We are committed to ensuring that your privacy is protected, and we comply with the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer in the European Economic Area (EEA). Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this Policy.
Wondrous People Ltd is registered with the Information Commissioner’s Office (ICO) as a Data Controller, registration number: Z1871422.
Wondrous People Ltd may change this Policy from time to time by updating the website. You should check the website from time to time to ensure that you are happy with any changes.
For personal data to be processed lawfully, we must process it on one of the legal grounds set out in the data protection laws.
For the processing of ordinary personal data in our organisation these may include, among other things:
- the data subject has given their consent to the processing;
- the processing is necessary for the performance of a contract with the data subject;
- the processing is necessary for the compliance with a legal obligation to which the data controller is subject; or
- the processing is necessary for legitimate interest reasons of the data controller or a third party
i.e. you are processing someone’s personal data in ways they would reasonably expect it to be processed and which have a minimal privacy impact on the data subject or where there is a compelling justification for the processing.
What information do we collect from you?
Wondrous People Ltd uses your personal data to manage and administer your account/programme and to keep in contact with you for these purposes. If you do not provide personal data we ask for, it may delay or prevent us from providing these services to you.
We may collect the following information:
- name and job title;
- contact information including email address and telephone number;
- basic employment details;
- demographic information such as your region;
- information for technical security monitoring purposes such as your IP address and the version of your browser; and
- Depending on the service we provide to you as an individual or your company, we may also request more detailed information about your employment. For example, the department, function or team you work in, the grade or level of your employment, the length of employment and professional experience and goals.
We may collect personal data in the following ways:
- Data disclosed by the individual directly.
- Data disclosed by an authorised third party (e.g. employer) on the individual’s behalf.
- Data obtained from a linked system or database.
- Data generated through user interaction with systems and/or services.
- Where an individual’s data is provided to Wondrous People Ltd by an authorised third party such as your employer (e.g. programme delegate lists), it is the third party’s responsibility to ensure they have the correct lawful basis in place to share this data with Wondrous People Ltd.
Why do we collect this information?
Under data protection law, we can only use your personal data if we have a proper reason e.g:
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
Wondrous People Ltd will always tell you what we intend to use your personal data we collect from you for. However, the main purpose of collecting your personal data is to provide the service you have requested, or we are contracted to provide in relation to your account/programme e.g. executive or individual coaching, leadership and team development.
We collect this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- To improve our products and services.
- To contact you in response to a specific enquiry.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests. Where we rely on your consent, such as any consent we seek for email marketing, you can withdraw this consent at any time.
Where we process special categories of data e.g. racial or ethnic origin or data concerning health, we will also ensure we are permitted to do so under data protection laws e.g:
- we have explicit consent;
- the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
- the processing is necessary to establish, exercise or defend legal claims.
Who we share your information with and transferring your information out of the UK and EEA
Wondrous People Ltd work with a number of Network Members/Partner coaches and facilitators and your data may be shared directly with any Network Member/Partner that is directly associated with your project/account/programme. In particular, any coaching programmes where sensitive information may emerge during the course of the coaching is bound and held in strict confidence. The lawful basis for collecting this data is covered under our contract with you. Wondrous People Ltd will not supply your data to third parties for marketing purposes.
We only allow third parties to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK/EEA e.g:
- with our service providers located outside the UK/EEA;
- if you are based outside the UK/EEA;
- where there is a European and/or international dimension to the services we are providing to you; or
- to our Network Members in order to provide the services to you.
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:
- the UK government or, where the EU GDPR applies, the European Commission, has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception applies under data protection law.
These are explained below:
We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the “EEA”);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.
Transfers with appropriate safeguards
Where there is no adequacy decision, we may transfer your personal data to another country or international organisation, if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally-approved standard data protection contract clauses. To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us.
Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims.
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
How long do we keep hold of your information?
Wondrous People Ltd will hold your data while you have an account with us or we are providing services to you. Thereafter, we will keep your data for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly; and/or
- to keep records required by law.
We will not keep your data for longer than necessary.
Where data is held by our Partners or third parties, in support of the services we provide to you, they are contractually bound to delete data upon our request, delete data at the end of our contract with them, or to anonymise data after 2 years of receipt.
You have the following rights which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal data|
|Rectification||The right to require us to correct any mistakes in your personal data|
|Erasure (also known as the right to be forgotten)||The right to require us to delete your personal data – in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data in certain circumstances e.g. if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations|
The right to object:
|Not to be subject to automated individual decision making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
To contact us about your personal data and your rights, please contact us at the address below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office (ICO).
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Wondrous People Ltd has a Data Breach Management Procedure in place. A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.
When a personal data breach has occurred, we will establish the likelihood and severity of the resulting risk. If the nature of the data breach requires Wondrous People Ltd to inform the ICO, we will do so within 72 hours of becoming aware of the data breach. If you are notifying us of a data breach, notifications must include: your name and contact details, the date and time of the breach you are reporting, the date and time it was detected and any other information that will help us investigate the issue.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us by email, by writing to us or calling us.
- We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
- You may request details of personal information which we hold about you under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). A small fee will be payable. If you would like a copy of the information held on you, please write to:
Wondrous People Ltd,
201 Borough High Street,
London, United Kingdom,
Candidate Privacy Statement
Why do we collect data about you when you apply for a role at Wondrous?
Wondrous is a private limited company delivering a range of services to support organisations to deliver next-level results through transforming leadership and culture.
We collect information about you when you apply for a permanent, temporary or contract role, or make an enquiry about becoming a Wondrous Partner practitioner (a consultant, coach or facilitator).
Much of the information we hold will have been provided by you, but some may have come from external sources, such as your LinkedIn profile, and comments from your referees.
What information do we collect about you when you apply for a role at Wondrous?
We gather information so that we can make decisions as to your suitability for the role that you have expressed an interest in.
- Your CV and covering letter.
- A copy of your LinkedIn profile (if you have indicated that you have one).
- Details of any qualifications that you have.
- Hand written and electronic copies of interview notes gathered during the process.
- Details of results of any interview tests used, including psychometric profiles
- Copies of written references, or notes of verbal references obtained from referees whose details you have provided to us.
- Details of your proof of right to work in the UK.
- Details of any adjustments you have asked to be made to the recruitment process.
- We do not use automated decision making at any time during the recruitment and selection process.
- Some of the information we collect about you may include Sensitive Personal Data as defined in the Data Protection Act 1998. We will not utilise this data unless we have your explicit consent. If we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
How do we store your information
The security of your Personal Data is very important to us.
We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data. All data will be stored on Wondrous systems based in locations either in the EU or USA within data storage platforms that fully comply with EU data protection laws.
Who do we share your information with?
We may transfer information about you to other companies or independent consultants for purposes connected with your prospective employment or the management of the company’s business.
For example, we may share your information with Clients or Consultants as part of the recruitment process or we may choose to use third party providers to carry out data processing such as testing and referencing.
If we share your information with any external third party we will ensure that they fully comply with the requirements for the handling, storage and security of your data.
How long do we keep your information?
We will retain your information for nine months after the vacancy has been filled and then it will be destroyed, unless you explicitly request for your details to remain on file to be matched to future opportunities.
If you are successful in your application, your details we have gathered will then be used to raise a contract of employment, or a contract for services. You will then be provided with details of how we store and manage your data as an Employee of the company.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.
Wondrous People Ltd. is the controller and processor of data for the purposes of the DPA 18 and GDPR.
If you have any concerns as to how your data is processed you can contact us on +44 (0) 203 817 7625 or firstname.lastname@example.org
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.