This was last updated 25.09.2018
Who we are and how to contact us
Your rights relating to your Personal Data
Marketing communications preferences
What Personal Data we collect
How we use your Personal Data and why
What happens when you do not provide necessary Personal Data?
Personal Data from Third Party Sources
Who we share your Personal Data with
How we keep your Personal Data secure
How long we store your Personal Data
Our policy on children
Third party links
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the GDPR)
mymaxme Ltd is the data controller and this means that it decides how your personal data is processed and for what purposes, to act on your rights. You can speak to us at any time using our Consent Details below. To exercise all relevant rights, queries or complaints please contact our Data Protection Officer the first instance by email email@example.com or in writing to:
mymaxme Ltd GDPR
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
Your rights under the General Data Protection Regulations 2016.
You have the right to be informed about what data is being collected, how and why it is being used and any 3rd parties that rely on the information.
You may request details of personal information which we hold about you.
If you believe that any information we are holding on you is incorrect or incomplete, please email or write to us as soon as possible. We will promptly correct any information found to be incorrect.
Where the data we hold is not required for legal or medical record keeping you may request that it is erased.
If you believe the data we are processing is incorrect you may request that the data is no longer processed until corrected.
You may request that the data you have provided be transferred to another data controller in a machine readable format.
You have the right to object to the processing of your data.
Rights in relation to automated decision-making and profiling are not currently utilised by our client services.
Further information can be obtained from the Information Commissioners Office website https://ico.org.uk
You can contact the Information Commissioners Office help line on 0303 123 1113
If you sign up to receive email newsletters or promotional materials from us we will use the information you give us to provide the communications you have requested.
You can ask us to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you. If you no longer wish to receive push notifications, you may turn them off at the device level.
Where you opt out of receiving these marketing messages, this will not apply to service correspondence which help you administer your account and allows us to update you when our website changes or you receive notifications on your account.
All the Personal Data we collect, both from you and from third parties about you, is outlined below.
Before you continue, it might be useful to explain what "Personal Data" is. The GDPR definition of Personal Data can be found here. Essentially, it relates to: information about an individual, from which that individual is either directly identified or can be identified.
It does not include ‘anonymous data’ (i.e., information where the identity of individual has been permanently removed).
However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
We also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute considered Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Behavioural Data to calculate the percentage of users accessing a specific website feature, or to understand whether and how use of our website may enhance your mood.
We only share Aggregated Data (i.e. anonymous data) with your employer(s) – for instance, they will be able to see whether their workforce is overall happy or when there are periods of stress, and whether use of the website is beneficial for their employees’ wellbeing. Your employer(s) will not have access to the data on your MyMindPal account or any User Generated Data.
We also use such Aggregated Data to understand our end-users, to develop the MyMindPal offering and to share the data with health professionals and researchers.
Through our website, and the services we offer, we may collect some "Special Categories of Personal Data" about you, if you provide such data in your User Generated Data.
Special Categories of Personal Data are data that include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Since you are able to upload details of your mood or mental state on the website (e.g. through the Happiness and Stress measures options), the data you provide us may contain data relating to your health or other Special Categories of Personal Data.
With your consent, we may also anonymise your Special Categories of Personal Data in an Aggregated Data format, in order to develop the MyMindPal offering and to share the data with health professionals and researchers.
With your consent, we share Aggregated Data that may include Special Categories of Personal Data with your employer(s), as further described in the "Aggregated Data" section above.
We do not share any of your Personal Data (including any Special Categories of Personal Data) with your employer.
We do not collect any information about criminal convictions and offences.
We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a "legal basis" for that use. Most commonly, we will rely on one of the following legal bases:
Where we need to perform a contract we are about to enter into or have entered into with you ("Contractual Necessity").
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests ("Legitimate Interests").
Where we need to comply with a legal or regulatory obligation ("Compliance with Law").
Where we have your specific consent to carry out the processing for the Purpose in question ("Consent").
Different grounds than those set out above are required by the GDPR to allow us to process your Special Categories of Personal Data. Most commonly, we will rely on one of the following grounds:
Where the processing is necessary to enable you to exercise your right to work in a safe workplace and to enable your employer’s reciprocal duty to provide a safe workplace to their employees ("Employment Ground").
Where the processing is necessary for the purposes of preventive or occupational medicine, the assessment of the working capacity of employees, medical diagnosis, the provision of health or social care or treatment, or pursuant to a contract with a health professional ("Healthcare Ground"). We will only rely upon the Healthcare Ground where the processing is done by, or under the responsibility of, a clinical psychologist (or other mental health professional subject to obligations of professional secrecy) and in accordance with English laws and/or rules established by a national competent body.
Where the processing is necessary for scientific research or statistical purposes, as further explained in the "Aggregated Data" section above ("Research Ground"). We will always ensure your Personal Data is anonymised when using it for research purposes.
Where we have your explicit and specific consent to carry out the processing for the Purpose in question ("Explicit Consent").
Generally, we do not rely on your Consent (or Explicit Consent) as a legal basis for using your Personal Data (including your Special Categories of Personal Data) other than in the context of direct marketing communications.
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionality of the website).
In this case, we may have to stop you from using our website with us but we will notify you if this is the case at the time.
We only share personal information with other companies or individuals in the following limited circumstances:
We have your consent.
We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
(a) satisfy any applicable law, regulation, legal process or enforceable governmental request,
(b) enforce applicable Terms of Service, including investigation of potential violations thereof,
(d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law.
We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users by demographic. Such information does not identify you individually.
As permitted and described in the respective Terms Of Service of each of our services and in the My Mind Pal Legal Agreements.
In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we also collect certain aspects of your Personal Data from third party sources.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.
We keep data in accordance with Guide to Data Protection – Principle 5 Retaining Personal Data, we retain all records while you have on-going services with us, if you do not have any services with us your data may be held for a period of up to 2 years. Unless a longer retention period is required by law (for example for regulatory purposes).
We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.
We use two broad categories of cookies:
first party cookies, served directly by us to your computer or mobile device; and
third party cookies, which are served by our partners or service providers on our Site.
Our Site uses the following types of cookies for the purposes set out below:
We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about which pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
You can find out more about Google’s position on privacy as regards its analytics service here.
We use Google Analytics to analyse the use of our website.
Our analytics service provider generates statistical and other information about website use by means of cookies.
The analytics cookies used by our website have the following names: [_ga, _gid, _gat, AMP_TOKEN, _gav_, __utma, __utmt, __utmb, __utmc, __utmz, __utmv].
The information generated relating to our website is used to create reports about the use of our website.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our website. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit our website.
You can also prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available via this link.
We use local storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on the website may also use HTML5 to collect and store information.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your mobile phone. This software may record information such as how often you use the Site, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link the information we store within the analytics software to any personal information you submit within the mobile application.
As true of most websites, we gather certain information automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
If you receive the HTML-formatted version of our emails, your opening of the email is notified to us and saved. Your clicks on links in the emails are also saved. These and the open statistics are used in aggregate form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting.
This website may include links to third-party websites, plug-ins and applications.
Working hard to keep our services always online and up to date is more than just our job. It’s who we are and part of our core values. We strive to ensure the highest level of continuity throughout all our the services we provide.
To allow us to support you fully, we reserve the right to share access to our providers, they are: Shout Web Solutions Ltd, Rackspace US INC, UKFast.Net Ltd, Comodo Group INC.
We grant the following types of access to allow our providers access to support My Mind Pal and yourself, this includes:
– Access to our Servers (Hardware Support Only)
– Access to our Admin Panel (Software Queries Only)
– Access to our Email System (Email Queries Only)
This website does include social media sharing buttons to 3rd party sites such as Facebook, Twitter, Google+ and LinkedIn, which may set 3rd party cookies. Please refer to these sites’ individual privacy policies for further information.
This website is not intended for children below 16 and we do not knowingly collect data relating to such children.