Legal

Privacy Policy

How WellTechAI CIC collects, uses, stores, and protects personal data across our website, enquiries, and service delivery.

1. Overview

WellTechAI CIC operates www.welltechai.co.uk and related business enquiry channels. This policy explains how we handle personal data when you visit our website, contact us, request a demo or pilot, or otherwise interact with us directly.

We aim to process personal data in line with the UK GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

2. Who We Are

For our public website and direct business enquiries, WellTechAI CIC acts as the data controller. When we provide services to NHS organisations or other customers, those organisations may act as the data controller and WellTechAI CIC may act as a processor under contract.

  • Data Controller: WellTechAI CIC
  • Address: 167-169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom
  • Privacy Contact: info@welltechai.co.uk

3. What Data We Collect

The personal data we collect depends on how you interact with us.

  • Contact and enquiry data, such as your name, email address, organisation, area of interest, and messages you send us.
  • Business relationship data, such as your role, employer, meeting notes, pilot discussions, and procurement-related information.
  • Technical and usage data, such as IP address, browser type, device information, timestamps, and server logs.
  • Customer deployment data, such as account identifiers, conversation content, and wellbeing or health-related data where covered by a customer contract and secure service environment.

4. Why We Collect It

We use personal data only where we have a valid reason to do so.

  • To respond to enquiries, arrange meetings, and send proposals.
  • To configure, support, monitor, and improve our services.
  • To protect the website, detect misuse, and troubleshoot issues.
  • To meet contractual, legal, regulatory, and safeguarding obligations.
  • To send relevant updates or marketing where consent or another lawful basis applies.

5. Lawful Bases for Processing

Under Article 6 of the UK GDPR, we may rely on one or more of the following lawful bases depending on the context.

  • Consent under Article 6(1)(a), for optional marketing, optional cookies, and certain categories of sensitive data where required.
  • Contract under Article 6(1)(b), where processing is necessary to take steps before entering into a contract or to deliver contracted services.
  • Legal obligation under Article 6(1)(c), where we must comply with applicable laws, regulations, or safeguarding duties.
  • Legitimate interests under Article 6(1)(f), for website operations, business administration, relationship management, and fraud prevention where those interests are not overridden by your rights.

6. Health and Special Category Data

Health data is treated as special category data and requires additional protection, including an Article 9 condition where applicable.

Please do not send health records, NHS numbers, or urgent crisis information through our public contact form unless we have explicitly provided a secure channel for that purpose.

7. How We Store and Protect Data

We use organisational and technical controls designed to protect personal data from unauthorised access, loss, misuse, or disclosure.

  • Encrypted transmission where appropriate.
  • Access controls and least-privilege permissions.
  • Password management and audit logging.
  • Monitoring, backup, and secure deletion practices.

No method of internet transmission or electronic storage is completely risk-free, but we work to apply proportionate safeguards.

8. Who We Share Data With

We do not sell personal data. We may share data only where needed for legitimate business, legal, or service-delivery reasons.

  • Service providers and processors such as hosting, email, security, and records-storage providers.
  • Customers or delivery partners involved in the same pilot, programme, or implementation where appropriate.
  • Professional advisers, regulators, courts, or public authorities where required by law or to protect legal rights.
  • Parties involved in a corporate transaction, subject to appropriate confidentiality protections.

9. Data Retention

We keep personal data only for as long as it is reasonably needed for the purpose it was collected, or to meet legal, contractual, or operational obligations.

  • Website enquiries and contact-form submissions: up to 24 months after the last meaningful contact.
  • Marketing preferences: until you unsubscribe or withdraw consent.
  • Business and contract records: for the duration of the relationship and a reasonable period afterward.
  • Customer deployment data: according to the relevant customer contract and applicable regulations.
  • Technical and security logs: for as long as needed for security, diagnostics, and operational resilience.

10. Your UK GDPR Rights

Depending on the circumstances, you may have rights to access, correct, erase, restrict, object to, or request portability of your personal data.

We generally respond within one month, although this can be extended by up to two additional months for complex requests where permitted by law.

  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object.

11. How to Request Deletion

To request deletion of personal data we hold about you, email info@welltechai.co.uk with the subject line Data Deletion Request.

Please include your name, email address, organisation, and a short description of what you would like deleted. We may need to verify your identity before acting on the request.

12. Contact and Complaints

If you have privacy questions or concerns, please contact us first and we will do our best to resolve them promptly.

  • Email: info@welltechai.co.uk
  • Address: 167-169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom
  • ICO: https://ico.org.uk
  • ICO email: casework@ico.org.uk
  • ICO phone: 0303 123 1113

13. Policy Updates

We may update this policy from time to time. When we make material changes, we will update the date on this page and, where appropriate, provide additional notice.