Our Privacy Policy – effective from 4 July 2019

N.ableD’s mission is to empower people with debilitating health conditions or injuries to take back the control of their health and well-being by making long-lasting changes to their current lifestyle and daily routine.

With this website we aim to show you the work we are doing and why, and also protect your privacy and security online. Our services are not directed to people under the age of eighteen (18), and we do not knowingly collect personal information from them.

Our Privacy Policy outlines how we obtain information from you and what we do with it. It also explains the choices you can make to control your privacy during your visit to this website.


1. How we use your information
2. Who may receive your information
3. Your privacy choices
4. Data retention & security
5. Cross-border transfers
6. Third-Party Services
7. Policy updates & contacting us

  1. How we use your information

Here are the ways we might use your information to provide our services. Our legitimate business interests are explained below, alongside examples of how your information may be used for these purposes.  

Screen Shot 2018-10-11 at 18.18.47.png

2. Who may receive your information

a.
Our suppliers, subcontractors and business partners (“service providers”):

We may share information about you with those working within our organisation, such as with directors, subcontractors and employees, on a need to know basis only.  For example, your personal information will only be shared with those specified if they are directly supporting you. For example, your Exercise Therapist, Physiotherapist, Nutritional Therapist, Massage Therapist or Yoga Therapist working on behalf of N.ableD.

We may share information about you with our service providers who process information to provide services on our behalf. We have contracts with our service providers that prohibit them from sharing the information about you that they collect or receive with anyone else or from using such information for other purposes.

b. Your GP/Health Professional 

If you request to have an Initial Assessment with us and you subsequently express your decision to purchase our services, we require a form to be completed by you, which is called a ‘Physical Activity Readiness Questionnaire’ (PARQ). This form requires your Full Name, Date of Birth, Age, Full Address, GP Practice Name and Address, your Telephone Number, your Email address and YES/NO answers provided by you to answer specific health questions. This form also requires your signature along with the date the form was completed. This information provided by you is then passed by you to your GP practice. If you would prefer us to submit this information to your GP on your behalf, then you will need to give us your expressed permission to do so.

A transfer of your personal data to your GP or Health Professional requires your explicit permission in writing.

This above process is required as we cannot provide our service without a health professional consenting that you or the person receiving our service is medically safe to complete an exercise programme in the home, as opposed to in a clinical setting, such as a hospital.

Legal & administrative obligations

We may use and disclose your personal information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:

  • Fraud prevention: We may use and disclose the information we collect from and about our users as we believe necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, privacy, rights, or property of us, our users, or others.

  • Safeguarding your welfare: You agree to your personal information being shared internally within our organisation, such as with directors, officers, members and/or employees, on a need to know basis only. We agree not to disclose any personal information that you may have disclosed to us to any other individual, corporation, or other entity without your prior written consent.  There are circumstances however, when we may need to share your personal information with your local Adult Social Care service if it relates to the safeguarding and promotion of your welfare. 

    Some examples of situations where it would be necessary for us to share your personal information, after having consulted with you first, include: a disclosure or evidence of physical, sexual, financial or serious emotional abuse or neglect; if suicide is threatened or attempted; a disclosure or evidence of serious self-harm, including drug or alcohol misuse that may be life-threatening; evidence of serious mental illness (e.g. psychosis)

  • Law enforcement purposes: If requested or required by government authorities such as law enforcement authorities, courts, regulators, or otherwise to comply with the law (which may include laws outside your country of residence), we may have to disclose information we have about our customers. We also may use and disclose information collected about you in order to exercise or protect legal rights or defend against legal claims.


    3. Your privacy choices
    If you want, you can ask us for the information we have about you and even ask us to delete it all.

  • Accessing or deleting your information

If you would like to request to review, correct, update, suppress, or delete personal information that has been previously provided to us by you, you can contact us by emailing us at info@nabled.org.uk and ask us to specify what personal information we have about you and to delete certain personal information about you from our records, or request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law).

Please let us know what information you would like us to remove from our databases or otherwise let us know what limitations you would like to put on our use of your personal information.  For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your requests consistent with applicable law, and we will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information about you to complete any transactions that you began prior to your request. There may also be residual information that will remain within our databases and other records, but such residual information will no longer be tied to your identity.

Third-party analytics companies & Cookies

We have provided details on the cookies we use and instructions for how you can opt out of these in our Cookies Policy.

4. Data retention & security

We take a lot of measures to protect your personal information. We seek to use reasonable organizational, technical, and administrative measures to protect your personal information within our organization from loss, misuse, unauthorized access or disclosure, alteration and/or destruction. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify our Data Protection Officer using the contact details listed at the end of this Privacy Policy.

We will retain your Personal Information for as long as needed or permitted in light of the purposes for which it was obtained. The criteria used to determine our retention periods include the length of time we have an ongoing relationship with you and provide our services to you, our legal obligations or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

5. Cross-border transfers

Your information may be transferred to countries both inside and outside the European Economic Area (EEA).  This is because our service providers who process information to provide services to us or on our behalf operate in other countries across the world, including the United States.  We have contracts with our service providers that prohibit them from sharing the information about you that they collect or receive with anyone else or from using such information for other purposes.  In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.

Some of the non-European Economic Area countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards, and the full list of these countries is available by clicking the link below:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

6. Third-Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or service to which our services link.  Our inclusion of a link on our services does not imply our endorsement of the linked site or service.


7. Policy updates & contacting us

This policy may change over time. We have included our contact information below but the best way to get in touch with us is via our ‘Contact Us form’ available via our website.

The “Effective Date” at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when we post the revised Privacy Policy on our website.

We welcome questions, concerns, and feedback about this policy. If you have any suggestions for us, feel free to let us know by contacting us.

You can also write to the following address: N.ableD, Charles Lake House, Claire Causeway, Crossways Business Park, Dartford, DA2 6QA

In addition, you may contact our Data Protection Officer at nadine@nabled.org.uk

Please do not include credit card or other sensitive information in your emails or letters to us as email or postal communications are not always secure.

You may lodge a complaint with a supervisory authority competent for your country or region. Please click here http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm for contact information for such authorities.