Last updated:  30 November 2023

Introduction

Welcome to Change Oasis Limited.  We are committed to safeguarding your personal information and comply with current data protection legislation, including General Data Protection Regulation (GDPR).  We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may wish to provide us with personal information such as your name, your organisation name, contact details and how you hear about us, when you register your interest in receiving our newsletter via our website, to attend our events or in asking us to provide the services you require.

This Privacy Policy applies to the use of personal information gathered from our website changeoasis.com, in our correspondence and through provision of our services.

The data controller is Change Oasis Limited (referred to in this policy as “we”,  “us” or “our”).

By using our services or websites, you agree to the terms of this Privacy Policy.  If you do not agree with these terms, please do not use our services or websites. 

If you have any questions about this Privacy Policy or our approach to safeguarding your information, please contact us at hello@changeoasis.com or write to us at the address below.

Our contact details 

Name: Change Oasis Limited

Registered Address: The Stables, Moneys Farm, Bottle Lane, Mattingley, Hampshire, RG27 8LJ, UK 

Postal Address: Woodlands, West Green Common, Hartley Wintney, Hampshire, RG27 8JE, UK

Phone Number: 07717 801205 or 07799 620450

E-mail: hello@changeoasis.com 

What this Privacy Policy covers

We are committed to using best practice and being open and transparent with how we collect, use and protect your personal information.

This Privacy Policy explains:

  • The type of personal information we collect

  • How we get your personal information and why we have it

  • When and why we may share your personal information with other organisations

  • Links to other websites

  • How we store your personal information 

  • How we protect your personal information

  • Data security procedures

  • How long we keep your personal information

  • Your data protection rights

  • Cookies

  • Changes to our privacy policy

  • How to contact us

  • How to make a complaint

This Privacy Policy applies to you if you use our website, if you contact us or we contact you, or if you use our services.

By providing us with your data, you warrant to us that you are over 13 years of age.

Our website contains links to other websites operated by other organisations.  These organisations may have their own privacy and cookie policies and we do not accept responsibility or liability for these websites or online applications.  We encourage you to read the privacy notices on the other websites you visit.

The type of personal information we collect 

We currently collect and process the following information when you use our websites, use our services, purchase a service or book an event:

  • Your personal details, including your contact information (e.g. name, postal address, email, phone number and gender)

  • Your professional information (e.g. your job title, organisation name) 

  • Billing and payment information

  • How you heard about us, the type of enquiry and how we can help you when you interact with us online or browse our website:

  • Information about your online browsing behaviour on our website and information about when you click on one of our adverts (including those shown on other organisations’ websites)

  • Information about devices you have used to access our website or services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

and when you contact us or we contact you, or you take part in online or social media promotions, competitions, surveys or questionnaires about our services:

  • Personal information you provide about yourself anytime you contact us about our Services (e.g. your name, username and contact details), including by phone, email or post or when you speak with us through social media

  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on

  • Your feedback and contributions to customer surveys and questionnaires.

We do not collect any sensitive data about you.  Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data and biometric data.  We do not collect any information about criminal convictions and offences.

How we get your personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You visit one of our websites and consent to our use of cookies

  • You contact us via email, phone or social media 

  • You fill out one of our forms on our websites

  • You wish to attend or have attended, one of our events 

  • You purchase one of our products or services

  • You subscribe to one of our newsletters

  • You complete a customer survey or questionnaire

  • You enter a competition on our website or social media 

  • You have applied for a job with us.

We may also receive personal information indirectly, from the following third party sources such as:

  • analytics providers such as Google based outside the EU

  • advertising networks such as Facebook & LinkedIn based outside the EU

  • search information providers such as Google based outside the EU

  • providers of technical, payment and delivery services such as data brokers or aggregators

  • public available sources such as Companies House and the Electoral Register based inside the EU.

We use the information that you have given us in order to:

  • Deliver our services to you

Your personal details are required in order for us to enter into a contract with you and to provide our services including scheduling sessions, tracking progress and tailoring our services to your needs. In addition, we need to process your personal information to manage any accounts you hold with us including your login details, account history or information you send to us through our website and contact forms (including enquiry forms, job opportunities, contact forms or registration forms).

  • Contact and interaction with you

    • To contact you about our services, by phone, email or post or by responding to social media posts that you have directed at us

    • To manage promotions and competitions you take part in, including those we run with our partners

    • To invite you to take part in and manage customer surveys, questionnaires and other types of feedback

  • Process enquiries, services, orders and refunds

We need to process your personal information so that we can manage your customer accounts, provide you with the services you require and help you with any enquiries, orders and refunds you may ask for.

  • Deliver and improve our website, services, communications, systems and processes

    • To deliver and improve our website we use cookies and similar technologies and online applications to improve your customer experience. For more information, please see our Cookie Policy

    • To develop and improve our services, our websites and the way we communicate with you

    • To detect and prevent fraud and cyber crime we try to provide as safe a service as possible and monitor how our websites and online applications are used to detect and prevent fraud, other crimes and the misuse of services.

  • Provide you with relevant marketing communications relating to our products and services 

We may send you relevant updates and offers about our products and services by email or direct mail, but only if you have previously agreed to receive this type of communication from us.

Our email marketing provider (HubSpot) may transfer data outside of the European Economic Area (“EEA”) and when doing so they ensure that they have adequate levels of protection in place to comply with data protection requirements. We have signed up to HubSpot’s data processing agreement.

You may see online adverts in social media channels or through customised online marketing as a result of showing interest in our products and services. For more information, please see our Cookie Policy.

  • Online advertising may be displayed on our websites and on other organisations’ websites and online media channels. We may measure how well our marketing communications perform in order to ensure we send you relevant information

  • We will ask you to provide us with your preferences to help us send you information that relates to your interests

  • You can update your preferences or unsubscribe from email and direct mail updates via links in emails we send you or by contacting us at hello@changeoasis.com and requesting that your preferences are changed.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Where we need to perform a contract between us

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

  • Where we need to comply with a legal or regulatory obligation

  • Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. Email marketing: If you have received a mailing from us, your email address is listed with us as someone who has expressly shared this address for the purpose of purchasing a product or service from us or receiving information in the future (“opt-in”). We respect your time and attention by controlling the frequency of our mailings. If we collect your information through other promotional activities, we may contact you but only with your permission. You can opt-out of this at any time. You have the right to withdraw consent to marketing at any time by emailing us at hello@changeoasis.co.uk.

When and why we may share your information with other organisations

We may share this information with carefully selected suppliers (e.g. technology and software providers and payment processors).  In some instances this may include working with online marketing providers who place advertising for our services or products on social media channels and other websites and online platforms.

If your personal information is shared with third parties, those third parties are trusted third parties and bound by appropriate agreements as required with us to secure and protect the confidentiality of your personal information.

These third party service providers may have access to your personal information that is needed to perform their functions, but may not use it for other purposes.  When we share personal information with our suppliers we require them to keep it safe, and they must not use your personal information for their own marketing purposes.  We may use service providers who process and store personal information in other countries. See “How do we store your personal information?” below.

We do not share your information with any organisations other than our suppliers unless:

  • We are legally required to do so

  • We are required to do so in order to protect ourselves against fraud

  • We sell our business or any part of our business to another company or organisation who then have the right to use your information in the same way as we have outlined in this Privacy Policy.

Links to other websites

Where we provide links to websites of other organisations, this Privacy Policy does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

How do we store your personal information?

We use leading cloud service providers, principally Apple, Google and Microsoft, and their sophisticated encryption services including Transport Layer Security (TLS) to store and process the data we hold at rest and in transit. Encryption helps to protect emails, chats, video meetings, files, and other data. We check regularly that our cloud service providers comply with relevant laws and requirements in storing your data.

Data is encrypted while it is stored “at rest” and accessed only over secure channels, via trusted and encrypted devices.  In line with EU guidance on supplementary measures, the encryption services provided by our cloud services providers enable any organisation to manage their encryption keys separately from their data in their required geographic location. This ensures that data is indecipherable to cloud services providers and the key management partner, indeed to any third-party (malicious or otherwise), helping to achieve data sovereignty. 

Where you are accessing our website or services from within the  EEA the personal information that we collect or process from you may be transferred to and stored at a destination outside the EEA that may not be subject to equivalent Data Protection Law. Where your personal information is transferred outside the EEA, we will take steps reasonably necessary to ensure that your personal information is subject to appropriate safeguards, such as using encryption and relying on a recognized legal adequacy mechanism that is treated securely and in accordance with this Privacy Policy.

We transfer your personal information:

  • In order to store it

  • In order to deliver our services to you under our contract with you

  • Where we are legally required to do so

  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded that these are not overridden by your rights.

How do we protect your personal information?

We take our responsibility for your personal information very seriously.  Below are some of the measures we take to keep your information safe:

  • We use safeguards such as data encryption when data is in transit through our website and online applications, and when data is at rest

  • We may occasionally ask for proof of identity before we share your personal information with you

  • We require our suppliers to uphold data protection regulations and have appropriate systems and practices in place to safeguard your information.

Data stored at rest is encrypted on both disks and backup media, and for each system a distinct approach for encryption is used to mitigate the corresponding security risks. Our service providers use robust approaches for the distribution, generation, rotation and management of cryptographic keys using industry standard cryptographic algorithms that are in alignment with strong industry practices.

However, whilst we take appropriate technical and organisational measures to safeguard your personal information, please note that we cannot guarantee the security of any personal information that you choose to transfer over the internet to us.

Data Security Procedures

The security of your personal information is important to us. We have technical and organisational security measures in place to safeguard your personal information. 

When using external service providers, we require that they adhere to security standards mandated by us. We may do this through contractual provisions, including any required by a privacy regulator, and oversight of the service provider. Regardless of where personal information is transferred, we take all steps reasonably necessary to ensure that personal information is kept securely.

You should be aware that the internet is not a secure form of communication and sending us any personal information over the internet carries with it risks, including the risk of access and interference by unauthorised third parties. Information passing over the internet may be transmitted internationally (even when sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than in your country of residence.

How long do we keep your personal information?

We retain your personal information in line with our legal and regulatory obligations and for business and operational purposes. The length of time we keep your information will depend on what type of information you have provided and for what purpose. We will not keep your personal information for any longer than is necessary in light of the reason(s) for which it was first collected.

Once your information is no longer required (see below for specific details) we will either delete or anonymise your information (remove all personal identifiable information keeping only information needed for statistical purposes). If it is not possible to delete your information (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Enquiries and form submissions through our website:

If you have made an enquiry, sent us your information or applied for a vacancy through our website we will retain your information on our system until either:

  • You request we stop sending you information, or unsubscribe from any of our mailing lists

  • You do not respond to our checking with you that you wish us to continue contacting you about the service you requested

If either of these conditions are true, we will delete all the information we hold about you from your use of this website.

Your account information:

If you have an account with us we will keep your information until you delete your account.  Any information which is required for statistical analysis and reporting will be anonymised.

Your data protection rights

Under data protection law, you have certain rights regarding the personal information we have about you, including the right to access, correct, restrict and delete your data.  

We encourage you to keep your account information with us accurate and up to date and manage your preferences through the options provided when you are using our services.  If you believe your data is inaccurate or out of date you can contact us at hello@changeoasis.com and request that it is updated.  

You are not required to pay any charge for exercising these rights. If you make a request, we have one month to respond to you.

Cookies

We use cookies and similar technologies, such as tags and pixels, to personalise and improve your customer experience as you use our website. 

Please refer to our Cookie Policy for more details on how we use cookies and similar technologies.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons.  When we make changes, we will revise the “Last Updated” date at the top of this policy.  We encourage you to review the policy periodically.

How to contact us

If you have any questions or concerns about this Privacy Policy, our use of your personal information, or wish to exercise your rights, please contact us at hello@changeoasis.com or write to us at Change Oasis Limited, Woodlands, West Green Common, Hartley Wintney, Hampshire, RG27 8JE, UK.

How to make a complaint

If you are unhappy with how we have used your data, please contact us in the first instance at hello@changeoasis.com or at the above address.  

You can also complain to the ICO at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.  Helpline number: 0303 123 1113.  ICO website: www.ico.org.uk

Agreement to the terms of this Privacy Policy

By using our services or websites, you agree to the terms of this Privacy Policy.  If you do not agree with these terms, please do not use our services or websites.