Privacy Policy 

Last updated: September 2025  

GoodShape UK Limited is a company incorporated and registered in England and Wales with Company Number 05297929 and located at 10 Upper Berkeley Street, London, W1H 7PE (referred to in this Privacy Policy as "we, "us", "our", “GoodShape” and “Data Controller”).  

GoodShape is committed to respecting your privacy and complying with applicable laws and regulations to ensure that the personal data you share with us is kept appropriately secure and processed fairly and lawfully. This Privacy Policy explains how we collect, use and share your personal data including when you use our website, contact us, sign up to our newsletter or transact with us. It describes your rights in relation to our use of your personal data and explains how you can exercise those rights or make a complaint. 

We sometimes need to make changes and updates to our Privacy Policy to keep it up to date, so do come back and check from time to time. 

We operate a website as part of our provision of a health and absence management platform with a suite of products including telehealth clinical services, shift allocation, referral management and absence monitoring, accessible via mobile app, desktop or telephone (“Products”). We make our Products available to companies and organisations who are our clients or prospective clients (referred to in this Privacy Policy as “you”, “yours” or “Client/(s)”).   

 

What this Privacy Policy covers 

This Privacy Policy covers all personal data that we collect, use and otherwise process about you in connection with your relationship with GoodShape including in your capacity as a client, potential client or website visitor. GoodShape will collect and use your personal data as described in this Privacy Policy and as permitted by applicable laws, including in circumstances where you visit our website, complete and submit our forms, make enquiries about GoodShape Products, subscribe to updates, communications, notifications or blog posts, event registration or other communication or transaction with us in any way.  

 

What personal data we collect about you and how we collect it 

Personal data is any information relating to an identified or identifiable living person and includes, among other things, identifiers such as name, email address, unique device id or IP address.  It’s legal definition is broad and personal data can consist of several factors which individually, or in combination, can lead to the identify of a living individual. 

Data Category 

Data Type 

Context 

Identification Information 

Name, job title in connection with your enquiry via our ‘request a demo’ or our ‘get in touch’ form  

Client Enquiry  

Contact Information 

Name, professional address, email address and telephone number 

Client Enquiry  

Correspondence Information 

Content of your business correspondence and communications with us in the course of your enquiries via our contact forms or contact telephone numbers in the course of our relationship.  

Client Enquiry  

Marketing Information 

Your marketing and cookie preferences including any consents you have given and/or where you have unsubscribed from communications and the relevant email address for our suppression lists, consent and subscription management. 

Client  

Website Usage Information 

Information on your use of our website, for example, how you interact with the website, how many times you visit and how you engage with the webpages or connect to third party services.   

Website Users 

Clients 

Prospective clients 

Device Information 

Technical information concerning the browser or device used to access our website. This could include the IP address, browser, type of device, unique device identifiers, for example the IMEI of a mobile device, or operating system 

Website Users (in relation to the general use of the website [not including log in/registration and employee or manager support related to the use of the Products]).  

Call Recordings  

All calls to and from clients and prospective clients may be recorded.   

Calls are recorded for compliance purposes.  

 

As some of the personal data collected may be via cookies and other similar technologies that we use on our website, please see our Cookie Policy for more details on the data collected in that manner and how you can update and control your consent preferences or withdraw your consent to their use at any time. 

 

What we use your personal data for (our purpose) and on what legal grounds (our lawful basis) 

The purposes for which we collect, use and store your personal data are described below together with the valid legal basis for this processing.    

We use your personal data for the purposes and on the legal basis set out below: 

Why (purpose) 

Legal Grounds (lawful basis) 

Communications: we will process identification information, contact information and correspondence information to communicate with you in connection with your enquiries and throughout our relationship and beyond. 

Legitimate Interests: our legitimate interests of growing and managing our business, responding to your enquiries in respect of our Products and services and facilitating the provision of our Products to our Clients and prospective clients.  

Direct Marketing: we will process your identification information, contact information and marketing information in order to provide direct marketing to you by email, SMS and telephone in relation to our Products including where you subscribe to receive insights, reports and other resources from us relating to our Products through our resources pages or request a demo. We will ask you if you would like to receive information from us and let you know how you can unsubscribe.  

Legitimate Interests: our legitimate interests are promoting our Products to our Clients and prospective clients and developing and improving our Products. 

 

 

 

Identity Verification: we will process your identification information to verify your identity, including where necessary when you exercise your rights detailed in this Privacy Policy. 

Legitimate Interests: our legitimate interests are ensuring the security of our Products, Customers, staff and the data we hold. 

 

 

Fraud and Security: we will use your website usage information and Device Information to detect, monitor, investigate, prevent and manage security incidents affecting our website, in accordance with the law 

Legitimate Interests: our legitimate interests are protecting our business from security incidents, fraud or other wrongdoing. 

Targeted Advertising: we may process Identification information, contact information, marketing information, website usage information and device information to provide you with targeted advertising through the placement of cookies and similar technologies on our website  

Consent: where you opt in to any online targeted advertising, including where this is based on information collected via our use of cookies or similar technologies, as described in our Cookie Policy and managed in our Cookie Consent Management tool.  

Analytics (and not strictly necessary functionality): we will process website, device, correspondence, identification, and marketing data to operate, improve, and optimise our website, support marketing activities, and inform business planning through aggregated and anonymised trend analysis. 

Consent: where applicable, where you opt in to relevant cookies, as detailed in our Cookie Policy, 

 

Sharing your personal data with third parties 

Please see the table below for details about who we share your personal data with. 

Category of Recipients 

Why (purpose) 

Third Party Service providers/vendors 

 

We use third party vendors for a variety of purposes including hosting our website, marketing systems and IT support.  

Group companies 

 

To operate, develop and improve our Products and report to our relevant group companies to manage and operate our business. 

Business transfers (prospective Buyers or Sellers of our business) 

Should our business be sold or merged with another company, your personal data may be disclosed to our professional advisers and those of a prospective buyer or seller for continuity of service during or post this kind of corporate transaction or restructure. 

Law Enforcement/fraud and security 

Where we are under a legal duty to disclose your personal data to comply with the law and to detect, prevent and manage fraud and security incidents impacting our website or Products. 

 

How we store your personal data securely and how long we retain it 

While there are no measures that can guarantee 100% security of personal data transmitted and at rest, we continually seek to protect your personal data through appropriate technical and organisational measures as required by law and in accordance with good industry practice: measures such as full compliant controls which adhere to ISO 27001 and Cyber Essentials certifications.  

We retain your personal data for no longer than is necessary for the purposes for which it is processed.  

 

Transfers of personal data to third countries and international organisations 

We do not currently transfer your personal data outside of the UK or the EU but if the position on this changes in the future, we will update this Privacy Policy accordingly. In such scenario, in the case where the destination country does not provide an adequate level of protection in accordance with applicable data protection laws here in the UK, we will ensure appropriate safeguards are in place with the recipients of that personal data in the form of relevant data transfer mechanisms, namely standard contractual clauses (EU model clauses) the UK addendum to these EU model clauses and/or the UK International Data Transfer Agreement (IDTA), or an alternative mechanism such as Binding Corporate Rules or the US Data Privacy Framework. 

 

Cookies 

This website uses cookies. Cookies are small text files that can be installed onto your device for various reasons. We need your consent for cookies which are not essentially required in order for you to be able to use our website. You can choose which types of cookies you’d like to accept, and change or withdraw your consent at any time using the cookie consent tool on our website (bottom left of your screen).

We use cookies to personalise content and ads, to provide social media features, and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.  

The type of information collected includes the number of visits to pages on the site, the duration of individual page view, paths taken by visitors through the site, and other general information. 

Users have the opportunity to set their computers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The Help menu on the menu bar of most browsers will tell you how to do this. 

 

Your rights 

As detailed above, you have the right to withdraw your consent at any time if we rely upon consent for the use of your personal data.  

You also have the right: 

  • to be informed, to be provided with clear, transparent and understandable information detailing how we use your personal data and your rights in relation to that use. We provide this information via this Privacy Policy. 
  • of access to your personal data, along with other information on how we use your personal data. 
  • to rectification of your personal data, to have your personal data corrected if it is inaccurate or incomplete.  
  • to erasure of your personal data (or the right to be forgotten). It enables you to request the deletion of your personal data where we have no overriding reason to keep it.  
  • to restriction of the processing of your personal data in certain circumstances. 
  • to object to the processing of your personal data in certain circumstances.  
  • to data portability, to ask us to transfer your personal data to another organisation, or to you, in certain circumstances. 

Please see ‘how to get in touch’ if you have any questions or wish to make a request in respect of your rights. 

 

How to get in touch 

For data protection queries, our data protection officer can be contacted at dpo@goodshape.com or you can write to us at the above address, for the attention of the DPO. 

 

How to complain 

GoodShape is committed to resolving any complaints or concerns you have about your personal data with you and would encourage you to come to us first with any concerns or questions. You also have the right to complain to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK, if you are unhappy with how we have used your personal data or addressed your concerns or complaint made to us. 

You can write to the ICO at the address below or call them on their helpline: 0303 123 1113, you can also find further information on the ICO website: https://www.ico.org.uk 

Information Commissioner’s Office 

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF