Last updated June 2021
London Wellness Academy is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR).
It applies to everyone who:
- uses our website
- applies through us for roles with our group companies for work onboard spas at sea
- is provided with training by us.
We are responsible for recruiting staff who want to work in spas operated by our group companies onboard cruise ships and we offer training to successful candidates and in connection with that recruitment process and during any training provided to you we will collect personal information from you.
WHO WE ARE
We are World of Wellness Training Limited trading as London Wellness Academy a company incorporated in England and Wales with company number 00580061 and our registered office is at The Lodge, 92 Uxbridge Road, Harrow Weald, Middlesex, HA3 6DQ. In this policy London Wellness Academy is referred to as “we”, “us” or “London Wellness Academy ”.
OUR CONTACT DETAILS
The Data Protection Officer who has been appointed for the group of which we are a member can be contacted by email at email@example.com.
WHAT IS THE PURPOSE OF THIS DOCUMENT?
London Wellness Academy is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent or asked to acknowledge or agree to this policy because you are doing any or all of the following:
- using our website;
- applying for work with one of our group companies for whom we act as a recruiter of staff;
- traveling to our training facilities or to and from vessels;
- attending training offered by us;
- joining or debarking a vessel.
This policy makes you aware of how and why your personal data will be used, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (UK GDPR).
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
In connection with your browsing of our website or applying online we may collect, store and use usage data including how you use our website
In connection with your application for work with our group, we will collect, store, and use the following categories of personal information about you:
- The information you have provided on our application form, including your name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, passport nationality.
- Information provided to us by a recruitment agent on your behalf including the information listed above and any curriculum vitae and covering letter.
- Any information you provide to us during an interview.
- The results of any tests you undertake as part of the application or training process in order to determine the skills that you have
We may also collect, store and use the following “special categories” of more sensitive personal information:
Information about your health, including any medical condition, health and sickness records and in particular the information necessary for undertaking the checks necessary for a Pre Employment Medical Examination Certificate.
- Information about criminal convictions and offences.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about candidates from the following sources:
- You, the candidate.
- Recruitment agencies where your application is forwarded to us from a recruitment agency.
- Medical practitioners in respect of your application for a Pre Employment Medical Examination Certificate.
HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to, most commonly we will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for a role at an onboard spa with one of our group companies.
- Communicate with you about the recruitment process.
- To offer and provide training at our training academy to you and to record whether you have successfully fulfilled the training requirements.
- Provide your details to our group companies for the purpose of our group companies employing you for a role in one of their onboard spas.
- Provide your details to the cruise lines on whose ships our group companies operate to comply with legal or contractual requirements. Those obligations include legal requirements to provide your name, nationality, passport details, and medical information to the cruise lines on whose vessels you will work.
- To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To use data analytics to improve our website, services, marketing, candidate relationships and experiences
- Comply with legal or regulatory requirements.
It is in our legitimate interests to decide whether to recruit you for the purposes of providing you with training since our business is the recruitment and training of staff for onboard spa roles with our group companies and it is beneficial to our business and that of our group companies for us to train staff who can on successful conclusion of training be employed by our group companies to provide onboard spa services.
Necessary for our legitimate interests (to define types of candidates, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, and in the context of a business reorganisation or group restructuring exercise)
We also need to process your personal information to decide whether to recommend to our group companies that they recruit you and once you are recruited by a group company in order for them to carry out a contract of employment with you it will be necessary for us to provide the personal information that cruise lines require in respect of all staff who work onboard their vessels.
Having received your application form we will then process the information received to decide whether you meet the basic requirements to be invited for an interview. If you are invited for an interview we will use the information you have provided and the results from any aptitude test that you take to decide whether you meet the requirements to be offered training at our training academy. If you are offered and you accept training with us we will use the information you have provided to us to provide you with training, to assess whether you have satisfied the training requirements and to recommend to our group companies whether you should be offered work.
Generally, we do not rely on consent as a legal basis for processing your personal data.
IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications, medical certificate or work history), we will not be able to process your application successfully. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further. If you fail to provide the information or refuse to let us provide your information to a cruise line on whose vessel you are to work our group company who employs you would be unable to continue your employment as employment is conditional on the cruise line being provided with information it requires from us by law and contract.
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
We will use your particularly sensitive personal information in the following ways:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
- We use information about your health particularly with regard to whether you have been issued with an Employment Medical Examination Certificate or not to determine whether we can offer training to you and if your training commences before you have obtained an Employment Medical Examination Certificate then in order to decide whether you can successfully complete your training on the basis of the requirement to have an Employment Medical Examination Certificate in order to have successfully completed your training
INFORMATION ABOUT CRIMINAL CONVICTIONS
We envisage that we will process information about criminal convictions as we are required by the cruise lines for who we operate spas to obtain certain information from you in respect of your criminal convictions history to ensure that there is nothing which makes you unsuitable for a role onboard a cruise ship and in order that we can confirm to the cruise line that this is the case. All information in respect of criminal convictions is treated by us as sensitive personal information and we ensure that the persons in our organisation with access to that information is limited to only those persons who have a need to know it.
We do not provide the details of your conviction history to the cruise lines where we consider your conviction history will make you unsuitable for a role onboard unless we have warned you we consider you are unlikely to be able to work onboard and we have obtained your agreement to share this information with the cruise line. The information you provide to us will be used by us to confirm to the cruise line that you meet their requirements for a role onboard.
Additionally we store this information separately to other information we hold in respect of you in order to ensure that we can limit access to this information to only those persons who have a need to know or access it. We review our storage and retention policies in respect of documents and data from time to time and in doing so we consider and will continue to consider whether the measures we have taken to keep this information secure could be improved.
By agreeing to this policy you are consenting to the processing of information about your criminal convictions as described above.
If you want to check what information we hold with regard to your criminal convictions history or to request we delete the information we hold please contact us at firstname.lastname@example.org.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Sharing of personal information with third parties
Our group of companies are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERS OUTSIDE THE UK
We share your personal data within the corporate group of which we are part and also may need to transfer your personal data to cruise lines as described above in this policy. This will usually involve transferring your data outside the UK.
Whenever we transfer your personal data out of the UK including to our group companies, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to
provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in
the UK which give personal data the same protection as it has in the UK.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for if my application/training is unsuccessful?
Where our system declines your application immediately on receipt of your online application your information will be automatically deleted and is not retained by us.
Where your application is declined other than as set out above or if you do not successfully complete your training with us we will retain your personal information for a period of six (6) months after we have communicated to you our decision about whether to accept you as a candidate for training or after we have communicated to you that you have not successfully completed your training. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.
How long will you use my information for if I am successful?
We will retain your personal information for so long as you remain an employee of a group entity and for further seven (7) years after termination of your employment. We retain your personal information for that period so that we can comply with our regulatory obligations including in respect of Maritime Labour Convention and/or tax laws to which we are subject. After this period, we will securely destroy your personal information in accordance with our data retention policy.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your rights in connection with personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data, However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at firstname.lastname@example.org in writing. We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests, in this case, we will notify you and keep you updated.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in those circumstances.
DATA PROTECTION OFFICER
The corporate group of which we are a part has appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at email@example.com. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.