Privacy policy

Data Protection Privacy Notice for the Return to Work toolkit.

What is this privacy notice about?

This privacy notice explains how the Return to Work toolkit (“we”, “our”, “us”) collects, uses and shares your personal data (information) and your rights in relation to this data. The notice relates to our processing of personal data of website visitors, enquirers, applicants and others (“you”, “your”) who visit, contact or submit information to the Return to Work toolkit.

This privacy notice answers the following questions:

Kingston University is the data controller of your personal data and is subject to the General Data Protection Regulation (the “GDPR”) and the UK Data Protection Act 2018. As such, we are listed on the Information Commissioner’s Office (ICO).

You can find a copy of the University’s Data Protection Policy online along with copies of our other relevant information regulations.

We may update this privacy notice periodically and if we do we will publish this on our website.


What is the role of Return to Work toolkit?

The website has access to a free online toolkit for employees & employers to support the return to work process following mental health sickness absence.

Our aim is to provide both employers/managers and employees suffering with mental ill-health, the tools and resources to help both parties navigate their way through the return to work process, creating a culture that is supportive and that leads to a successful return.

Our return to work toolkit aims to support businesses through the difficult return to work process, particularly focusing on mental health related sickness absence (i.e. absence related to stress, anxiety or depression). Our vision is for businesses everywhere to have the tools and know how to support employees returning to work. Using the toolkit, organisations and individuals have access to two self-led guides (an employer and employee version) which signposts users through the six step guidance starting from the first day of initial absence, all the way through to maintaining and reviewing the employee’s health and work responsibilities once they are back at work. Additionally, there are a number of other useful and practical tools available in the toolkit, these include; checklists, templates, exercises, tips and advice.

For the purposes of our evaluation we are also asking users to get in contact if they would like to give us some feedback/ comment on the toolkit. This can be done my contacting the researchers directly or completing the online feedback survey we have included on the toolkit website.


How do we collect your information?

Information provided by you

We collect your personal data in a number of ways, for example:

  • Through the users voluntary responses to our feedback survey;
  • Through any email or other correspondence you submit to us.

Information that is collected automatically

In addition to personal information you may provide when you visit our website the following information is received and stored by our web servers:

  • details of your IP address;
  • browser type and operating system;
  • the web pages you visited.

This data is known as web server logs. We use this information strictly to analyse how our website is used by our visitors and we may archive this information in an anonymous form for statistical purposes.


The cookies we use

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.


Cookie Name Purpose
pum-782 Allows pop up to ask for feedback on homepage to work. Expires after 1 day.
viewed_cookie_policy Hides or shows cookie message policy message. Expires after 1 year.
uvc The uvc cookie is one of the cookies used to track usage of the service. It allows a user to share a webpage with many social sites. Expires after 2 years.
_ga Google cookie used to distinguish users. Expires after 2 years.
_gid Google cookie used to distinguish users. Expires after 24 hours.
_gat_gtag_UA_17713602_37 Used for Google Tag Manager. Expires after 1 minute.
Google Analytics These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit About Cookies or All About Cookies

Find out how to manage cookies on popular browsers:


To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit


What types of information do we collect about you?

We collect the following types of personal data about you:

  • From the feedback survey- whether you are responding to the survey as a; employee with mental ill-health, a manager, a business owner, an OH professional, an HR professional or other. In addition, business size, business sector and email address (although this is voluntary).

How will we use your information?

Your data will be used for the following purposes:

  • To evaluate the toolkit which we have produced. We are interested in understanding how the toolkit is accessed, and how it is used.
  • We, or our collaborators (Loughborough university and Affinity Health at Work) or funders (Department of Work and Pensions), may publish aggregate information about our users (for example, that more users access the site when it is hosted on a workplace intranet as compared to when shared by social media) in the context of providing public health information, for publicity purposes or conducting academic research.
  • We will not publish individual or identifiable responses.

What legal basis do we have for processing your information?

There are a number of legal bases for processing personal data. For processing your personal data we rely upon the following legal bases:

  • Consent, where you submit personal data;
  • Explicit consent, for special category personal data (for example, health-related data);
  • For research purposes (Schedule 1, Part 1 of the UK Data Protection Act 2018).

Who will we share your information with?

Other organisations

For the purposes referred to in this privacy notice and relying on the legal bases for processing as set out above, we share your personal data with certain third parties listed below:

We will not share your personal information with any third parties.

Information transferred overseas

Some of the personal data we process about you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). These processes include where the personal data is processed by our staff, contractors or suppliers who are based outside the EEA or who use storage facilities outside the EEA.

In these circumstances, your personal data will only be transferred on one of the following bases:

  • where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission);
  • a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of data protection;
  • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

For how long do we keep your information?

We plan to hold the data for up to a year for our reporting and our funding body (The Department of Work and Pensions).


How do you make sure my information remains accurate?

It is important that the personal information we hold about you remains accurate. Please contact us if you would like to update any of the information we hold about you. This is particularly important for your contact details.

What are your rights?

Under the GDPR and when the new UK Data Protection Act comes into force, you have the following rights:

  • to access from us the personal data we hold about you;
  • to require us to correct the personal data we hold about you if it is incorrect;
  • to require us to erase your personal data;
  • to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
  • to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights;
  • to not be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you.

Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply.

If you have given your consent and you wish to withdraw it, please contact our Data Protection Officer using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you.

Who can you contact about your information?

If you wish to request access to the personal data we hold about you please contact Rebecca on For any other queries about this privacy notice or how we process your personal data you can contact our Data Protection Officer by email: or by post: Data Protection Officer, Vice Chancellor’s Office, River House, 53–57 High Street, Kingston upon Thames, Surrey KT1 1LQ.

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website.