Privacy Policy


The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Community Wellness Services Ltd places a high importance on information security.

Community Wellness Services Ltd are:

  • Processors for our hosted client data;
  • Controllers of our client and supplier contact information, required to; manage & deliver services under contract; manage customer requests & incidents;
  • Controllers for personnel information in relation to Community Wellness Services employees.

Our Approach

During our journey to GDPR compliance Community Wellness Services has been and is continuing to work very closely with an external advisors to ensure we have the expertise required to implement the legislation requirements accurately and comprehensively.

We view GDPR as a constant programme of works that will require continuous monitoring, management and improvement.

Work streams and actions taken

The table below shows the main activities to ensure compliance:

Requirements Activity
Data Impact Assessments & Data Inventory We have undertaken a review of the data we store, manage, maintain, collect,process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
Customer Contracts  All new clients sign a GDPR ready Master Service Agreement and GDPR ready

Variation Agreements are available for all existing contracts.

Policy Development We are reviewing all our existing policies that have a GDPR link in conjunction with ISO work streams.
Website Data Collection & Consent, Privacy Notice The existing Community Wellness Services Ltd privacy notice has been updated to cover the new GDPR requirement. 
GDPR training and awareness Internal staff briefings and training have been carried out and senior management are aware of their corporate responsibilities.
Supplier & Partner relationships  These are under review to ensure GDPR compliance is satisfactory from our third parties. Where required, GDPR supplier agreements are being completed to ensure that our third party and suppliers are complying with the GDPR.
Technology reviews We are reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
Privacy by Design This now forms a compulsory consideration for all technical design alongside ‘security by design’.
DPO appointment A virtual DPO is in situ with the role shared amongst the Directors at Community Wellness Services Ltd