (special category data)

Where DSE assessments involve information relating to discomfort, pain, injury, or physical function, this information is treated as health-related information and processed as special category data.

Such information is processed in accordance with:

  • Article 9(2)(b) of the UK GDPR – employment and health and safety obligations

  • Article 9(2)(h) of the UK GDPR – occupational health purposes

Appropriate technical and organisational safeguards are in place to protect this information, including restricted access, data minimisation, secure storage, and defined retention periods.

We do not rely on consent as the primary lawful basis for processing health-related information in the context of DSE assessments.

5. Who Can See Your Information

Level 1 DSE assessments

Designated managers within the commissioning organisation may access:

  • Assessment completion status

  • Level 1 assessment outcomes

  • Recommended actions relevant to workplace adjustments

This access is provided solely to support workplace health and safety responsibilities.

Level 2 and Level 3 assessments

  • Detailed specialist assessment records are not accessible through the Well at Work Project Platform (WAWPP)

  • Employers receive summary reports only, where appropriate, to support workplace action

6. Data Sharing and Disclosure

We do not sell personal data.

Information may be shared only where necessary:

  • With the organisation commissioning the service

  • With secure technology providers supporting service delivery, under appropriate contractual safeguards

  • With professional advisers

  • Where required by law or regulatory obligation

7. Data Retention

We retain personal data only for as long as necessary for its intended purpose.

  • Level 1 DSE assessment data is retained for the duration of the client contract, plus up to 12 months, after which it is securely deleted or anonymised

  • Level 2 and Level 3 specialist assessment records are retained for seven (7) years, in line with requirements relating to health and medical record storage

  • Marketing data is retained until consent is withdrawn

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Role-based access controls

  • Secure platform hosting

  • Separation of screening and specialist assessment data

  • Secure sharing of reports via password-protected PDF

Our data handling practices align with recognised information security and occupational health and safety best practice.

9. International Data Transfers

Where data is transferred outside the UK, appropriate safeguards are put in place in accordance with UK data protection law.

10. Your Data Protection Rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion where appropriate

  • Restrict or object to processing in certain circumstances

  • Withdraw consent for marketing communications

Requests may be made via your employer or directly to us.

11. Data Breaches

We maintain procedures to identify, manage, and respond to personal data breaches. Where required, breaches will be reported to the Information Commissioner's Office (ICO) and affected individuals in line with legal requirements.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be indicated by the "Last updated" date.

14. Contact and Complaints

If you have questions about this Privacy Policy or how your data is handled, please contact:

Well At Work Project Limited
Email: bernitta@wellatworkproject.com
Phone: 01487 209 084
Address: 10a Mill Green, Warboys, Cambridgeshire, PE28 2SA

If you believe your data has not been handled appropriately, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.