Contact

Privacy Policy

Sanctus privacy policy

This privacy policy is entered into by and between Sanctus London Limited and “the client” whereby Sanctus agrees to provide Sanctus coaching for the client within the client.

Definitions

“the coachee” – the individual attending a coaching session within the client.

“the client” – the employer providing Sanctus coaching as a benefit to its employees (“clients”).

“the Sanctus coach(es)” – the coaches providing coaching services via Sanctus.

“Sanctus” – the organisation in relationship with the client to provide the Sanctus coaches and their coaching services to the coachees.

Nature of the relationship

Sanctus (Sanctus London Limited) holds a relationship with the client to provide Sanctus coaching to its staff.

Sanctus has a team of Sanctus coaches who are self-employed contractors with Sanctus who deliver Sanctus coaching within the client.

Via Sanctus’ relationship with the client, Sanctus coaches offer coaching services to staff members (the coachees).

  1. Introduction

We are committed to safeguarding the privacy of our coachees.

This policy applies where we are acting as a data controller with respect to the personal data of our coachees – in other words, where we determine the purposes and means of the processing of that personal data.

In this policy, “we”, “us” and “our” refer to Sanctus London Limited and “you” and “your” refers to each coachee. Credit: this document was created using SEQ Legal (https://seqlegal.com/).

  1. Purpose of data collection

We collect and process your feedback to better understand your experience, identify areas for improvement, and maintain the quality of our services. Occasionally we may reach out to you to clarify or discuss your feedback.

  1. How we use your personal data

In this section we have set out:

(a) the general categories of personal data that we may process;

(b) the purposes for which we may process personal data; and

(c) the legal bases of the processing.

3.1 We may process data about your use of our services (“usage data”). The usage data may include information on your timing, frequency and pattern of your service use. Usage data is anonymised and will not include your personal details. The source of the usage data is our online Sanctus booking system, which is powered by Calendly – you can view their privacy policy here: https://calendly.com/privacy.

This usage data may be processed for the purposes of analysing the use and frequency of Sanctus coaching. The legal basis for this processing is consent and our legitimate interests – namely monitoring and improving our services, particularly in discussions with the client around overall usage of Sanctus. We balance this interest with your rights and freedoms, and you may object to this processing at any time.

3.2 We may process your account data (“account data”). The account data includes your name and email address. The source of the account data is your booking via the Sanctus online booking system, powered by Calendly (see link above). The account data may be processed for the purposes of: a) the coaches communicating directly with you, b) sending you relevant information regarding Sanctus coaching, c) if our coaches apply for coaching credentials and include their coaching hours with you (see Terms of Use section 6 on “Release of Information”). The legal basis for this processing is consent and our legitimate interests, namely the coach receiving relevant credentials from their regulatory body for coaching sessions conducted through Sanctus.

3.3 Where we have obtained specific consent from you, we may process information that you post for publication on our website or through our services (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering our website and services.

3.4 We may process information relating to our client relationships, including customer contact information and content data (“customer relationship data”). The customer relationship data may include your name, email address and records of information contained in communications and discussions between you and the coach within your sessions. The source of the customer relationship data is the discussions between you and the coach. The customer relationship data may be processed for the purposes of the coaches’ training, supervision, mentoring, evaluation and professional development. It will not be used by Sanctus or the client for commercial purposes. The legal basis for this processing is your consent by entering into our terms of use and our legitimate interests, namely the proper management, quality and safeguarding of coaches and coachees.

3.5 We may process information that you provide for subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you relevant notifications and/or newsletters. The legal basis for this processing is explicit consent.

3.6 We may process information contained in or relating to any communication you send us (“correspondence data”). The correspondence data may include the communication content and metadata. Our website and email provider (Google) will generate the metadata. The correspondence data may be processed for communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely proper administration of our business and responding to queries.

3.7 We may process any of your personal data identified here where necessary for the establishment, exercise or defence of legal claims, whether in court or in administrative or out-of-court procedures. The legal basis is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and those of others.

3.8 We may process any of your personal data where necessary for obtaining or maintaining insurance coverage, managing risks or obtaining professional advice. The legal basis is our legitimate interests, namely protecting our business against risks.

3.9 We may also process any personal data necessary for compliance with a legal obligation, or to protect your vital interests or those of another natural person.

3.10 Please do not supply any other person’s personal data to us unless we prompt you to do so.

  1. Providing your personal data to others

4.1 We may disclose your personal data to any member of our group of companies (our subsidiaries and holding company) insofar as reasonably necessary for the purposes set out in this policy and to send you marketing communications, unless you have opted out of receiving such communications.

4.2 We may disclose your personal data to subprocessors insofar as necessary to provide our services.

4.3 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for insurance coverage, coaching credentials, managing risks, professional advice or legal claims.

4.4 We may also disclose your personal data where necessary for compliance with a legal obligation or to protect vital interests, including for legal claims.

  1. Data security

5.1 Sanctus is based in the UK. If you are outside the UK, your data will be transferred into the UK and the EU where our cloud servers are hosted.

5.2 We may share your personal data with third-party service providers, agents and contractors (for example, electronic data storage and user support providers) to deliver our services. They are subject to confidentiality requirements and will only use your data as described here.

5.3 We may transfer and store your personal data outside the European Economic Area (“EEA”). It may be processed by staff operating outside the EEA who work for our affiliates or suppliers.

5.4 Where we transfer your personal data outside the EEA, we will ensure it is protected consistently with EEA standards. This may include:

  • transferring to countries approved by the European Commission;
  • using model contractual clauses approved by the European Commission;
  • other measures to ensure compliance with relevant data protection laws.

5.5 You can obtain details of protections for transfers outside the EEA (including our standard data protection clauses) by contacting us as set out in 11.4 below.

5.6 We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this policy.

5.7 We have implemented appropriate security safeguards in line with industry standards. Access to your data on the platform is password-protected and we use authentication and encryption. However, the internet is not 100% secure, so we cannot guarantee that information you transmit will not be accessed, disclosed, altered or destroyed. Emails, instant messaging and similar are not encrypted, so please avoid sending confidential or financial information via these channels.

  1. Retaining and deleting personal data

6.1 This section sets out our data retention policies and procedures to ensure compliance with legal obligations.

6.2 We will not keep personal data for longer than necessary.

6.3 We will retain your personal data as follows:

(a) usage data: as long as required for Sanctus’ legitimate business purposes;

(b) account data: for the duration of our relationship with the client and for one year after it ends;

(c) publication data: until you request its removal;

(d) notification data: until you change your notification settings;

(e) correspondence data: in line with personal record-keeping practices.

6.4 We may retain data longer where required for legal obligations or to protect vital interests.

  1. Amendments

7.1 We may update this policy by publishing a new version on our site and within the Sanctus online booking system.

7.2 You should check this page occasionally to stay informed of changes.

7.3 Where we have an ongoing relationship with the client, we will notify them of significant changes by email.

  1. Your rights

8.1 This section summarises your rights under data protection law. For full details, consult the relevant laws and regulatory guidance.

8.2 Your principal rights under data protection law are:

(a) the right to access;

(b) the right to rectification;

(c) the right to erasure;

(d) the right to restrict processing;

(e) the right to object to processing;

(f) the right to data portability;

(g) the right to complain to a supervisory authority; and

(h) the right to withdraw consent.

8.3 You have the right to confirm whether we process your personal data and to access it, along with details of purposes, categories and recipients. We will supply a copy, subject to others’ rights.

8.4 You have the right to have inaccurate data corrected and incomplete data completed.

8.5 You may request erasure in certain circumstances (data no longer necessary, withdrawal of consent, unlawful processing, direct marketing). Exclusions apply for legal compliance, claims, freedom of expression, etc.

8.6 You may request restriction of processing in circumstances such as contesting accuracy, unlawful processing, or pending objection. We may store but only otherwise process with consent, for legal claims, rights protection or public interest.

8.7 You may object to processing based on public interest or legitimate interests. If you object, we will cease unless we demonstrate compelling grounds or for legal claims.

8.8 You may object to processing for direct marketing, including profiling – we will cease if you do so.

8.9 You may object to processing for research or statistical purposes unless necessary for public interest.

8.10 Where processing is by automated means based on consent or contract, you have the right to receive your data in a structured, machine-readable format, subject to others’ rights.

8.11 You have the right to lodge a complaint with a supervisory authority in your EU member state of residence, work or alleged infringement.

8.12 You may withdraw consent at any time without affecting prior lawful processing.

8.13 You may exercise your rights by written notice in addition to other methods in this section.

  1. About cookies

9.1 Our website and apps use cookies to distinguish you from other users, enhance your experience and improve our site.

9.2 A cookie is a small file of letters and numbers stored on your browser or device if you agree. Cookies transfer information to your device’s hard drive.

  1. Cookies that we use

10.1 We use the following cookies:

10.1.1 Strictly necessary cookies – required for our website’s operation, for example enabling secure area logins.

10.1.2 Analytical/performance cookies – allow us to count visitors and see how they move around our site, helping us improve usability.

10.1.3 Functionality cookies – used to recognise returning users and remember preferences (for example, language or region).

10.2 You can block cookies via your browser settings, but blocking essential cookies may prevent access to parts of our site.

10.3 Except for essential cookies, all cookies will expire after a period appropriate to their use.

  1. Our details

11.1 This website is owned and operated by Sanctus.

11.2 We are registered in England and Wales under registration number 10430289, and our registered office is at Work.Life Soho C/O Sanctus, ground floor, Waverly House, 9 Noel Street, London W1F 8GQ.

11.3 Our principal place of business is at the same address.

11.4 You can contact us:

(a) by post to the address above; (b) by email at hello@sanctus.io.

Posted in | Comments Off on Privacy Policy