Privacy Policy

1stWellbeing Ltd (‘1stWellbeing’) takes your privacy seriously. This Privacy Notice describes 1stWellbeing’s privacy practices in relation to information that we collect through our website, applications and via other services provided by us offline. This Privacy Notice outlines:

1. Who we are

2. What information we collect about you

3. How we collect the information

4. How we use that information

5. How we share information that we collect

6. How we store and secure information that we collect

7. Your rights as a data subject

8. How you can access and control your information

9. Other important details

 

This Privacy Notice does not apply to the practices of third parties that 1stWellbeing does not own or control.

 

  1. Who we are

1stWellbeing Ltd are the creators of the StudentXP.ai platform.

 

 

  1. What information we collect about you

1stWellbeing collects the following information:

  • Personal Data. “Personal Data” is information that, directly or indirectly, identifies you or another individual and which may include: name, title, company name, job function, expertise, postal address, telephone number, email address, browser and device information (including IP Address), and information collected through cookies and other similar technologies. If you submit any Personal Data relating to other people to us or to our service providers, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
  • Special categories of Personal Data (sensitive data). While 1stWellbeing does not, in general, collect or process many types of special categories of personal data, some wellbeing data collected via the StudentXP.ai application may be considered sensitive data. The StudentXP.ai-specific privacy notice is available within the StudentXP.ai application. 
  • Other Information. “Other Information” is any information that does not and cannot be used to reveal your identity or that of another individual, such as information which has been fully and permanently anonymised. We use this information for other purposes as described below.

 

 

  1. How we collect the information

1stWellbeing collect Personal Data and Other Information in a number of ways:

 

Purpose of collection

Information from other sources:

In order to enhance our ability to provide relevant marketing, offers, and services to you, we obtain information about you from other sources, such as our marketing partners, customers, suppliers, growers, members, regulatory authorities, publicly available websites as well as from other third parties.

Offline:

We may collect information from you offline, such as during on-site visits, during phone calls with our sales representatives, or when you contact us.

From you:

1stWellbeing collects information such as your contact details, location or your preferred means of communication (including email) when you voluntarily provide it. 

Via your browser or device:

Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the site you are using. Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in our server log files whenever you access the website, along with the time of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services, such as Google Analytics. 1stWellbeing may use IP Addresses to calculate usage levels of the web site, to administer the site and to diagnose problems with servers.

Via your use of our applications:

When you download and use our StudentXP.ai application (app), we and our service providers may track and collect app usage data, such as the date and time the app was accessed and what information has been uploaded or downloaded. Please see the StudentXP.ai-specific Privacy Notice, which can be found within the app itself.

Via cookies and other similar technologies:

“Cookies” include commonly used pieces of information in the form of small files that are placed on an individual’s device to enable the individual to more easily communicate and interact with the website. When you visit a website, it can send one or more cookies to your device. These cookies enable us to store information about your device which helps us, amongst other things, to provide you with a good experience when you browse and enhance the level of services and functions provided. Please review our Cookies Policy (which can be found on our website) for more information.

Via recruitment and employment processes

We will process certain personal information about our employees, that we collect during the job interview process, at the start of employment and in the course of employment. We process this personal data to the extent permitted or required under applicable law, for purposes connected with employment, such as human resources, payroll management and administration. 

 

 

  1. How we use that information

We use Personal Data:

 

  • To send information and materials regarding our products and services. To send administrative information such as changes to our terms, conditions, and policies.
  • To send you marketing communications, including via email in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you.
  • To personalise your experience by presenting products and offers tailored to you.
  • For our business purposes, such as data analysis, audits, developing new products, enhancing, improving or modifying our website, applications and services, identifying usage trends, determining the effectiveness of our operations and expanding our business activities.
  • For recruitment and employment purposes, such as staff management, performance review, training records, appointments, removals, personal development and administration.
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Members; (f) to protect our rights, privacy, safety or property, and/or that of our Members, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. We will collect and use your Personal Data where the processing is in our legitimate business interests, such as for sales of our services to prospective Business-to-Business customers. 

 

Our legal basis for processing Personal Data in certain circumstances will be in the instances where we need the Personal Data to perform a contract with you or in order to enter into a contract with you. In some cases, we may also have a legal obligation to collect Personal Data and Special Categories of Personal Data. If we ask you to provide Personal Data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data). 

 

In terms of your data being processed for marketing purposes, your additional consent in advance of this processing would be required.

 

  1. How we share information that we collect

We may pass your personal data on to third-party service providers contracted to 1stWellbeing in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely. When they no longer need your data to fulfil this service, they will dispose of the details in line with 1stWellbeing’s procedures. 

 

1stWellbeing may transfer your personal data to our partners outside of the European Economic Area. [AT1] Where we do so, 1stWellbeing ensures the privacy and integrity of your Personal Data by putting appropriate organisational and technical measures in place to safeguard your information. If you would like more information about the safeguards that are in place in connection with these transfers of Personal Data, please contact us using the contact details in Section 1.9. 

 

We may release Personal Data as we believe necessary and appropriate to law enforcement, tax, fraud prevention, credit risk agencies and other companies and organisations for the reasons given under Section 1.4 above.

 

We use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Data under applicable law, then we would use or disclose it in the same way that we use and disclose Personal Data. In some instances, we may combine Other Information with Personal Data (such as combining your name with the name of your organisation). If that combination permits you to be identified, we will treat the combined information as Personal Data for as long as it is combined.

 

 

  1. How we store and secure information that we collect

We have implemented appropriate organisational, technical, and administrative measures to protect Personal Data within our organisation, including security controls to prevent unauthorised access to our systems. While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorised access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be 100 percent secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the Contact Us section below.

 

  1. Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply, you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
  • Right to complain and judicial review: in the event that 1stWellbeing refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in Section 1.9 below.

 

 

  1. How you can access and control your information

If you would like to access, correct, amend, remove, object or limit the use or disclosure of any Personal Data about you that has been collected and stored by 1stWellbeing, or have it transferred to another organisation, please notify us, using the contact details as outlined in Section 1.9, so that we may consider and respond to your request in accordance with applicable law.

You can opt-out of receiving marketing messages from 1stWellbeing or our business partners by unsubscribing through the unsubscribe or opt-out link in an email or by sending an email to dataprivacy@studentxp.ai[AT2] . We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

For your protection, we only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we need to verify your identity before implementing your request. We will action your request within one month.

Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.

 

 

  1. Other important details

How long 1stWellbeing will retain your Personal Data

Generally, we will not keep your personal data for longer than is needed for the purpose the data was originally collected, including to pursue our legitimate business interests, comply with our legal obligations, resolve disputes and enforce applicable agreements. We have a data retention schedule in place and if you would like to know how long we are retaining your types of data, please contact us using the contact details as outlined in the “Contact Us” section below.

 

Third Party Sites

Some websites, social media and applications permit you to link to other websites on the Internet through direct links or through applications such as “share” or “like” buttons, and other websites likewise may contain links to our sites. The information practices or content of such other websites is governed by the privacy statements of those websites and not by this Privacy Notice. We encourage you to review the privacy policies found on such other websites, services and applications to understand how your information is collected and used by them.

 

Similarly, please note that we are not responsible for the collection, use and disclosure policies and practices (including the data security practices) of other organisations, such as Apple, Facebook, Google, LinkedIn, Microsoft, RIM, Twitter or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including any Personal Data you disclose to other organisations through or in connection with the Apps or the Social Media Pages.

 

Personal data of Children

1stWellbeing does not knowingly or specifically collect information about children under the age of 17 and believes that children of any age should get their parents’ or legal guardians’ consent before providing any Personal Data. If you believe that we have mistakenly or unintentionally collected such information, please notify us at dataprivacy@studentxp.ai so that we can delete the information from our servers.

 

Sensitive (i.e. Special Categories of Personal Data) Information

We ask that you not send us or disclose any sensitive Personal Data (e.g. social security numbers, information related to racial or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the website, applications or via other means.

 

Changes to this Privacy Notice

1stWellbeing may amend this Privacy Notice from time to time. The “date amended” appears at the bottom of this privacy notice and this date indicates when the Privacy Notice was last revised.

 

Contact Us

Your privacy is important to us. If you have any questions, concerns, or complaints regarding the way we collect and handle your information, please contact:

Email:   dataprivacy@studentxp.ai 

 

Because email communications are not always secure, please do not include bank account information or other sensitive (special categories of personal data) information in your emails to us.

 

Your right to make a complaint

1stWellbeing will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

 

You also have the right to complain to a data protection authority about our collection and use of your Personal Data. Their contact details are as follows:

Information Commissioners Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 0303 123 1113

 

 

Privacy Notice – Date Amended: 30 October 2024

 

Cookie Policy

Information About Our Use of Cookies

We believe that our use of cookies is very necessary for the smooth functioning of the website. We do not believe that they pose any threat to your personal privacy or online security and we recommend that you "allow" cookies. If you "disable" cookies the interactive functions of the website will not operate (data-submission via forms, and other features of the website cannot work fully without using cookies).

More Detailed Information

Is this GDPR or PECR?

The original EU legislation that became known as the “E-Privacy Directive“ was published in 2003 and implemented as European Directive - 2002/58/EC then amended by Directive 2009/136/EC that included a requirement to seek consent for cookies and similar technologies. The EU Directive entered UK law on 26th May 2011 as “The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011” often refered to as PECR - and this is still in force today. PECR sits alongside the more widely known legistration GDPR - both are regulated by the Information Commissioner's Office (ICO) www.ico.gov.uk .

What Are Cookies?

A cookie is used by a website to send 'state information' to a Users' browser and for the browser to return the state information to the website. The state information can be used for authentication, identification of a User session, User preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the User's computer.

Cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used to track users' browsing activities which was a major privacy concern that prompted European and US law makers to take action.

Cookies are used by most websites for a variety of reasons - often very practical reasons to do with the operation of the website. However, they are also used to monitor how people are using the website (which pages are visited and how long is spent on each page). Each "visitor session" is tracked even though no effort is made to try to identify them in person.

The new legislation now states that you must be able to opt-out from having cookies stored on their computer.

Cookies That Are Strictly Necessary

"Strictly Necessary" cookies let you move around the website and use essential features. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the internet.

Name Description Expiration
cookieconsent_status This cookie controls whether the "privacy options" tab has been shown to the user. The tab appears only once per session on the first page that the User lands on. 1 year from set/update.

Performance Cookies

"Performance" cookies collect information about how you use our website e.g. which pages you visit, and if you experience any errors. These cookies don't collect any information that could identify you – all the information collected is anonymous and is only used to help us improve how our website works.

Google Analytics

We use Google Analytics to monitor usage of the website. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors (not by name or IP address).

Name Description Expiration
__utma This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. 2 years from set/update.
__utmb This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method. 30 minutes from set/update.
__utmc This cookie is no longer used by the ga.js tracking code to determine session status. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session. Not set.
__utmz This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site. 6 months from set/update.
__utm* Any cookies with this prefix are related to Google Analytics 6 months from set/update.
_gid, _ga* Any cookies with this prefix are related to Google Universal Analytics. This cookie assigns a client identifier by generating a random number to distinguish unique users. It is used to calculate visitor, session and campaign data and is included in each page request on a site. 2 years from set/update.