Privacy Policy for Coachees With Cancer

At Working With Cancer® (WWC), we are committed to protecting the personal information that we obtain. We understand that when you engage with our coaching and training services, you are entrusting us with confidential information, and we take that responsibility seriously. This privacy policy explains how we process your personal information when providing our services.

If you have any questions or comments, please contact us at: admin@workingwithcancer.co.uk.

1. Who we are

Working With Cancer® (WWC) is a UK-based organisation registered in England. For data protection purposes, we may act either as a “data controller” or a “data processor”, depending on the circumstances.

• When we decide the purpose and means of processing your personal data, we act as a data controller and comply with all applicable laws, including the UK GDPR, the EU GDPR (where applicable), and the UK Data Protection Act 2018.

When we provide services at your employer’s request, your employer is the data controller and WWC acts as a data processor, following their instructions.

2. What personal information we collect and why

We collect and process the following categories of data for the purposes listed below:

• Providing coaching and training services
  Categories of Data: Identity Data (name, date of birth, gender, etc.), Contact Data, Session Content, Health Data – Contractual necessity (Article 6(1)(b));
  Lawful Basis: Explicit consent for health data (Article 9(2)(a))
• Managing referrals from third parties (e.g., employers, charities, clinicians)
  Categories of Data: Identity and Contact Data, Referral Details
  Lawful Basis: Consent or Legitimate Interests (Article 6(1)(a)/(f))
• Responding to your enquiries
  Categories of Data: Name, Email, Enquiry content
  Lawful Basis: Legitimate Interests (Article 6(1)(f))
• Marketing our services
  Categories of Data: Contact details
  Lawful Basis: Legitimate Interests (Article 6(1)(f)); or Consent where required

We do not use your personal information for automated decision-making or profiling.

Special Category Data: Your Health Information

We may process information about your health (such as your cancer type and treatment) that you share with us. This is a special category data and we will only process it with your explicit consent, in line with Article 9(2)(a) GDPR.

3. Sharing your personal information

We will keep your information confidential. However, we may share your data in the following situations:

• With our contracted coaches, under strict confidentiality agreements.
• With IT service providers and cloud storage providers (e.g. for email and document storage), under data processing agreements.
• With professional advisors (e.g. legal or accounting), only where necessary and under confidentiality.
• Where required by law, such as for government bodies, law enforcement, fraud prevention, or legal proceedings.
• In the case of a merger, acquisition, or sale, where you will be notified of any change in ownership or control.

We will never sell your data to third parties.

4. Your rights under data protection law

You have the following rights under the GDPR and UK data protection law:

• Access: to request a copy of your personal data.
• Rectification: to have inaccurate data corrected.
• Erasure: to request deletion of your data (the “right to be forgotten”).
• Restriction: to ask us to stop processing in certain circumstances.
• Portability: to request your data in a machine-readable format.
• Objection: to object to processing based on legitimate interests.
• Withdraw Consent: to withdraw your consent at any time.
• Lodge a Complaint: contact the Information Commissioner’s Office (ICO) or your local supervisory authority in the EU.

To exercise your rights, please email us at: admin@workingwithcancer.co.uk

If we cannot resolve your concerns, you can contact the ICO: https://ico.org.uk/concerns

5. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes outlined in this policy and to meet legal or regulatory requirements.

Specifically:

• Coaching notes, emails, and completed questionnaires will be kept for up to 2 years after our coaching relationship ends.
• After this, your data will be deleted or anonymised (retained in aggregated form for reporting or evaluation purposes).

6. Data security

We take appropriate technical and organisational measures to protect your data, including:

• Password protection for all devices and email accounts.
• Storing physical notes and records in secure, locked locations.
• Regular staff and coach training on data protection.
   

While we work hard to secure your data, no system is 100% secure, and we encourage you to take precautions when communicating with us electronically.

7. International Data Transfers

We do not transfer personal information outside the UK or EEA. If this ever changes, we will update this policy and ensure appropriate safeguards (e.g., Standard Contractual Clauses).

8. Updates to this policy

We may update this privacy policy from time to time. If significant changes are made, we will notify you directly where appropriate.