Introduction

This notice applies across all websites that we own and operate and all services we provide, including our online workplace wellbeing products, and any other services we may offer (for example, events or training).

When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply. Check out our terms of use for more information on how we treat your other data.

We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email.

Last updated: 24th May 2018

Here is a summary of the key changes we made on 24th May 2018:

Navigation: We split the privacy notice into clear and defined sections. This should make it more user-friendly and easier to find the information you need.

Robertson Cooper: We have clarified who Robertson Cooper are, and where we are based.

Collection and Use: We’ve provided more information about the ways we collect personal data about you, who we collect that data from, and how we intend to use it.

Sharing: We’ve been more prescriptive about who we share your personal data with.

Security: We’ve restated our commitment to protecting your personal data using appropriate technical and organisational measures.

Data Subject Rights: We’ve set out in more detail all the rights individuals have in relation to their personal data and how those rights can be exercised.

Who are 'we'?

When we refer to ‘we’ (or ‘our’ or ‘us’), that means Robertson Cooper Limited. Our headquarters are in the United Kingdom. Address details for our offices are available on our Get in Touch page.

We provide professional and online service for businesses and their advisors. If you want to find out more about what we do, see the We Create Good Days at Work page.

For the purposes of the The EU General Data Protection Regulation 2018 (GDPR) Robertson Cooper Limited (company number 3360013) are the data controller.

How we collect your data

When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:

Information you provide to us directly through our company website: When you visit or use some parts of our website we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free download, respond to a job application, join us on social media, take part in events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.

Information you provide to us directly through our online platform(s): We may collect and process the following information about you. In each data category we explain what type of data we may collect, explained by concrete examples. Next to it we outline why we collect this type of data and what purposes it is being used for.

What we collect & what we do with it

Robertson Cooper uses contact information to:

Provide the services as an email account is required in order to sign up. We consider this to be a contractual obligation.

Improve the product by requesting feedback from users. We consider this to be a legitimate interest but you still have the right to object.

Support and troubleshooting, if required. We consider this to be a contractual obligation.

Update and inform e.g. to send email reminders, provide release updates and support communications. We consider this to be a contractual obligation.

Robertson Cooper uses demographic information to:

Provide the service by personalising and tailoring the content presented to you. We consider this to be a contractual obligation.

Improve the product by understanding how different demographics interact with the app. We consider this to be a legitimate interest but you still have the right to object.

Support and troubleshooting, if required. We consider this to be a contractual obligation.

If you are part of an organisation account, this information, is presented to your organisation in an aggregated and anonymisedformat for the purpose of identifying patterns and trends across different groups. We require your consent to do this.

Robertson Cooper uses device information and technical characteristics to:

Improve the product by understanding what operating systems and devices we should support as well as the uptake and impact of new product releases. We consider this to be a legitimate interest but you still have the right to object.

Support and troubleshooting, if required. We consider this to be a contractual obligation.

Keep your data safe and secure. We consider this to be a legitimate interest but you still have the right to object.

If you are part of an organisation account, this information is presented to your organisation in an aggregated and anonymisedformat for the purpose of understanding the uptake of the platform(s)across different platforms and new Robertson Cooper releases. We require your consent to do this.

Robertson Cooper uses your questionnaire answers to:

To provide you with a score for wellbeing, health and resilience. They are also used to recommend personal goals and details of your company employee assistance helpline if required. We consider this to be a contractual obligation.

In order to use our platform, you must give permission to process this data as this is a fundamental part of your journey on the app. Opting out will prevent you from continuing with the setup and will require us to delete all your information and your account.

Improve the product by understanding how effective the platform is in improving wellbeing and user engagement with the feature and the platform generally. We consider this to be a legitimate interest, but still require your consent.

Support and troubleshooting, if required. We consider this to be a contractual obligation, but still require consent.

If you are part of an organisation account, this data is presented to your organisation in an aggregated and anonymised format for the purpose of providing insights into overall company wellbeing. We require your consent to do this.

Robertson Cooper uses usage data to:

Improve the product by understanding how frequently users interact with the platform(s). For this purpose we may also conduct a drop-out analysis to understand the context in which users may or may not continue to use the platform(s). We consider this to be a legitimate interest but you still have the right to object.

Support and troubleshooting, if required. We consider this to be a contractual obligation.

If you are part of an organisation account, this information is presented to your organisation in an aggregated and anonymisedformat for the purpose of understanding how popular the platform(s)is, and to drive future engagement campaigns. We require your consent to do this.

Robertson Cooper uses error reporting and logs data to:

Support and troubleshooting if required. We consider this to be a contractual obligation.

Create a more reliable and stable product for our users. We consider this to be a legitimate interest but you still have the right to object.

Keep our servers secure and your data protected. We consider this to be a legitimate interest but you still have the right to object.

Information in connection with a support query is used to:

Provide you with technical support or to answer any questions you may have. We consider this to be a contractual obligation.

Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).

Some of this information is collected using cookies and similar tracking technologies.

Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.

Where we collect personal data, we’ll only process it:

  • to perform a contract with you, or
  • where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
  • in accordance with a legal obligation, or
  • where we have your consent.

If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.

Information we share with third parties

Information in relation to an organisation account

The Robertson Cooper platform(s) were designed for companies, organisations and workplaces, who make the platform(s) available to their employees or members of their organisation. If you have registered to use the platform(s) through a code or other registration credential provided by a company or organisation (“organisation account”) the organisation will have access to aggregated and anonymised usage information. We go to great lengths to make sure that the information shared with your employer or organisation is not personally-identifiable, in fact Robertson Cooper automatically hides the identity of groups with less than 8 members in order to protect the identity of individuals in that group.

The data is used by your employer to inform their wellbeing strategy and understand the uptake of the platform(s)across the organisation.

The consequences are positive and will help your employer create a better working environment for you, and all of their staff. We require your consent to process your information for this purpose.

The following information may be reported to your organisation in an aggregated and not personally-identifiable way:

  • Demographic information (gender, age, department and level) is used to categorise the data, e.g. to compare engagement statistics for different offices.
  • Device and technical characteristics to see the uptake of the platform(s)across different mobile devices and releases.
  • Questionnaire scores to compare baseline and trends across different business units and departments.
  • Usage to understand how many users signed up, and how many users are returning to the platform(s)on a daily basis.

Third party data controllers and processors outside the EEA

In certain areas outlined below we share data with third party recipients who may collect and/or process the data. We do not share data with countries that are not considered “adequate” by EU standards. We only share data with third parties in the US that have signed up to the EU-US privacy shield.

  • Transactional email data- We use a third party provider called DotMailer and APIs to send emails. Information we share with the email provider includes the email address, email analytics data and the content of the email.
  • Customer details – We use a third party provider called ZOHO CRM and APIs to store customer details. Information we share with the CRM provider includes name, the email address, telephone, address job title and role.
  • Web analytics – We use specialised tools and services such as Google Analytics for web usage analytics.

We will not disclose any data to government agencies except where required by law.

Security

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.

Any information users provide to us through our platforms, website or services will be held in our secure servers located in Manchester (UK), which uses state-of-the-art, multi-layered security methods, and in accordance with applicable privacy laws.

We restrict access to the Data to those Robertson Cooper employees or other parties who need access to such Data in order to provide the hosting services. We maintain appropriate physical, electronic and procedural safeguards to protect an individual’s Data. This includes firewalls, individual passwords and encryption. We take all appropriate measures to safeguard an individual’s data against unauthorised or unlawful processing and use, accidental loss, destruction, damage, theft, disclosure or modification and to ensure its integrity.

We do not share sensitive information to any third party without an individual’s specific consent or unless required by law.

Data storage

Your data is stored and processed in Manchester (UK). We use IOMart as our hosting partner, allowing us to access state of the art data centre infrastructure and security facilities. IOMart is ISO 27001 certified.

Retention

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it.

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.

Your rights

It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to privacy@robertsoncooper.com.

You also have rights to:

  • know what personal data we hold about you, and to make sure it’s correct and up to date
  • restrict the processing of your personal data where you have a particular reason for wanting the restriction e.g. while you wait for your data to be corrected. Please let us know by emailing us.
  • withdraw from our products and services or wish to remove the information which we hold about you, Please let us know by emailing us.
  • request a copy of your personal data, or ask us to restrict processing your personal data or delete it
  • object to our continued processing of your personal data

You can exercise these rights at any time by sending an email to privacy@robertsoncooper.com.

If you’re not happy with how we are processing your personal data, please let us know by sending an email to privacy@robertsoncooper.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.

Changes

Robertson Cooper reserves the right to change or update this policy at any time by updating this page. We will also notify users of our product and services via email (registered email address). We encourage individuals to periodically review this page for the latest information on our privacy practices. If the ownership or control of all or part of our Products or their assets changes, we may transfer your information to the new owner.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@robertsoncooper.com or mail Robertson Cooper, Rutherford House, Manchester Science Park, 40 Pencroft Way, M15 6SZ, United Kingdom.

The name of our Data Protection Officer is Barry Williams who can be contacted using the above details.

This Privacy Policy is effective and was last updated on 24th May 2018.