Privacy Policy for Business Health Institute

We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, and how to contact us and supervisory authorities in the event you have a complaint.

Who we are

This website is operated by Business Health Consultancy Limited, trading as Business Health Institute. We collect, use, and are responsible for certain personal information about you. When we do so, we are regulated under the UK General Data Protection Regulation (UK GDPR), which applies across the UK and EU, and we are responsible as the ‘controller’ of that personal information.

Our website

This privacy policy relates to your use of our website. Throughout our website we may link to other websites owned and operated by certain trusted third parties. These third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these third-party websites, please consult their privacy policies.

Our collection and use of your personal information

We collect personal information about you when you access our website, contact us, send us feedback, purchase products or services, post material to our website, or complete customer surveys or assessments.

The personal information we collect depends on the activities you engage in and may include:

  • Your name, address and contact details
  • Date of birth
  • Details of any feedback you give us by phone, email, post or via social media
  • Information about the services we provide to you
  • Psychometric or wellbeing assessment data (including health-related data, where applicable)

We use this personal information to:

  • Verify your identity
  • Provide services and assessments to you
  • Customise our website and its content to your preferences
  • Notify you of any changes to our services that may affect you
  • Improve our services

Our legal basis for processing your personal information

Under data protection law, we must have a legal basis for using your personal information. We may rely on the following:

  • Consent – where you have given clear consent (e.g. for processing health-related data such as HRV assessments)
  • Contract – where processing is necessary for a contract we have with you
  • Legal obligation – where processing is necessary to comply with the law
  • Legitimate interests – where processing is necessary for our legitimate interests (e.g. improving services) and your rights do not override those interests

Special category data

We will only collect special category data (such as health data from Firstbeat Life HRV assessments) with your explicit consent.

Who we share your personal information with

We share personal information with trusted third-party service providers where necessary for delivering our services:

  • Ariforte (South Africa): for psychometric assessments.
  • Firstbeat Life (Finland): for HRV and wellbeing assessments (health-related data).

We will also share personal information with law enforcement or other authorities if required by law.
We do not sell your personal data to any third party.

International transfers

  • Finland (EU/EEA): Your information may be transferred to Firstbeat Life in Finland. As Finland is part of the EU/EEA, transfers are permitted under UK GDPR adequacy regulations.
  • South Africa: Your information may be transferred to Ariforte in South Africa. As South Africa is not subject to an adequacy decision under UK GDPR, we ensure that appropriate safeguards (such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office) are in place to protect your data.

 

Data retention

We will retain your personal information only for as long as necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements.

  • Psychometric and HRV assessment data is typically retained for up to 7 years, unless you request earlier deletion.
  • Marketing data will be retained until you withdraw your consent or unsubscribe.
  • Other records are retained in line with our data retention schedule and legal obligations.

Cookies and similar technologies

We use cookies to recognise you and your device and to store information about your preferences or past actions. For more information about cookies, visit www.aboutcookies.org.

Marketing

We may send you information about our services, competitions and special offers where we have your consent or legitimate interest to do so. You can unsubscribe at any time by:

  • Contacting us at [info@businesshealthinstitute.co.uk]
  • Using the “unsubscribe” link in emails or replying “STOP” to SMS messages

It may take up to 14 days for your request to take effect.

Your rights

Under the UK GDPR, you have rights including to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of your data (“the right to be forgotten”)
  • Restrict or object to processing
  • Request transfer of your data to another provider
  • Withdraw consent (where consent was the legal basis for processing)

To exercise these rights, please contact us using the details below and provide proof of identity (e.g. passport or driving licence plus a recent utility bill).

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information being lost, used, or accessed in an unauthorised way. Access to your personal information is limited to staff and trusted partners who have a business need to know. Procedures are in place to deal with suspected data breaches, and we will notify you and regulators where legally required.

How to complain

We hope we can resolve any concerns you raise. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
https://ico.org.uk/concerns/
Tel: 0303 123 1113

Changes to this policy

This privacy policy was last updated on 10/09/2025. We may update it from time to time and will post the revised version on our website.

How to contact us

If you have any questions about this privacy policy or the information we hold about you, please contact us: info@businesshealthinstitute.co.uk