Is Life QI a Data Controller or Data Processor?

Life QI is a Data Controller as we determine the purposes and means of processing the personal data.

As per the guidance issued by the Information Commissioner’s Office, Seedata (the company behind the Life QI product) is deemed to be the Data Controller of the processing activities associated with the provision of the Life QI Services. This has been concluded on the basis that Seedata has determined the purposes and means of processing the personal data, and holds a direct relationship with the data subject. Specifically:

  • Seedata determines what personal data to collect (the fields associated with a user account);
  • Seedata determines the purpose of the processing (how the data is used for account creation, security monitoring, and use of the service)
  • Seedata has a direct contractual relationship with the users (data subjects), as per the User Terms of Use that each user agrees to when creating their user account.

It has further been determined that Seedata is not a joint controller with the Customer. The rationale for this determination is outlined below:

ICO guidance statement

Application to Seedata and Customer

We have a common objective with others regarding the processing

The objectives of the parties are different as the Customer uses the Services in order run and track improvements and Seedata’s roll is purely in the provision of the platform.

We are processing the personal data for the same purpose as another controller

Seedata processes the personal data in order to provide the Services, whereas the Customer processes the information a) by virtue of being the employees’ employer and b) in order to invite staff to use the Services.

We are using the same set of personal data (e.g. one database) for this processing as another controller

Seedata and the Customer to do not share a database and have distinct systems which operate independently of one and other.

We have designed this process with another controller

Life QI has not been designed with the Customer as it is an independent product designed and managed by Seedata.

We have common information management rules with another controller

The privacy statement states how Seedata manages the Services and the personal data collected from individuals in order to provide the Services.