top of page

Privacy Policy.

Effective Date: 01/01/2022
Last Updated: 05/11/2025

​

1. Introduction

Scott Eastwood Wellbeing is committed to protecting the privacy of individuals and ensuring compliance with the Data Protection (Jersey) Law 2018 (“DPJL”) and related regulations. This privacy policy outlines the ways in which we collect, use, protect, and share personal data. It also explains the rights of individuals under the DPJL.

​

2. Controller Details

​

3. Types of Personal Data Collected

We may collect and process the following categories of personal data:

  • Identity Information: Name, title, date of birth, gender

  • Contact Information: Email address, phone number, mailing address

  • Financial Information: Payment details, billing information

  • Special Category Data (if applicable): Racial or ethnic origin, health data, genetic or biometric data, political opinions, religious beliefs, sexual orientation

  • Online Identifiers: IP address, cookies, browsing activity.

​

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes, with corresponding lawful bases under the DPJL:

  1. Service Provision & Contractual Obligations – Necessary to perform contracts with you.

  2. Legal Compliance – To comply with applicable laws and regulatory requirements.

  3. Legitimate Interests – To maintain the safety, security, and efficiency of our services, provided these interests are not overridden by the rights of individuals.

  4. Consent – Where we rely on explicit consent for marketing, communications, or processing special category data.

 

5. Recipients of Personal Data

Personal data may be shared with the following parties:

  • Internal divisions or staff who require access to carry out their responsibilities.

  • External service providers or contractors (e.g., IT, consultancy, payment processors) bound by contractual confidentiality obligations.

  • Regulatory authorities when required by law.

  • For international transfers outside Jersey/EU, appropriate safeguards will be implemented, such as standard contractual clauses.

​

6. Data Retention

Personal data will be retained no longer than necessary for the purposes for which it was collected. Retention periods are determined based on:

  • Legal or regulatory obligations

  • Contractual requirements

  • Business operational needs

  • Safely destroying or anonymizing personal data once no longer required.

​

7. Rights of Individuals

Under DPJL, individuals have the right to:

  • Access their personal data

  • Rectify inaccurate or incomplete personal data

  • Erase personal data in certain circumstances

  • Restrict processing

  • Data portability – receive their data in a machine-readable format

  • Object to processing based on legitimate interests or direct marketing

  • Withdraw consent at any time (for processing based on consent)

  • Complain to the Jersey Office of the Information Commissioner (JOIC) if concerns arise regarding data handling

​

8. Automated Decision-Making and Profiling

Where automated decision-making or profiling is used, we ensure:

  • Transparent disclosure to individuals

  • The right to human intervention, express their views, and contest decisions.

​

9. Data Security

We implement technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, which may include:

  • Encryption and secure storage

  • Access limitations to personnel requiring the data

  • Regular audits and staff training.

​

10. Third-Party Processing

All third parties processing data on our behalf are required to operate under contract with obligations ensuring compliance with DPJL principles, including confidentiality and security measures.

​

11. Breach Notification

In the event of a personal data breach, we will:

  • Assess the impact on individuals and DPJL compliance

  • Notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms

  • Report the breach to the JOIC without undue delay.

​

12. Changes to This Policy

This policy may be updated periodically to reflect changes in our data handling practices, legal requirements, or guidance from the Jersey Information Commissioner. The most recent version will always be available at Jersey Office of the Information Commissioner - Home

​

13. Contact Information

For any questions, requests regarding your personal data, or to exercise your DPJL rights, please contact:
Data Protection Officer: Scott Eastwood
Email: scotteastwoodwellbeing@outlook.com 

​

This template is adapted for DPJL compliance and draws guidance from the Jersey Office of the Information Commissioner, statutory provisions under the Data Protection (Jersey) Law 2018, and best practices outlined in the 2018 legislation.

​

End of Policy

bottom of page