Terms, Privacy and Cookie policy

At ESRA/MYB, we’re committed to protecting and respecting your privacy. 

This Privacy Notice explains when and why we collect personal information about people who visit our website and interact with ESRA/MYB via telephone, email and any other forms of correspondence.

It covers how we use this information, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Notice from time to time so please check this page occasionally to ensure that you’re happy with any changes

By using our website and corresponding with ESRA/MYB, you’re agreeing to be bound by this Notice.

Any questions regarding this Privacy Notice and our privacy practices should be sent

Who are we?

ESRA (Employment Support Retraining Agency Ltd) was founded in 1980 we are a charity and a limited company. Based in Redhill, Surrey, ESRA’s services are available to people with stress and mental health issues who are looking to find or keep work, and also to employers who want advice and support in recruiting and retaining valuable staff.

On average we help 250 to 300 people each year move towards work.

We believe strongly that everyone has a right to work. We know that, with the right support, work can be a vital part of recovery and of maintaining positive mental health. Our qualified, experienced advisors give structured and impartial advice, with guidance sessions exploring training, employment and in work support options.

We work closely with local employers and organisations, and are committed to changing the way people see mental health, improving attitudes and removing stigma.

Minding Your Business is a subsidiary of ESRA and a unique and professional organisation that specialises in delivering services to businesses who want to take a preventative, rather than reactive, approach to mental health issues in the workplace. Our experienced and qualified staff work with businesses to provide Training and Specialist Retention Services.

How do we collect information from you?

We obtain information about you when you use the website, email, telephone or correspond with us. For example; if you contact us about products and services.

What type of information is collected from you?

The personal information we collect might include your name, address, email address, IP address and information regarding which web pages are accessed and when.

If you purchase a product from us, your credit/debit card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit / debit card transactions.

Below is an in-depth summary of the different categories of data we may use and our lawful grounds for processing it:

Communication Data includes any communication that you send us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims.

Our lawful grounds for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

Customer Data includes data relating to any purchases of goods and / or services such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details etc. We process this data to supply the goods and / or services you have purchased and to keep records of such transactions.

Our lawful grounds for this processing is the performance of a contract between you and us and / or taking steps at your request to enter into such a contract.

User Data includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.

We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and / or databases and to enable publication and administration of our website, other online services and business.

Our lawful grounds for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.

Technical Data includes data about your use of our website and online services such as your IP address, your log in data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.

We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.

Our lawful grounds for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and determine marketing strategy.

Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences.

We process this data to enable you to partake in our promotions, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising.

Our lawful grounds for this processing is our legitimate interests which in this case are to study how customers use our products and services, to develop them, to grow our business and to determine marketing strategy.

We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including social media adverts and other display advertisements) and to measure or understand the effectiveness of our advertising.

Our lawful grounds for this processing is our legitimate interests which is to secure the future of ESRA/MYB and to grow our charity/business.

We may also use such data to send other marketing communications to you.

Our lawful ground for this processing is either consent or our legitimate interests (namely to grow our charity/business).

Sensitive Data refers to data that includes details about your physical or mental health, race or ethnicity, religious or philosophical beliefs, sexual orientation, trade union membership and armed forced background.

We require your explicit consent for processing sensitive data, so when you submit your details you will be asked to provide your consent for this processing.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract.

If you do not provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. If we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds.

We may process your personal data without your knowledge or consent where this I required or permitted by law.

How is your information used?

We may use your information to:

Who has access to your information?

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf

We may pass your information to our third-party providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you mailings).

However, when we use third party service providers, we disclose only the personal information that is strictly necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not use it for their own direct marketing purposes.

Please be reassured that we will not release your information to third parties for them to use for their own purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your Choices

You have a choice about whether or not you wish to receive information from us.

If you do not want to receive direct marketing communications from us, then you can select your choices by ticking the relevant boxes on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message unless we have your prior consent.

We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.

You can change your marketing preferences at any time by contacting us by

How you can access and update your information - Your legal rights

Under data protection laws you have rights in relation to your personal data. These rights include:

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change email address, or if any other information we hold is inaccurate or out of date, or if you wish to exercise any of the rights set out above, please

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask for further information in relation to your request, to speed up our response.

We aim to respond to all legitimate requests within one calendar month.

Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you.

Use of “cookies”

Like many other websites, our website uses cookies. “Cookies” are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you next visit. They collect statistical data about your browsing actions and patterns but do not identify you as an individual.

It is possible to switch off cookies by setting your browser preferences.

Links to and from other websites

Our website contains links to websites run by other organisations. This privacy policy applies only to our website, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Similarly, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and we therefore recommend that you check the policy of that third-party site.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us will not be transferred to countries outside of the European Economic Area (EEA). The Microsoft servers which are used to store our data are located within the EEA. Microsoft are a GDPR compliant organisation whose Standard Contractual Clauses were approved by the EU’s Article 29 Working Party – Microsoft was the first cloud service provider to receive a letter of endorsement and approval from the group.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

Data Security

We have put in place rigorous security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation.

We allow access to your personal data only to our employees and to partner organisations who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected data breach and will notify you and any applicable regulator of a breach if we are legally required to do so.

Any sensitive information (such as credit or debit card details) is encrypted and protected.

Non-sensitive details (your email address etc.) are transmitted normally over the internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

Once we receive your information, we make our best effort to ensure its security on our systems.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.

When deciding what the correct time is to keep data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Review of this Notice.

We keep this Notice under regular review.

This notice was last updated in May 2018.

Information on the website is NOT a substitute for seeking further/professional guidance, advice, assessment or treatment if you feel you need it. We are not responsible for the content or reliability of external websites.

Links should not be taken as an endorsement of any kind. We cannot guarantee that these links will work at all times and we have no control over the availability of linked pages. Please be aware that ESRA is not responsible for the privacy practices of other websites.