On the course you will be asked some personal questions about your health. For your security, we are committed and legally required to maintain the confidentiality and integrity of any information you give us.
We understand that the privacy and security of your personal data is an important issue and we are committed to protecting it. We aim to be completely transparent on how we collect, process and store your personal data.
Here we explain how personal data is collected when you participate in the Be Mindful course, how that data is used, your rights, and how you can control/delete that data.
'Personal data', is any data that can be used to directly contact or identify an individual, such as full name or email address, as well as any data that is combined directly with such data.
We will treat your personal information and data in accordance with the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other applicable data protection laws. When we collect or use your data, Wellmind Health is the "data controller", which means we decide how and why your data is processed.
1. How we obtain your personal data
You provide us information about yourself in various ways when you follow the online course. For example, you provide us with data such as your name and email address, or otherwise provide us with various personal information when you interact with the course. We also collect personal information when you communicate directly with us by email or phone.
2. What personal data we collect
- a. Contact data, including your email address, postal address, and phone number.
- b. Technical data such as your IP address or web browser type.
- c. Your responses to the self-assessment questionnaires on the course.
- d. The information you enter as part of your online course work.
3. How we use your personal data
Wellmind Health processes your personal data for the following purposes:
- to enhance the learning experience by presenting the data in the form of charts and graphs to you as you progress to the end of the online course;
- to provide course support requested by you and any related communications;
- to analyse trends and profiles in order to better understand our performance, improve the course and better meet the needs of course participants;
- to comply with legal obligations and regulatory compliance;
We reserve the right to anonymise (modify to render anonymous) any data collected from you. Once rendered anonymous this data may be used by us to support research activities, provided that your identity is kept anonymous at all times and cannot be derived from the anonymised data. Also, summaries of anonymous Personal Data (for example average scores of all course participants on questionnaires) will be used to improve the course, and may be used in publications or on the website to indicate the effectiveness of the course. This anonymous data will consist solely of summary information and will not include any personal information that can be used to identify participants of the course. Your participation with the course implies consent for the use of summary data in this way.
We use strictly essential secure 'session' cookies to enable the identification of users so that they can login and use the course securely. A session cookie expires when you close your browser. The cookies do not contain any personally identifiable data.
Additionally, we make use of non-essential Google Analytics cookies to analyse user behaviours and so improve the functionality of our website. Google Analytics is a web analytics service provided by Google that tracks and reports on traffic that passes through our website.
5. Sharing your personal data
We will not make any personal information about your participation with the course available to any other party, except where you have been given a place on the course by a sponsor. In the case where you have been given access by a sponsor, personal information may be shared with them, with the exception of your course work and entries in your online diary, which are totally confidential.
If you accept our non-essential Google Analytics cookies when you visit our website, then your data about visits and navigation of the website is shared with Google in the USA.
6. Our legal basis for processing your data
- a) Personal data
The law allows us to collect and use personal data if it is reasonably necessary to achieve our purpose (as long as to do so it is fair, balanced and does not unduly impact on your rights). Our purpose is the running of the online course and delivering to you the most effective chronic pain self-management learning experience.
- b) Sensitive Personal Data
We also collect sensitive personal data known as "special category personal data" as defined in Article 9 of GDPR, in the form of the health information that we collect when you complete the course self-assessment questionnaires. We rely on your consent to legally collect and process this sensitive personal data. We use this data to present charts to you of your self-assessed mental health information, so you can review your progress on the course. We only collect from you the minimum mental health information necessary for this purpose.
7. How long we keep your information
We only keep your personal information for as long as necessary to fulfil the purposes we hold it for, including satisfying any legal, accounting or regulatory requirements. If you have joined the course, your course place and the associated resources is open to you to access for a period of 8 years since your last login to the course. We keep the necessary personal information for this period so you can take a long break during the course and also to provide you with access to the post-course online resources. At any time, you can cancel your participation with the course, and have us delete the personal information that we hold.
8. Communicating with you
We may use your email contact details to provide you with information about the course, which we consider may be of interest to you. You can opt out of receiving these emails from us at any time by clicking the "unsubscribe" link at the bottom of our emails. This does not include the course integrated emails, which the receipt of is necessary for course participation.
We implement strict security measures to protect against the loss, misuse and alteration of your personal information. No other parties have access to or control over our IT platform on Amazon Web Services that runs the Be Mindful course.
Our website and the Be Mindful course is protected by HTTPS, meaning that any personal information that you transfer to us via our website is encrypted and stored as securely as possible.
We make sure that your personal information is only accessible by trained staff. Access to sensitive personal information is restricted to only those individuals that need this data in order to carry out their functions.
We regularly review all internal security and privacy policies to ensure that all personal information within, or passing through the company, is handled in accordance with GDPR regulations.
10. Your rights
We rely on your consent to use your personal information and you can withdraw that consent at any time. You also have the following rights:
- Right of access - You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you. We may ask you for additional information to confirm your identity before disclosing personal information to you.
Right of rectification - You have the right to request that we correct inaccurate personal information concerning you. You can ask us to check if you are unsure.
Right of erasure - You may request we delete your personal information.
Right to restrict processing – You may ask for our use of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
Right to object - You can ask us not to use your personal information to communicate with you, or where we are using it on the basis of our legitimate interests or for research or statistical purposes. You may opt-out from email communications by clicking the 'unsubscribe' link in our emails or contact us.
Right to data portability – Where we are processing your personal information by 'automated means', you may ask us to provide your personal information to you or another service provider in a machine-readable format.
Rights related to automated decision-making – You have certain rights in relation to decisions made solely on the basis of automated processing of your personal information that has legal or similar effects on you.
The provision of information to you is provided free of charge. We may ask you for additional information to confirm your identity before disclosing personal information to you.
11. Location of Hosting
The personal information that we collect is stored and processed at an Amazon Web Services cloud location within the UK and the US under the Privacy Shield. Details of your protection under the Privacy Shield can be found here.
12. Changes to this policy
13. Contact details and Complaints
- by email at email@example.com
- or by phone. Tel. +44 (0)1273 325136
You are entitled to make a complaint to the Information Commissioners Office (ICO) at any time. We are always grateful for the opportunity to resolve your concerns before you feel it is necessary to approach the ICO.
- 10/6/19 – Policy clarification updates
- 23/5/19 – Policy clarification updates
- 29/4/18 - GDPR update
Be Mindful, Wellmind Health Ltd. 27 Palmeira Mansions, Church Road, Brighton, BN3 2FA, United Kingdom.