Life Group/Life Solutions teams have a responsibility to handle the data provided by users through our services and marketing in a secure, efficient and
sensitive way. Most countries have laws which cover data privacy and protection, and Life Design and Life Solutions have a legal duty to comply with these laws as well as a moral responsibility in a duty of care to our users and clients.
Types of data and uses
In the context of Life Group/Life Solutions the, data we collect broadly falls into three types:
Personal Details: for the purpose of maintaining a user database, ongoing user relationship strategies including email newsletters, campaigns and promotions and also for demographic analysis to inform decision-making. This includes:
- Contact e-mail address
- Login credentials – user name and password
- Demographic details where available
- Subscription preferences
- Usage/engagement history
Sensitive personal data: private qualitative information revealed by the client about finance and business. This includes:
- Finance details for payment
- Business plans
- Business log ins for online systems and platforms
Technical Data: for the purpose of enhancing and optimising the user’s experience in the current visit and to inform future site(s) improvements and also to provide metrics for analysis. This includes:
- Browser and device type
- Geo-ip and location- sensitive intelligence
- Click-through tracking
- History and preferences
- Social profiles
Life Group/Life Solutions and our users regarding their personal information.
Principles of Privacy and Data Protection
On top the legal requirements regarding data protection and privacy it is essential that Life Group/Life Solutions uphold the following principles:
Purpose of data
In environments where we provide an account or login for users, there must be a technical facility allowing users to be able to access their account, and to review and edit the personal details held – the SPHR software system owned and developed by Life Group/Life Solutions allows this. Additionally, users may make a request to access information held about them, and it is essential that Managers provide this in co-ordination with the Directors of Life Group/Life Solutions.
Security of access
Only those individuals with a need to use data (for the stated purposes) should have access to the data and visibility of its content. For this reason access to the SPHR administration system must be held securely, with physical and technical mechanisms in place to prevent unauthorised access.
Security of storage, disclosure
Data held within SPHR and it’s approved online systems is held securely. Copies of data should never be made. By copies, we mean, for example, the transferal of data to a temporary storage device such as a USB stick; the transmission of data to another person; or print-outs which reveal personal details or sensitive personal data, or the publishing in the public domain of any such private data.
If for reporting purposes it is desirable to communicate or publish data (e.g. to share a testimony), personal details and sensitive information should be made anonymous in order to respect and protect the privacy of an individual – unless the individual gives express consent for their information to be used in this way.
Data should not be passed on to third parties outside the SPHR system without the consent of the subject. Personal data must never be passed on to a third party for marketing purposes, must never be sold, must never be referred to another organisation for purposes outside the scope of Life Group/Life Solutions.
Opt-ins, opt-outs, unsubscribe, deletion of account.
It is good practice when asking users to supply data, to provide them with the ability to opt-in or opt-out for their data to be used for certain purposes, as given in the descriptions about the purposes for which data is being collected –
Life Group/Life Solutions does this where necessary.
Users should be able to unsubscribe from receiving e-mails or other notifications from us – this facility being offered at the bottom of e-mails as a technical link. Users should also be able to delete and close their accounts if they so wish – we provide technical links on our websites to facilitate this. Where a user requests deletion of their data, we cannot continue to hold their data in any form; we may retain a record that the data once existed (e.g. for statistical or reporting purposes) but the content must be verifiably deleted. Likewise, if there is not a reason for us to be holding personal data, we should not do so.
Robert Fisher, Director of Life Solutions is the data protection ‘officer’ and oversees the practice of privacy and data protection enforcement, and where applicable, as a matter of legal compliance. This role will be additional to the responsibilities of an existing team member.