Privacy Policy

Effective date: June 23

Introduction

Spectrum.Life (“we”, “us”, “our”, Spectrum.life”) respects your right to the privacy and confidentiality of your personal information. This Notice sets out the obligations of Spectrum.Life regarding data protection and your rights when you interact with Spectrum.life online, use our mobile applications or avail of our Services (the Services) or visit our websites, and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our Sites, vendors, suppliers and other users of our Services (together, “you”).

Information About Us

Spectrum Wellness Limited trading as Spectrum.life can be contacted at 95 Merrion Square, Dublin 2 Ireland. Spectrum.life is the data controller for your data for the purposes of the Irish Data Protection Act 2018 and the General Data Protection Regulation (GDPR) or, as applicable in respect of UK customers, the UK Data Protection Act 2018. In some instances, for certain clients, we may act as a data processor when we deliver services to you on their behalf.

Personal Data We Collect and how we use it

When you interact with Spectrum.Life through the use of the Services or the Website, we may collect Personal Data and other information from you, as further described below. We may also periodically obtain both personal and non-personal information about you from customers, business partners, contractors and other third parties. Examples of information that we may receive are included below:

Personal data processed Source of the personal data: Purposes of processing Legal basis for processing
Service Users
Name, e-mail address

Other information you provide by filling in forms on the
Website or Apps

Data subject

/ Your organisation

To operate and provide the search, login, review, forums and
other services, facilities and functions of our websites and
apps.

To manage any accounts or registrations you may have with
our websites and making changes to your settings and profile
at your request.

To process a survey response which you may send us.

Legitimate interest

Contract / Consent

Name, e-mail address Data subject To carry out direct marketing to you. Consent
Contact name, address, organisation name, e-mail address,
and telephone number, interests and activities, gender, age,
and other demographic information as may be provided.

Other Information you provide to professional
coaches/experts providing the Services in face to face
consultations or events (screening data).

Data subject

Your organisation

To deliver the services to you.

To identify you and verify your credentials.

To setup an account in our clinical systems.

To communicate with you about the services, your bookings
and events and to respond to your inquiries relating to the
services, bookings, problems and complaints.

To provide you with tailored programmes, events and services

To provide you with advice dependant on the information you
have given us.

To action a request for access to the services.

To create reporting and analytics on the services.

To anonymise information for reporting purposes to our
customers.

To analyse, audit, provide, operate, administer, maintain,
and improve our business, website, systems, and services.

To undertake product or customer research/ development.

To contact you in the event of a data breach.

Consent/ legal obligation

Contract

Explicit Consent

Legitimate interest

Emails and messages and other communications you may send
us.
Data Subject To enable users to contact the service.

To respond to and deliver customer service.

Consent
Device browser information, Internet Protocol (IP) address,
operating system, and your activity on the Services

information about your visit, including the full Uniform
Resource Locators (URL), clickstream to, through and from
our site (including date and time), products you viewed or
searched for, page response times, download errors, length
of visits to certain pages, page interaction information
(such as scrolling, clicks, and mouse-overs), methods used
to browse away from the page, and any phone number used to
call our customer service number traffic data, location
data, weblogs and other communication data (metric
data
)

Transactional and usage activity on our website and app
(usage data).

Data subject To deliver the services to the user.

To report aggregate information concerning usage of our
websites.

To analyse, audit, provide, operate, administer, maintain,
and improve our business, website, systems, and services.

Contract / Consent

Legitimate interest

Health and medical information provided through your use of
the Services (screening data).
Data Subject To deliver the services to you.

To setup an account in our clinical systems.

To create reporting and analytics on the services.

To anonymise information for reporting purposes to our
customers.

To comply with legal obligations to protect the personal
safety of users of the Services or the public.

Explicit Consent

Legal obligation

Health and medical information provided through your use of
the Services (screening data).

Discharge reports, Risk reports

Anonymised usage reports

These can include:

  • The date you engaged with our service(s)
  • The date of your first session
  • Your next scheduled session
  • The date you are due to finish your sessions
  • Any non-attended/cancelled session details
  • The details of the issue you have presented with
  • Specific services selected
  • Clinical overview
Data subjects (student)/ your organisation Student Assistance Programme Only – To assist your
organization in fulfilling duty of care obligations.
Explicit consent
Photo/ images/ videos/ voice recordings Data subject To deliver the services to the user.

To setup an account in our clinical systems.

Consent
Cookies Data subject To enable our websites, apps and social media platforms to
function correctly.

To personalise content and ads and provide you with a better
experience on our website and social media platforms.

To create reporting and analytics on the use of the websites
and applications.

Legitimate interest

Consent

Customers, Contractors, business partners
Customer name, contact name, role, address, e-mail address,
and telephone number,
Data subject

Customer organisation

To enter into tenders and pre-sales negotiations.

To setup your account in our administration and CRM systems.

To create reporting and analytics on the services.

To communicate with you concerning any enquiries, bookings,
services provided, problems and complaints, and to respond
to any enquiries or requests from you.

To deliver marketing communications.

To analyse, audit, provide, operate, administer, maintain
and improve our business, website, systems, and services.

To contact you in the event of a data breach.

Legitimate interest

Contract

Consent/ Legitimate interest

Legitimate interest

Financial information such as your payment method (valid
credit card number, type, expiration date or other financial
information).
Data Subject To manage billing and payment for the services.

To collect and make payments due and administer our
accounts.

Contract

Your Choices

You can visit the Services without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Spectrum.life Services. Certain information is required to provide individualized services to each user of our mobile application. If you choose not to provide any Personal Data, you will not be able to use our mobile services.

How Long Will You Keep My Personal Data?

We only keep your personal data for as long as is necessary in order to use it as described above for business or legal purposes. We will also retain your personal data as long as necessary to deal with your queries and for as long as you might legally bring claims against us. We will take all necessary steps to ensure that data privacy is maintained for the period of retention. The longest of these schedules is seven (7) years for any clinical data.

How is Your Data Secured?

All our servers are hosted in the European Economic Area (“the EEA”). Depending on the other systems used, some of your data may be processed outside of the EEA (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If we do process data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EU under the GDPR.

Security

Data security is very important to Spectrum.Life, and we are committed to protecting the security of the personal data you share with us or we otherwise process about you. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk. We have attempted to protect Spectrum.Life’s servers by locating them in areas with security procedures, use of firewalls and implementing other generally available security technologies. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of data, but no guarantee can be made that your information and data will be secure from intrusions and unauthorized release to third parties.

Appropriate measures are in place to secure any transfer of data and these procedures are regularly reviewed to align with our security and privacy postures.

All commercial transactions that take place on Our Website are processed through our secure server in order to make every reasonable effort to insure that your personal information is protected. Any transactions that take place on other sites that have links from the Website are not necessarily handled in this fashion. Spectrum.Life disclaims any responsibility for transactions conducted on those sites and cannot vouch for the security of the information submitted in those transactions.

Spectrum.Life has implemented processes intended to protect user information and maintain security of data. Each account holder is assigned a unique user name and password, which is required to access their account. It is your responsibility to protect the security of this login information. Spectrum.Life takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to Spectrum.Life via the Internet.

International Data Transfers

We may transfer your personal data to countries that are not part of the EEA. These are known as “third countries” and may not have data protection laws that are as strong as those in the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within EEA under the GDPR as follows:

  • We will transfer to countries which have been approved as “adequate” by the European Commission.
  • We may use specific contracts with third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR.

Our Disclosure of Your Personal Data and Other Information:

Employee Assistance Program: Is my data shared with my organisation?

We will not share any of your sensitive data with your organisation. Your organisation may receive a company overview report containing only anonymised and aggregated data about the health and wellness of their employees as a whole. Your organisation may receive reports containing identifiable information that indicates that you have registered to use the service. We will never share sensitive information in an identifiable format with your organisation including;

  • Screening data collected by the Service
  • Metric data collected by the Service
  • Activity data tracked by the Service

Student Assistance Program: Is my data shared with my organisation?

In order for Spectrum.Life to assist your educational institution in their duty of care towards you, we do share required information back to your organisation so they may fulfil this purpose. This is only done with your explicit consent, which must be completed before engagement with our services.

Is my data shared with other Parties?

Spectrum.life is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

Group Companies: We may share your personal information with other members of the Spectrum Group for purposes outlined in this Notice. This may include Spectrum Health.

Service Providers: We will share your Personal Data, such as name and e-mail, with service providers who are working with us in connection with the provision of the Website and the operation of the Services. These service providers have access to your Personal Data only to perform services on our behalf and are obligated not to disclose it or use it for any other purposes.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

Agents, Consultants and Related Third Parties: Spectrum.Life, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function. This also includes the necessary information that provide us to process transaction with partners such as, but not limited to Fitbit & Specsavers.

Legal Requirements: Spectrum.Life may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Spectrum.Life, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Our service providers act on Spectrum.Life’s behalf. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU data protection law.

Cookies “Cookies”: are small text files that allow Web sites to store and retrieve information about you from your computer system. Spectrum.Life does serve cookies to track individual site usage for later aggregation. But we do not use cookies in order to retrieve any information from your computer other than information originally sent in a Website cookie, such as a user code. We have no control over whether and how our advertisers use cookies that originate from their website.

Communication from Spectrum.Life: From time to time, we may send you information with announcements and updates about the Website, the Services, and your account. You may elect to opt-out of ongoing e-mail communication from us, such as newsletters, subscriptions, account information, promotional materials, contest results, survey inquiries, etc. by using a simple “opt out” procedure. You need only reply to the communication with the word “unsubscribe” (without the quotation marks) in the body of your e-mail response and your name will be removed from that mailing list. However, if you opt-out of receiving our announcements and updates about your account, you may no longer have access to areas restricted to account members.

Children: The Website and Services are not intended for children under the age of 18 nor does Spectrum.Life knowingly collect personal information from children under 18. Spectrum.Life does not orient the Website or Services toward children or target them as an audience, nor does it screen them from using Spectrum.Life.

Links to Other Sites: The Website provide links and pointers to Web sites maintained by other organizations. Spectrum.Life provides these links as a convenience to users, but it does not operate, control, or endorse such sites. Spectrum.Life also disclaims any responsibility for the information on those sites and any products or services offered there and cannot vouch for the privacy policies of such sites. Spectrum.Life does not make any warranties or representations that any linked sites (or even the Website) will function without error or interruption, that defects will be corrected.

Data Subject Rights

As a data subject, you have the following rights under the GDPR and the UK Data Protection Act, which this Notice and Our use of personal data have been designed to uphold. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to any request you may make if we are relying on any such exemptions.

  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data we hold about you
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to Us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.

In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal obligation to do so. Please note this will have effect on future processing of your personal data only, it does not make data processing before the withdrawal of consent unlawful.

To withdraw your consent, you may send an email to gdprspectrumlife@spectrum.life. If you withdraw your consent, you may no longer be able to use our services.

How You Exercise Your Rights

We will take reasonable steps to update, correct, limit or delete Personal Data in our possession that you have previously submitted via the Services if requested via email to our Privacy team at gdprspectrumlife@spectrum.life.

Filing a complaint

If you have any cause for complaint about our use of your personal data, please contact us using the details below and we will do our best to solve the problem for you.

DPO, Spectrum Wellness Limited, 95 Merrion Square, Dublin 2 Ireland
gdprspectrumlife@spectrum.life.

Please also feel free to contact us if you have any questions about Spectrum.Life’s Privacy Notice or the information practices of the Services.

If we are unable to help, you also have the right to lodge a complaint with:

The Data Protection Commission: Homepage | Data Protection Commission
ICO: Information Commissioner’s Office (ICO)

Updated to the Privacy Notice

The Services and our business may change from time to time. As a result, at times it may be necessary for Spectrum.Life to make changes to this Privacy Notice. Spectrum.Life reserves the right to update or modify this Privacy Notice at any time and from time to time without prior notice. Please review this Notice periodically, and especially before you provide any Personal Data. This Privacy Notice was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Notice shall indicate your agreement with the terms of such revised Privacy Notice.