Health & Balance
Privacy Policy

Supporting you to build and maintain healthy habits.

Privacy Policy

This Privacy Policy sets out the measures and practices we have implemented and adhere to in order to comply with the General Data Protection Regulation (GDPR). Its purpose is to provide a clear outline of the legal requirements, procedures, and rights related to the collection, processing, transfer, and storage of your personal data. By reading this policy and any associated documents, you will have a better understanding of the obligations, responsibilities, and rights afforded to you under data protection laws.


All individuals have the right to know how their personal data is handled. As part of our operations, we need to collect and use information about the individuals with whom we interact, including current, past, and potential employees, clients, and others.We consider the lawful and proper handling of personal data to be essential to our success and to maintaining the trust of those with whom we communicate and work. Therefore, we fully support and comply with the principles of the relevant data protection laws.We are registered with the Information Commissioner's Office as a Data Controller, as required by law.

Definitions in this Privacy Notice

Data Controller: has determined the purposes for which, and the manner in which, your Personal Data is processed. The Data Controller has overall responsibility for compliance with the Data Protection Laws. Any questions about the operation of this Notice or any concerns that the Notice has not been followed should be referred in the first instance to, 50 King Orry Road, Glen Vine, IM4 4FJ .

Privacy Manager: Wendy Ranft-Gerber is the appointed officer who is responsible for awareness-raising, training staff and informing and advising the Data Controller, Data Processors and Data Users how to ensure compliance with the enactments, and to monitor that compliance. She can be contacted at the above address.

Data Processor: Any person or organisation that is not a Data User that processes personal data on our behalf and in accordance with our specific instructions. Our staff will be excluded from this definition but the definition could include suppliers who handle personal data on our behalf.

Data Subjects: All living individuals about whom we hold Personal Data. All Data Subjects have legal rights concerning the processing and storage of their personal information.

Data users: Any subcontractor whose work involves processing your Personal Data. Data users are responsible for the proper use of the data they process and must protect the data they handle in accordance with this Notice.

The Enactments: The Data Protection Act 1998 (the Act) up to and until 25 May 2018 after which The General Data Protection Regulations 2017 (GDPR) will apply, both of which regulate the way in which all Personal Data is held and processed.

Personal Data: Information which can be used to directly or indirectly identify a living individual.

Processing: Any activity in which the data is used, including (but not limited to) obtaining, recording, organising, amending, retrieving, using, disclosing, erasing, destroying, and/or holding the data. The term “processing” also includes transferring personal data to third parties.

Supervisory Authority: The Authorised Body which is empowered to govern and manage how the GDPR is implemented and abided by in a particular EU state. ​In the case of the Isle of Man, the Supervisory Authority is the ​Isle of Man Information Commissioner P.O. Box 69, Douglas, Isle of Man, IM99 1EQ. Telephone: +44 1624 693260  

Sensitive Personal Data: This includes information about a person’s race, ethnicity, political opinions, convictions, religion, trade union membership, physical and/or mental health, and sexual preference. Sensitive personal data can only be processed with the express written consent of the person concerned.

Notice Statment is committed to complying with the six principles of good practice when processing Personal Data in accordance with GDPR. 

These principles state that Personal Data must be:

Processed fairly, lawfully and transparently
Used only for the purpose for which it was collected
Adequate, relevant, and not excessive for the purpose for which it is being processed
Accurate and kept up-to-date
Not kept longer than necessary to fulfill the purpose of its collection
Kept secure and protected from unauthorized processing, loss, damage, or destruction

Fair, Lawful, and Transparent Processing
In order to process Personal Data lawfully, we must have a legal basis for the processing as set out in the Enactments. This may include your written consent or that the processing is necessary for the performance of our contract with you.

If we collect Personal Data directly from you, we will inform you of the purpose or purposes for which we intend to process your Personal Data, the types of third parties, if any, with which we may share or disclose your Personal Data, and the means with which you can limit our processing and disclosure of your Personal Data.

If we receive Personal Data about you from other sources, we will provide you with this information as soon as possible.

Sensitive Personal Data
When sensitive personal data is being processed, additional conditions and safeguards must be in place to ensure protection.

Processing for Limited Purposes

We may also process your Personal Data for our legitimate interests or the legitimate interests of a third party, provided that such processing is not overridden by your rights and interests. Legitimate interests may include managing our business operations, improving our services, preventing fraud and other illegal activities, and protecting our legal rights.We may also process your Personal Data to comply with our legal obligations, such as tax and accounting requirements or requests from government authorities.

We may also disclose your Personal Data to third parties if we are required to do so by law or if we believe that such disclosure is necessary to protect our rights, property, or safety or that of our customers or others.

Adequate, Relevant Non-Excessive Processing

We shall solely gather and handle your Personal Data as necessary to accomplish the designated purpose/s outlined in our contractual agreements with you.

Accurate and up to date data

We will make sure that all Personal Data we hold is accurate and up-to-date. We will check the accuracy of your Personal Data at the time of collection and at regular intervals thereafter. If you notice that any of your Personal Data is incorrect, you have the right to inform us and request that we make the necessary changes. We will take all reasonable steps to correct or erase any inaccurate or outdated data.

Keeping Your Personal Data Secure

We maintain the security of your Personal Data by protecting its confidentiality, integrity, and availability. To achieve this, we adhere to the following principles:

Confidentiality: Only authorised personnel can access your Personal Data.
Integrity: We ensure that your Personal Data is accurate and appropriate for the purpose of its processing.
Availability: Our authorised Data Users have access to your Personal Data only when necessary for authorised purposes. 

We also implement security procedures, such as:

Lockable desks and cupboards, which we keep locked when containing Personal Data.

Proper disposal methods, where paper documents are shredded and digital storage devices are physically destroyed when no longer required.

Adequate training and supervision of Data Users in accordance with this Notice, which includes logging off from or locking their devices when unattended and not displaying confidential information on computer monitors.

Password security, boundary firewalls, and effective anti-malware defences for our computers. We also regularly back up electronic information to restore data in case of disaster and keep our software up-to-date with security patches.

Separating personal data, pseudonymisation, or encoding of the data to protect against unauthorised processing or data loss.

Our Privacy Manager regularly updates this Notice in response to any amendments to the Law.

We take appropriate security measures against unlawful and/or unauthorised processing of Personal Data and against accidental loss or damage to your Personal Data. We only transfer your Personal Data to a Data Processor (a Data User outside our business) if they comply with our procedures and policies or have adequate security measures to protect your Personal Data, in accordance with the Enactments.

Your Complaints

If you feel that your queries or concerns regarding your Personal Data have not been dealt with adequately or that your request has not been fulfilled by us, you can use our complaints procedure by emailing us at