Data Controller
Mindsightful (The Company) is the data controller of and is responsible for ensuring that personal data is processed correctly and securely in accordance with applicable laws.
What personal data does the Company process?
This means any information that directly/indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g. your name, your contact information and your IP-address.
Processing means any operation which is performed on personal data, such as collection, storage, use, adaption or disclosure.
About our Counselors
We collect and store the following information about you that the Company needs to contact you and to fulfil its undertakings towards you as a Counselor.
- Personal information and contact information, such as name, personal identity number, gender, address, telephone number and email address.
- Title and initials of your credentials.
- Information that you provide to the Company by email, via the Company’s social media or by other channels of communication. This also includes communication through means such as text chats, messages and worksheets between you and the User.
- Payment and purchase history as well as payment information, such as PayPal e-mail address and Stripe account name.
- Information regarding surveys, complaints and warranty matters.
- Website and social media links.
- Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).
- Your picture, where applicable.
About our Users
The following information is collected and stored about you. This is information that the Company needs to contact you and to fulfil its undertakings toward you as a User.
This also includes you as an employee/member at a company/organisation that has registered a business account at the website.
The Company may process special categories of data of you as a User. The legislator has determined that special categories of personal data shall be further protected. As a main principle, special categories of personal data shall not be processed, however, there are a few exemptions. Private health information is one category of such data which as a main principle is prohibited to be processed. However, the Company must process such data in order to provide its services to you as a User. Based on the exemption that special categories of data may be processed in order to provide health care, the Company is entitled to process health care information you have provided the Company.
- Personal information and contact information, such as name, personal identity number, address, telephone number and email address.
- Information that you provide to the Company by email, via the Company’s social media or by other channels of communication.
- Information regarding surveys, complaints and warranty matters.
- Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).
- Private health information that will be processed according to the minimum amounts necessary to provide you with service.
About your Emergency Contacts
If the User has provided the Company with an Emergency Contact, the Company collects and stores the following information about you as an Emergency Contact, which the Company needs to contact you in case of an emergency.
- Contact information such as name, telephone number, and relationship with the User.
About our suppliers, partners and affiliates
The Company collects and stores the following information about you that the Company needs to contact you and to fulfil its undertakings towards you as a supplier, partner or affiliate (such as but not limited to computer programmers, sales representatives etc.).
This also includes contact persons to companies that have registered a business account with the Company. However, employees/members obtaining Counselor Services through a business account are covered by “Users” above.
- Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.
- Payment information.
Information for visitors to our website
Regarding visitors to the Company’s website, the following information is collected about you:
- Data of a technical nature (including, but not limited to: URL, unique device ID, IP address, MAC address, language and identification settings, geographic location, operating system, network and device performance, browser, other information from cookies.
How is your data processed?
The purposes for which the Company intends to process your personal data and the legal basis for the respective processing activities are stated in the tables below.
Users
| Purpose | Legal basis |
|---|---|
| To fulfil legal requirements, such as but not limited to health care requirements, security requirements and accounting requirements. | The processing is necessary for compliance with the Company’s legal obligations. |
| To provide and maintain the Platform, including to monitor the usage of the Platform. | The processing is necessary for the performance of the agreement with the User or the Counselor. |
| To manage your account as well as to manage your registration as a User or Counselor. | The processing is necessary for the performance of the agreement with the User or Counselor. |
| To be able to contact you regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. | The processing is necessary for the performance of the agreement with the User or Counselor. |
| To enable marketing and communication about the Company’s brand and the Company’s products (e.g. mailing of newsletters and other marketing materials, invitations to the Company’s events, meetings and other gatherings etc.). | The processing is necessary for the Company’s legitimate interest to market its brand, its products and other similar products to you as a customer or to the company that you represent (legitimate interest). |
| To ensure payment and analyze purchase history in order to offer Users and Counselors the right services and marketing. | “The processing is necessary for the performance of the agreement with the User or Counselor. |
| The processing is also necessary for the Company’s legitimate interest to offer Users or Counselors relevant marketing with regard to the customers previous purchases (legitimate interest).” | |
| To receive payments from Users in connection with purchases of the Company’s products, services and service. | The processing is necessary for the performance of the agreement with the User. |
About your Emergency Contacts
| Purpose | Legal basis |
|---|---|
| To contact you in case of an emergency. | The processing is necessary for the Company’s legitimate interest in being able to initiate appropriate action in case of emergency (legitimate interest). |
Visitors of the Company’s website
| Purpose | Legal basis |
|---|---|
| To ensure the operation of the Company’s website and application. To be able to develop the Company’s website and to better adapt the website based on how it is used. | The processing is necessary for the Company’s legitimate interest to improve, streamline, simplify and develop its website and to attract more Users/Counselors/partners and to increase the number of recurring Users/Counselors/partners (legitimate interest). |
How long does the Company store your personal data?
Your personal data is stored as long as there is a need to preserve them in order to fulfil the purposes for which the data was collected in accordance with this Privacy Policy. Thereafter, your personal data will be deleted.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Some personal data will, for the purpose of complying with applicable accounting legislation, be stored for seven years, counting from the end of the calendar year during which the financial year, to which the information pertained, was terminated.
Contact information regarding company representatives is stored during such time the Company considers that the information is necessary to maintain the relationship with the company/organization. Deletion shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or at the request of the contact person.
For more information about how long the Company stores specific personal data, please contact the Company. Contact information is provided under section “Contact Information” below.
With whom does the Company share your personal data?
The Company does not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the Company’s obligations to you. Situations when your personal data must be disclosed to third parties are listed in the table below.
Your personal data will not be sold to third parties for marketing purposes.
| Third party | Reason for third-party disclosure |
|---|---|
| Suppliers of cloud solutions | Personal data may be transferred to suppliers of cloud solutions since the Company stores certain information in cloud solutions. |
| Service providers | The Company may share personal data with service providers to monitor and analyze the use of the Platform, to show advertisements to you, to help support and maintain the Platform, to contact you, to advertise on third party websites to you after you visited our Platform or to be able to process payments. |
| Suppliers and partners | The Company may disclose personal data to suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward the Company. |
| Authorities | Personal data may be disclosed to authorities when necessary for compliance with the Company’s legal obligations. |
| Sale | If the Company intends to transfer all or part of its business, personal data may be disclosed to a potential buyer. |
About payments
The Company may provide you with paid products and/or services. In that case, the Company may use third-party services for payment processing (e.g. payment providers).
The Company will not store or collect your payment card details. That information is provided directly to our third-party payment providers whose use of your personal information is governed by their privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The Company uses the following payment providers:
- VCita: Their Privacy Policy can be viewed at: https://www.vcita.com/legal/privacy-policy
What about the possible transfer of data to other countries?
The Company may transfer your personal data to countries outside the UK, EU/EEA.
If personal data is transferred to a country outside the UK, EU/EEA, the Company will take measures to ensure that the personal data continues to be protected and will also take the necessary measures to ensure a legal transfer of the personal data to countries outside the UK, EU/EEA
Such necessary measures consist of ensuring that the third country to which the personal data is transferred, is subject to a decision from the European Commission that it ensures an adequate level of protection or taking appropriate protection measures, for example Binding Corporate Rules (BCR) or Standard Contractual Clauses (SCC).
All communication between clients and counselors is end-to-end encrypted. All databases are encrypted at rest with industry-leading encryption. Further, all private health information is hosted behind a 3-tiered web application, with multiple checks and controls to keep your data safe.
About data and social media
Concerning personal data that may occur or be processed on social media, such as Facebook, Instagram, Youtube and LinkedIn, we refer users to the policy provided by the respective service providers for information on how each service provider processes personal data.
In the Company’s view, the purpose of the processing is that you shall be able to interact and maintain contact with the Company via social media, in order to contribute to good relationships with Users, Counselors, customers and partners and to make the Company’s customer service and product widely accessible through several different channels. The processing is necessary for the purposes of the Company’s legitimate interest to market its brand and its products to existing and potential customers and to partners (legitimate interest).
About your rights
As the data controller, the Company is responsible for ensuring that your personal data is processed in accordance with applicable legislation.
The Company will, at your request or on its own initiative, rectify, erase or complete any information found to be inaccurate, incomplete or misleading.
You have the right to request access to and rectification or erasure of your personal data (e.g., if such erasure is required by applicable law), request restriction of the processing of your personal data and object to the processing, as permitted by applicable personal data legislation (e.g. if you contest the accuracy of the personal data or if the processing is unlawful but you oppose the erasure of the personal data and request restriction of its use instead).
The Company will notify each recipient to whom the personal data has been disclosed in accordance with what is set out above under “With whom does the company share your personal data?” regarding any rectifications or erasures of personal data as well as of restriction of processing of data according to this section “Your Rights”.
Under certain conditions, you have the right to data portability, i.e., a right to receive your personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller.
If you do not want the Company to process your personal data for direct marketing purposes, you have the right to object to such processing at any time. When the Company has received your objection, the Company will cease the processing of your personal data for such marketing purposes.
You have the right, through a written and signed application, to obtain free of charge a register extract from the Company regarding which personal data are stored about you, the purposes of the processing and to which recipients the data has been or shall be transferred. You also have the right to obtain information about the envisaged period for which the personal data will be stored or the criteria used to determine this period. You also have the right to receive information about your other rights as specified in this paragraph “Your Rights”.
We look forward to hearing from you if you have any complaints regarding the Company’s processing of your personal data, in order to correct our processing if necessary.
You may request to:
- Receive confirmation as to whether or not personal information concerning you is being processed and access your stored personal information, together with supplementary information.
- Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format.
- Request rectification of your personal information that is in our control.
- Request erasure of your personal information.
- Object to the processing of personal information by us.
- Request to restrict processing of your personal information by us.
- Lodge a complaint with a supervisory authority.
However, please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
If you wish to exercise any of the above rights or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:
About the security of your data
You should always be able to feel safe when you provide us with your personal data. Therefore, the Company has implemented the security measures that are necessary to protect your personal data against unauthorized access, alteration and destruction. The Company will not disclose your personal data, other than as expressly provided by this Privacy Policy.
The Company encrypts your data in transit and at rest on its servers, and all private communication with your counselor is end-to-end encrypted. The Company stores all private health information on servers with full HIPAA compliance.
Cookies
This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your consent.
Your consent applies to the following domains: www.mindsightful.co.uk
Your consent ID: ebmXRClE/7eyX5zojfFt+Ud3QKuz5nYS7WjD+VP7oYq1uPfnlqwVBg==Consent date: Sunday, October 6, 2024 at 07:37:55 PM GMT+1
Cookie declaration last updated on 6/1/23 by Cookiebot:
Necessary (1)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
| Name | Provider | Purpose | Maximum Storage Duration | Type |
|---|---|---|---|---|
| CookieConsent | Cookiebot | Stores the user’s cookie consent state for the current domain | 1 year | HTTP Cookie |
If you do not share your personal data with the company
If you do not share your personal data with the Company, the Company will not be able to fulfil it’s legal or contractual obligations towards you.
California Consumer Privacy Act (CCPA)
The Company recognises California’s specific privacy rights of the Company’s Users in that State. California Users should be aware that the Company does not sell User data to third parties. Further, the Company is a medical records retention company. As such, almost all personal data is kept in encrypted storage as a medical record, including all User created transcripts. Under State Law, the Company shall retain such records for at least seven years. The CCPA is not generally applicable to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
According to Section 1798.83 of the California Civil Code (also known as the “Shine the Light Law”), residents of California are entitled to request, once a year, if the Company have shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. To request a copy of the information disclosure provided by the Company, please contact us on mindsigntful.co.uk at the “contact”-link on the website. Please allow reasonable time for a response.
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted on our site. The Company does not have User below the age of 13 and does not typically allow Users to publicly post information. However, if you feel you publicly posted information on the Platform and you are between the ages of 13 and 17, please contact us on Online-Therapy.com at the “contact us”-link on the website. Please allow reasonable time for a response. Please be aware that such a request does not ensure complete or comprehensive removal of the data/content you have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested.
California Right to Know. You may request access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal data we have collected about you, the sources of such collection, the categories of personal data we share for a business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on Online-Therapy.com at the “contact us”-link on the website. Please allow reasonable time for a response.
California Designated Agent. You may designate an agent to make a request on your behalf. That agent must have access to your account in order for us to verify the request.
California Non-Discrimination. The Company will never discriminate against you, including by denying or providing a different level of service should you choose to exercise your rights under the CCPA.
CalOPPA
Our Service does not respond to Do Not Track (DNT) signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.
Changes
The Company reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, the Company will publish the amended Privacy Policy on www.mindsightful.co.uk with information on when the changes will come into effect and may also notify customers and partners in an appropriate manner.
Links
The Platform may contain links to other websites that are not operated by the Company. If you click on a third party link, you will be directed to that third party’s site. The Company strongly advise you to review the privacy policy of every site you visit. The Company has no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
How to contact us
If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at [email protected]
Mindsightful
Dr Del Naidoo
Last Modified 9 October 2021