7Futures

Privacy Notice

Introduction

7Futures is committed to protecting your personal information and respecting your privacy.

This Privacy Notice explains:

who we are;
what personal information we collect;
how and why we use it;
who we may share it with;
how long we retain it;
your rights; and
how to contact us or the Information Commissioner's Office if you have a concern.

Where 7Futures acts as the data controller, the controller is:

7Futures Limited
Riverside House
1-5 Como St
Romford
RM7 7DN

7Futures Limited is registered with the Information Commissioner's Office under registration number ZA386013.

In this notice, the term client organisation means an organisation that contracts with 7Futures to receive our services.

Who we are

7Futures is a UK-based provider of resilience, performance, wellbeing, MSK, manual-handling and related services and programmes.

We are engaged by organisations to deliver events, workshops, consultations, assessments and other services for their employees or other participants.

Depending on the particular service and processing activity, 7Futures may act either as a data controller or as a data processor on behalf of a client organisation.

We act as a data controller where we determine why and how personal information is used. This includes participant health and safety information collected directly through our forms.

We may act as a data processor where we handle personal information solely on the documented instructions of a client organisation.

Data-protection principles

We are committed to being transparent about how we collect and use personal information and to meeting our obligations under data-protection law.

We will ensure that personal information is:

used lawfully, fairly and transparently;
collected for clear and legitimate purposes;
not used in a way that is incompatible with those purposes;
relevant and limited to what is reasonably necessary;
accurate and, where appropriate, kept up to date;
retained only for as long as it is reasonably required; and
protected through appropriate security measures.

Scope of this notice

This notice is intended primarily for:

participants attending 7Futures events or sessions;
employees and other individuals whose details are provided by client organisations;
client contacts;
prospective users of our services; and
other individuals whose personal information we process in connection with our work.

Our website also has a separate Cookie Policy.

Our lawful bases for using personal information

We must have a lawful basis whenever we process personal information.

Depending on the purpose, we may rely on the following lawful bases.

Consent

We may rely on consent where you have made a genuine, informed and voluntary choice for us to use your personal information for a specific purpose.

Legitimate interests

We may rely on our legitimate interests where processing is reasonably necessary to:

organise and deliver our services;
communicate with client contacts and participants;
administer events and appointments;
respond to enquiries;
protect our systems, people and business;
maintain appropriate business and safety records; or
manage our professional and commercial activities.

We will not rely on legitimate interests where your rights and interests override our reasons for processing the information.

Contract

We may rely on contract where processing is necessary to perform a contract directly with you or to take steps at your request before entering into a contract.

Legal obligation

We may process personal information where this is necessary to comply with a legal obligation.

Vital interests

In an emergency, we may process or share information where this is necessary to protect someone's life.

Where we process personal information solely as a data processor, the relevant client organisation is responsible for identifying the lawful basis and instructing us how the information should be processed.

Information provided by client organisations

Client organisations may provide 7Futures with personal information about employees, delegates, attendees or other participants.

This information may include:

name;
work contact details;
email address;
telephone number;
department;
job title;
location;
age or age group;
gender, where relevant; and
event or appointment details.

The client organisation is responsible for ensuring that it has a lawful basis for providing this information to us. 7Futures will also process the information in accordance with its own responsibilities under data-protection law.

Where we process the information solely on the client organisation's documented instructions, we act as its data processor.

Where 7Futures uses the information as a controller to organise and deliver the commissioned service, our lawful basis will normally be our legitimate interests in administering the event, communicating with participants and delivering the service requested by the client organisation.

We may use this information to:

issue invitations;
arrange appointments;
provide joining instructions;
distribute relevant forms or resources;
manage attendance;
respond to participant enquiries;
provide post-event information;
issue feedback surveys; or
provide other communications connected with the service.

We may communicate by email, telephone, text message, letter or through an agreed client platform or intranet.

Information provided directly by individuals

We may receive personal information directly from individuals who:

register for an event;
complete an enquiry or booking form;
attend one of our sessions;
complete a participant safety form;
book a consultation or assessment;
request further information;
complete a feedback survey; or
otherwise communicate with us.

This may include:

name;
date of birth or age;
contact details;
email address;
event or appointment information;
feedback;
information provided in correspondence; and
health, wellbeing or participant safety information where relevant.

Health, wellbeing and participant safety information

Where our services include health, wellbeing, movement, MSK, soft-tissue, physical activity, biometric measurement, body composition, blood pressure, grip strength, lifestyle or similar activities, we may ask participants to provide relevant health or safety information.

We collect this information to help us:

deliver the service safely and appropriately;
decide whether participation may need to be modified or restricted;
identify information that a relevant practitioner may need to know;
respond appropriately if a participant becomes unwell; and
investigate and manage an incident, complaint or safety concern.

We collect only the information we reasonably need for these purposes.

Providing health and participant safety information is voluntary. However, where a safety form is required for a particular physical, practical or hands-on activity, we may be unable to allow you to take part in that element without sufficient information to make a safe participation decision.

Where appropriate, you may still attend, observe or participate in other elements of the event.

Explicit consent for health information

For the ordinary personal information contained in our participant safety forms, we rely on your consent under Article 6(1)(a) of the UK GDPR.

Because health information is special-category personal data, we also rely on your explicit consent under Article 9(2)(a) of the UK GDPR.

You provide this consent by reading the separate consent declaration on the relevant form and confirming your agreement before submission.

Participation is voluntary and 7Futures is independent of your employer. Declining to provide consent will not affect your employment, although it may mean that you cannot take part in a particular physical, practical or hands-on element.

You may withdraw your consent at any time by contacting our Privacy and Data Protection Lead using the details at the end of this notice.

Withdrawal will not affect the lawfulness of processing carried out before your consent was withdrawn.

We will stop processing and delete the relevant health information unless limited retention is necessary under another lawful basis and applicable special-category condition, for example to comply with a legal obligation or to establish, exercise or defend legal rights.

Sharing personal information

We do not sell personal information.

We share personal information only where this is necessary for the purposes described in this notice.

This may include sharing information with:

authorised 7Futures team members;
associates, contractors and practitioners delivering services on our behalf;
client organisations, where appropriate and lawful;
contracted technology and business-service providers;
professional advisers;
insurers;
regulators;
emergency services; or
other organisations where disclosure is required by law.

Relevant participant health or safety information may be shared with a 7Futures associate, contractor or practitioner on a need-to-know basis where this is necessary for safe and appropriate delivery.

Those individuals are required to treat the information confidentially and use it only for the agreed purpose.

We do not share identifiable participant health information with an employer or client organisation except where:

the participant asks us to do so;
there is an immediate safety or emergency concern; or
disclosure is legally required.

We may provide client organisations with anonymised and aggregated reports to help them understand participation, outcomes or general wellbeing themes.

These reports are designed so that individual participants are not identified.

Google Workspace

Participant safety forms may be completed using Google Forms, and responses may be stored within our company-managed Google Workspace environment.

Google acts as a data processor on our behalf under contractual data-protection terms.

Access is restricted to authorised individuals who require the information for legitimate business, safety or administrative purposes.

Data security

We take the security of personal information seriously.

We have appropriate organisational and technical measures designed to protect personal information against:

accidental loss;
destruction;
alteration;
unauthorised disclosure;
misuse; or
unauthorised access.

We restrict access to personal information to authorised employees, associates, contractors, practitioners and service providers who have a legitimate need to use it.

Anyone processing information on our behalf is required to follow our instructions and maintain confidentiality.

We have procedures for identifying, investigating and responding to personal-data breaches.

Where required by law, we will notify the Information Commissioner's Office and affected individuals within the applicable timescales.

Pseudonymisation

Where participant health and safety information is retained after the immediate operational need for identifiable information has ended, we use pseudonymisation to reduce identification risk.

This may involve replacing direct identifiers with a randomly generated reference and keeping the information needed to reconnect the record separately with restricted access.

Pseudonymised information remains personal information and continues to receive the protections described in this notice.

International transfers

Some of our contracted service providers may process personal information outside the United Kingdom.

Where this occurs, we ensure that an appropriate legal safeguard is in place, such as an adequacy regulation or approved contractual protection, as required by UK data-protection law.

How long we retain information

We retain personal information only for as long as is reasonably necessary for the purpose for which it was collected.

When determining an appropriate retention period, we consider:

the nature and sensitivity of the information;
the purpose for which it was collected;
the potential risk of harm from unauthorised use or disclosure;
our legal obligations;
relevant professional requirements; and
applicable insurance requirements.

Routine participant health and safety records are normally retained for up to three years from the date of the event.

Records connected with an incident, complaint or other unresolved matter may be retained for longer where this is reasonably necessary.

We retain client and business-contact information for as long as we provide services to the organisation and for an appropriate period afterwards where needed to:

maintain business records;
meet legal obligations;
manage contractual matters; or
resolve enquiries or disputes.

We do not routinely retain identifiable blood-pressure or grip-strength results.

Where another individual health measurement is retained for follow-up or future comparison, this will be explained at the point of collection and managed in accordance with this notice.

Anonymised information that no longer identifies an individual may be retained for statistical, research, reporting or service-improvement purposes.

Automated decision-making

We may use rules or administrative tools to help organise and flag participant information.

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects.

Participation and safety decisions are made or reviewed by an authorised person.

Your rights

Depending on the circumstances, you may have the right to:

Request access

You may ask for a copy of the personal information we hold about you and information about how it is being used.

Request correction

You may ask us to correct personal information that is inaccurate or complete information that is incomplete.

Request erasure

You may ask us to delete personal information where there is no lawful reason for us to continue processing it.

Object to processing

You may object where we rely on legitimate interests and your particular circumstances mean you believe the processing should stop.

You also have the right to object to direct marketing.

Request restriction

You may ask us to restrict the use of your personal information in certain circumstances, including while its accuracy or our reason for processing it is being considered.

Request data portability

Where the right applies, you may request the transfer of personal information that you provided to us in a structured and commonly used electronic format.

Withdraw consent

Where we rely on consent, you may withdraw that consent at any time.

These rights are subject to certain legal conditions and exemptions.

We may need to confirm your identity before responding to a request.

Contacting us

If you have a question about this notice, wish to exercise a data-protection right, withdraw consent or raise a concern about how your information has been handled, please contact:

Mark Davies
Privacy and Data Protection Lead
7Futures Limited
Email: mark@7futures.com
Telephone: 07595 983620

We would welcome the opportunity to address any concern directly.

Complaints to the Information Commissioner's Office

You also have the right to make a complaint to the Information Commissioner's Office, the UK supervisory authority for data protection.

You do not have to raise the matter with 7Futures before contacting the ICO.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/

Changes to this notice

We may update this Privacy Notice from time to time.

The current version will be published on the 7Futures website.

Last updated: 10 June 2026