Privacy Policy - BHI Business Health Institute

Privacy Policy for Business Health Institute

Last updated: June 2026 | businesshealthinstitute.co.uk and unseenload.co.uk

Data Controller	Business Health Consultancy Limited trading as Business Health Institute
Contact	jc@businesshealthinstitute.co.uk

1. Who We Are

This website is operated by Business Health Consultancy Limited trading as Business Health

Institute. We collect, use and are responsible for certain personal information about you. When

we do so we are regulated under the UK General Data Protection Regulation (UK GDPR) and

the Data Protection Act 2018, and we are responsible as data controller of that personal

information for the purposes of those laws.

This privacy policy relates to your use of our websites, including businesshealthinstitute.co.uk

and unseenload.co.uk. Throughout our websites we may link to other websites owned and

operated by certain trusted third parties, each of which will have their own privacy policies.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following personal data:

•Your name and contact details (email address, phone number)

•Your job title and organisational information

•Details of any feedback you give us by phone, email, post or via social media

•Self-reported wellbeing, stress, and nervous system information (via The Unseen Load

and related assessments)

•Psychometric and diagnostic assessment results (including assessments provided via

Afriforte)

•Physiological data including Heart Rate Variability (HRV) measurements collected via

Firstbeat Life monitors, where you participate in a relevant programme

•Payment information, processed securely via Stripe (BHI does not store card details

directly)

•CRM and account records including quotations and correspondence, held in Zoho CRM

•Information about the services we provide to you

3. How We Collect Your Data

•Directly from you: when you make an enquiry, book a service, complete an assessment,

or communicate with us

•Via Zoho CRM: when you interact with our sales or client management processes

•Via Zoom: when you attend a meeting or call with us

•Automatically: through website cookies and basic usage tracking on our websites

4. Why We Use Your Personal Data

We use your personal data to:

•Provide services to you, including assessments, diagnostics, programmes, events, and

coaching

•Manage client accounts, quotations, and communications via Zoho CRM

•Conduct meetings and calls with you via Zoom

•Process payments for our services

•Send you marketing communications where you have given consent

•Customise our website and its content to your particular preferences

•Notify you of changes to our website or services that may affect you

•Meet legal obligations, including safeguarding requirements

•Improve our services

5. Legal Basis for Processing

•Consent: where you have given us clear consent to process your personal information for

a specific purpose

•Contract: where our use of your personal information is necessary for a contract we have

with you

•Legal obligation: where our use of your personal information is necessary to comply with

the law

•Legitimate interests: where our use of your personal information is necessary for our

legitimate interests or those of a third party

6. Special Category Data

Some of the information we collect — including health-related self-reported information,

physiological data, and psychometric assessment results — is special category data under UK

data protection law. We will only collect and process this data with your explicit consent.

7. Use of Artificial Intelligence (AI)

Business Health Institute uses artificial intelligence (AI) tools to assist with research,

documentation drafting, content creation, and general administrative tasks. AI is never used with

client-identifying information. No personal data, client names, organisational identifiers, or

assessment results relating to identifiable individuals are entered into any AI tool. All AI-assisted

work is reviewed and approved by BHI staff before use.

8. Who We Share Your Personal Data With

We will share personal information with law enforcement or other authorities if required by

applicable law. We may also share your personal data with the following trusted third-party

service providers who process data on our behalf:

•Zoho — CRM and business operations platform. Zoho holds client account records,

contact details, quotations, and correspondence, and in some cases health and

assessment-related data. Zoho processes data in accordance with UK GDPR

requirements. Where Zoho chat or tracking tools are active on our website, cookies or

tracking data may also be collected by Zoho in accordance with their own privacy policy.

•Zoom — used for internal team meetings and client-facing meetings and calls

•Stripe — payment processing. Stripe acts as both a processor on our behalf and as an

independent controller for its own fraud prevention and compliance purposes. Please see

stripe.com/gb/privacy.

•Afriforte — provider of psychometric and organisational diagnostic assessments

•Firstbeat Life — provider of HRV physiological monitoring technology

•Formspree — form submission and email delivery

•Anthropic — AI-generated personalised insights via The Unseen Load only (no data

retained beyond your individual request)

•Netlify — website hosting

We do not sell your personal data to any third party.

9. How Long We Keep Your Personal Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected

and to meet our legal obligations. As a general rule, records relating to individuals and

organisations we work with are kept for a minimum of 7 years from the end of the relevant

engagement. Financial and payment records are kept for 7 years in accordance with HMRC

requirements. Where legal or regulatory obligations require us to keep data for longer, we will do

so.

10. Your Rights

Under UK data protection law you have a number of important rights free of charge, including the

right to access your personal data, request corrections, request deletion, restrict or object to

processing, and receive your data in a portable format.

To exercise any of these rights, please email us at jc@businesshealthinstitute.co.uk. We will

respond within one month.

11. How to Make a Data Protection Complaint If you have a concern about how we have handled your personal data, please raise it with us directly in the first instance. We take all complaints seriously and will acknowledge your complaint within 30 days. Contact us by: •Email: jc@businesshealthinstitute.co.uk •Via any of our social media channels If you remain dissatisfied, you have the right to escalate to the Information Commissioner’s Office (ICO) at any time: •Website: ico.org.uk/make-a-complaint •Telephone: 0303 123 1113 •Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Keeping Your Personal Information Secure

We have appropriate security measures in place to prevent personal information from being

accidentally lost or used or accessed in an unauthorised way. We limit access to your personal

information to those who have a genuine business need to know it. We also have procedures in

place to deal with any suspected data security breach. We will notify you and any applicable

regulator of a suspected data security breach where we are legally required to do so.

13. Changes to This Privacy Policy

This privacy policy was last updated on 19 June 2026. We may change this policy from time to

time. The current version will always be available at businesshealthinstitute.co.uk/privacy.

14. How to Contact Us

If you have any questions about this privacy policy or the information we hold about you, please

contact Jackie at jc@businesshealthinstitute.co.uk.