Close Cookie Popup
Smooth Digital rebrand as Prosperwell
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Read more
Cookie Settings
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info

Book your discovery call

What can we help you with?

What specific marketing obstacles can we help you with?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Our Privacy Notice

Prosperwell - Privacy Notice For Clients

Who we are:

We are Prosperwell. For the purposes of this notice, the term ‘we’ encompasses all those employed by us to carry out our business, either directly or as external contractors.

Our Contact Details:

If you have any questions about this Privacy Notice, please contact: management.hello@prosperwell.co.uk

1. Privacy laws
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.


1. The capacities in which we process data
In providing you with our services, we will be acting both as;

a) a controller of personal data (as defined by Article 4(7) GDPR) with respect to any processing for which we determine the purpose and means. This includes data that we obtain from you in order to facilitate the administration of our business relationship and the fulfilment of our contract with you, and;

b) a processor of personal data (as defined Article 4(8) GDPR) with respect to the processing of data you share with us in order to fulfil a purpose determined by you. This includes the data of your clients and prospective clients.

2. The purposes of this privacy notice are;
1) To inform you about our processing of your data as a controller under 2(a) above, in accordance with the ‘transparency’ requirement of Article 13 GDPR, and;

2) To establish the legal basis and other stipulations upon which we process data as a processor under 2(b) above in accordance with Article 28 GDPR (see Appendix A).

3. The types of personal data we collect
The personal data we use in the capacity of a data controller for the administration of our business and delivery of our services may include, but is not limited to:

- the names, address and contact details, including email address and mobile telephone numbers of individuals representing your organisation in any capacity;
- calendar data and other details of their activities and whereabouts;
- data relating to the performance of your employees in the delivery of their roles, or in training scenarios;
- personal preferences and requests;
- the terms and conditions of your contract with us for the provision of ourservices.

We may collect this information in a variety of ways. For example, data might be collected through;

- correspondence with you, both written and verbal;
- live interactions with your employees as part of an evaluation exercise; training and networking events; or
- through interviews and meetings.

We may also obtain personal data indirectly from sources such as public registers.

The personal data we use in the capacity of a data processor for the provision of ourservices at your request will include; but is not limited to;

- contact details of individuals with whom we communicate on your behalf;
- the requirements and preferences of those individuals or others they represent;
- data provided by you or gathered by us to enable marketing, quality management and other activities determined by you.

We may collect this information in a variety of ways. For example, data might be collected through;

- directly from you;
- phone conversations;
- electronic messages prosessed from your clients processed on your IT systems including, but not limited to, webchat & WhatsApp channels.

4. Providing your personal data

With regard to the data we process in the capacity of a data controller, we need that data in order for us to fulfil our contractual obligations to you. With regard to the data of your clients and prospective clients, which we process in the capacity of a data processor, we require that data in order to deliver our services.

5. What we use the personal data for

Fulfilment of contract
- Providing our services as defined in contracts between us.

Other business purposes
- As necessary for our own legitimate interests or those of other persons and organisations;
- For good governance, accounting, managing and auditing our business operations both internally and by third parties;
- For surveys of client experience and quality of our services;
- To monitor emails, calls, other communications;
- For market research, other surveys and analysis and developing statistics for improving business performance.

To comply with a legal obligation
- When any of the data subjects whose data we process exercises their rights under data protection law;
- For compliance with legal and regulatory requirements;
- For the establishment and defence of legal rights;
- For activities relating to the prevention, detection and investigation of crime, and;
- To investigate complaints, legal claims and data protection incidents.

6. The legal basis for processing

In providing our services, we will process personal data under Article 6 (1)(b) of the General Data Protection Regulations, on the legal basis that processing is necessary for the performance of a contract for the provision of those services, or in order to take steps at your request prior to entering into a contract.

In addition, we may process personal data on the following legal bases;- Legal obligation: the processing is necessary for compliance with a legal obligation - Article 6 (1)(c);
- Vital interests: the processing is necessary to protect someone’s life - Article 6 (1)(d);
- Public interest: the processing is necessary to perform a task in the publicinterest - Article 6 (1)(e);
- Legitimate interests: the processing is necessary for our legitimate interests orthe legitimate interests of a third-party - Article 6 (1)(f). In such cases, and unlessit is a recognised legitimate interest (as defined by the Data Use and Access Act2025), the processing will be subject to a ‘legitimate interest balance’ test.

7. Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with;

- sub-contractors and other persons who help us to provide services to you;
- our legal and other professional advisors, including our auditors;
- fraud prevention agencies, credit reference agencies, and debt collection agencies;
- government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office;
- courts, to comply with legal requirements, and for the administration of justice;
- in an emergency or to otherwise protect a person’s vital interests;
- to protect the security or integrity of our business operations;
- when we restructure or buy or sell our business or its assets or have a merger or re-organisation, and;
- anyone other party where we have your consent or as required by law.

8. How long do we keep your data?
Financial information gathered in our capacity as a data controller may be kept for up to six years from the end of the financial year in which the contract between us is terminated or the date of the last provision of professional services to you by us, whichever is the later.

Non-financial data gathered in our capacity as a data controller may be kept for up to six years from the date on which the contract between us is terminated or the date of the last provision of professional services to you by us, whichever is the later.

Data relating to your clients, processed by us in the capacity of a data processor, will be retained according to a defined period you may stipulate or, in the absence of such stipulations, for up to six years from the date the contract between us is terminated or the date of the last provision of professional services to you by us, whichever is the later.

Information may be held for longer periods where any of the following apply;

- Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have;
- Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with other legal and regulatory requirements. We will retain your personal data after you have received services based on legal and regulatory requirements and obligations pertaining at any given time.

9. Your rights under applicable data protection law
Your rights are, where applicable;
- The right to be informed about processing of your personal data;
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the "right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data ("data portability"); and
- Rights in relation to automated decision-making including profiling.

You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make arequest, we have one month to respond to you.

10. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice. You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data;

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Appendix A

Stipulations for acting in the capacity of a data processor
The data we process under 2(b) above will consist of data provided to us by you as its controller, in order that we may carry out business activities specified by you. Where such data relates to other data subjects (your employees, contractors or clients) we will process it on the understanding of your compliance with the provisions of the GDPR and, in particular, that;

- You have met the transparency requirements of Article 13 GDPR in respect of informing those data subjects about your sharing of their data with us and our processing of it;
- You have established and documented legal bases for the processing of their data. Where such legal bases include the consent of the data subject, you have obtained, and documented, informed and freely given consent. Where such legal bases include the legitimate interests of your business, and unless they are recognised legitimate interests (as defined by the Data Use and Access Act 2025), that the processing has been subject to a ‘legitimate interest balance’ test.
- You accept that we may use certain 3rd-party technologies such as cloud storage providers or platforms as a service. The use of any such technologies will continue to be under our management and subject to all of the stipulations of this Appendix.

Where data processed by us on your instructions comprises special category data prohibited from processing by Article 9 GDPR, we will process that data relying on the exemption defined by Article 9(2)(h) GDPR in that it is necessary for the provision of social and health care.

In acting as a data processor on your instructions, we confirm that we shall respect the privacy rights and freedoms of those data subjects whose data you share with us. In particular, and in accordance with the requirements of Article 28 GDPR, we shall;

- Only act on your documented instructions, unless required by law to act without such instructions or it is in the vital interests of the data subject to do so;
- Ensure that people processing the data are subject to a duty of confidence;
- Take appropriate measures to ensure the security of processing;
- Only engage a sub-processor with your prior authorisation and under a written contract which contains all of the technical and organisational measures necessary to ensure compliance with these stipulations and any other GDPR requirement relevant in the circumstances.
- Take appropriate measures to assist you to respond to requests from individuals to exercise their rights under GDPR;
- Taking into account the nature of processing and the information available, assist you in meeting GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
- If requested by you, to delete or return all personal data to you (at your choice) at the end of the contract, unless the law requires its storage or one of thecriteria detailed at Section 8 are met; and
- Submit to audits and inspections.