GDPR and Personal Data Compliance Statement
or Coaching Programs
At The Wellbeing Group UK, we are committed to ensuring the confidentiality, integrity, and security of all personal and medical data in full compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and applicable privacy laws.

Data Storage & Security
All medical and personal data is securely stored using Nutriadmin, which is GDPR-compliant and retains data within Western Europe, ensuring adherence to legal requirements. No medical data is retained in physical (paper) form; all records are digitally stored within Nutriadmin which employs industry-standard encryption and access controls to prevent unauthorised access. We implement role-based access, ensuring that only authorised personnel can view or process sensitive medical information.

Data Collection & Processing
We collect and process personal and medical data solely for healthcare provision, employee wellbeing in line with legitimate interest and consent-based processing under Article 6 and Article 9 of UK GDPR. Clients and individuals have the right to access, correct, restrict, or request the deletion of their data in accordance with GDPR guidelines. We do not share medical information with third parties without explicit consent unless required by law or in cases where it is necessary for vital interests (e.g., medical emergencies).

Data Retention & Disposal
Medical records are archived and then deleted upon completion of the program. Once the retention period has expired, all data is permanently deleted in a secure and irreversible manner.

Your Rights Under GDPR
Under GDPR, individuals have the right to:
Access and request a copy of their personal data
Rectify inaccurate or incomplete information
Withdraw consent for data processing (where applicable)
Request data erasure (subject to legal and regulatory requirements)
Object to data processing or request data portability

For further details, please contact Alison Wilkins.