Publication Date: 20th April 2019
Unmasked Mental Health have developed this App as support for people who are or have been suffering from mental health problems. Through the App, you can connect with other users, anonymously if you wish, to open up about the problems you are facing in a caring, private and supportive community.
Who are we? Unmasked Mental Health is a not- for – profit company registered in England. Our registered company address is: 27, Horton Street, Halifax, West Yorkshire, HX1 1QE. If you have any questions about your privacy, data or this policy, please contact us at: firstname.lastname@example.org
What Data Do We Collect? When you register with the App, you will be asked to complete a short questionnaire with your first name or username*; email address*; password*; date of birth*; location*; brief details of your illness and a short profile description. The only compulsory information you have to give to create an account is asterisked. If you complete the other information as well, this is used to generate search results so users can find each other (e.g. You can search for other users, aged between 35- 45 in Leeds who are suffering from depression). Other users will be able to read your profile description if your results have come up based on their search criteria. We ask for this information so we can provide you with the App services.
The App will ask you if it can access your phone’s photos and files. This is so that you can upload a profile picture if you’d like to. It also asks if it can access your location. This is so you can set a search radius and search by location. If you’d rather not give these permissions, please do not use the app.
The personal information we collect includes:
• Account Data: Login and account information, including screen name, photo (if you upload one), password and unique user ID; and your use of the service.
• Contact Data: Contact details including your name and email.
• Health Data: Data about your health, in particular your mental health, including the content from messaging chats with other users.
• Preferences Data: Personal preferences including your marketing and cookie preferences.
• Technical Data: When interacting with our App, data is automatically collected and shared with the Unmasked Mental Health’s technology platforms. More information about these practices is included below. This data includes: mobile device IDs, network access, storage information and battery information, cookies, IP addresses, referrer headers, data identifying your phone and version, and web beacons and tags.
• Messaging Data: when you message other users or receive messages from them, the App stores copies of the messages whilst your account is live, unless you choose to delete the messages. If you delete them, we retain copies in our servers to comply with our legal and other obligations, but they will no longer be available for you or others to view within the App.
Why Do We Collect your Personal Details?
To provide the App and offer the App services to you
We use your personal information to provide the service you want and expect from the App. The legal ground for this is the performance of the arrangement we have with you to provide the services you’ve asked for.
The app is set to send you notifications (called “push notifications”) to let you know if you have received a message or if chats have been submitted. You can turn push notifications off from the app settings.
To keep you (and others) safe
We do not systematically review or check messages on the App. However, if other users are worried about you, they may report that to us using the “Report” button.
If, we think that you are at serious risk or danger, we may contact you by email and suggest options for professional support. .
The legal ground for this is compliance with law and regulation.
To maintain and improve our services and run our business
We may use the data you provide to improve our service. For example, we evaluate Technical Data to make sure our. We may use the data you provide to improve our service. For example, we evaluate Technical Data to make sure our service is working well or whether we need to make improvements to the App design.
We may also use Technical Data to understand more about how you use the App and your preferences.
We may also need to share data with our professional advisors. For example, to get legal advice, enforce our App Terms or to obtain insurance for our business. We also need to comply with any legal proceedings and applicable law.
This type of data sharing is allowed by law because it is in our legitimate business interests.
We’ll use your contact data to keep you updated with new features on the app and if you’ve expressly agreed, we’ll use your contact data to keep you updated about our new events and services. (You can change your mind at any time – contact us at email@example.com).
Using your Health Data
Your Health Data is sensitive personal data. We treat it as such. We keep it secure and only use it to provide the App service to you.
Please be aware that if you include your Health Data in your sign- up questionnaire or in your profile, other App users and us and our service providers (see below) will be able to see your health data via their searches for other App users. .
Or, if you don’t want to lose your account entirely, you can update or delete your Health Data by amending your profile and deleting your messages.
The legal grounds we have to use your Health Data is to provide the services you expect from the App and your consent.
Who Do We Share Your Data With? Unmasked Mental Health shares your personal data as follows:
• When you post messages on the App, only the message recipient can see your message.
• To our third party service providers who process data on our behalf to provide services to you. One of these third parties is our development agency who’ve built the app for us. We’ve contractually agreed with them how they must keep your data secure. , We also use Amazon Web Services (AWS) to host our App within the EU. We trust AWS to keep data safe and encrypted.
This is to protect it from cyber attack or hacking. AWS are GDPR compliant. This means that they meet all the required standards of the EU data privacy rules. AWS do not read or access any of your data.
• Other third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) prevent illegal uses of our App or breaches of our Apps’ Terms and our policies; (iii) defend ourselves against third party claims; and (iv) assist in fraud prevention or investigation.
• In the event we ever sell or transfer a portion of our business or its assets, we may transfer your data to the acquiring party.
Who Do You Share Your Data With? Whilst you are using the App, you will be sharing your personal data, including Health Data contained in your messages with the recipient of the message.
How Do We Protect Your Data?
Encryption & Security: We use a variety of security measures, including base64 encryption to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by other registered App users and a limited number of people who have special access rights to such systems for the purposes of providing, maintaining and supporting the services which we provide to you.
How Long Do We Keep Your Data For?
We retain your personal data for as long as necessary to fulfil the purposes for which we collect it, and as required by law and regulation. You should be aware that we delete your account and all data associated with it from the server after 6 months of inactivity. You also have the right to request that we delete your personal data at any time.
This may result in us no longer being able to provide the services to you. You can delete messages you have sent at any time from within the App. You can amend your Profile data at any time within the App. Please see “Your Rights” below.
Your Rights. This is a summary of your rights under data protection law. Some of these rights are very complex so we have just summarised them. You may obtain guidance from the ICO for a more detailed explanation.
• Access: To know whether or not we process your personal data and have access to that data. Providing the rights of others are not affected, we will supply you a copy of your personal data free of charge. We may ask for proof of your identity up front. Additional copies may be subject to a reasonable fee.
• Rectification: You have the right to have any inaccurate data personal data about you rectified and have any incomplete personal data about you completed. When you communicate with us, we will check the data we have stored and rectify any errors when proof is provided.
• Erasure: You have the right to erasure of your personal data when: Personal data are no longer necessary in relation to the purpose for which it was originally collected; you withdraw consent to consent-based processing; you object to the processing under applicable law; or the personal data has been unlawfully processed. We will erase the data as requested on validation of the claims, however data cannot be erased if processing is necessary for exercising the freedom of expression; for compliance with a legal obligation or to establish, exercise or defend against legal claims.
• Restrict Processing: You have the right to restrict processing of your personal data in the same circumstances as described under ‘right to erasure’ where you oppose erasure or have objected to processing and the decision is pending. Where processing is restricted, we will continue to store your personal data, but will only process it for legal claims, for the protection of another person’s rights or for reasons of public interest.
• Object to Processing: You have the right to object to processing of your personal data for direct marketing purposes. You can also object if the processing of your personal data is for reason of public interest, or for the legitimate interests pursued by us or a third party, or if we exercise any official authority vested in us. If you make an objection we will cease to process your data. If you object, we will cease to process your personal data unless we can demonstrate compelling reasons for that processing, which would include establishing, exercising or defending legal claims.
• You have the legal right to lodge a complaint to a supervisory authority responsible for your data protection. We will be bound by the decision of the supervisory authority.
• Withdraw Consent: You can withdraw consent at any time from processing of your Health Data. However, this will mean you can no longer use all the features of the App.
Email us at privacy@UnmaskedMentalHealth.com to exercise any of your rights in relation to personal data.
Please note that we will attempt to reply within 14 days but during busy periods, it may take up to 30 days.
We may ask for proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill) in order to verify your identity before carrying out your requests.
Complaints If you have a concern about how Unmasked Mental Health is using your data, please contact us at privacy@UnmaskedMentalHealth.com and we will strive to put your mind at rest. If you’re unhappy with our response or if you need any advice you can contact the Information Commissioner’s Office (ICO). Telephone: 0303 123 1113 or via the website www.ico.org.uk
Changes to this Policy If we decide to change our Privacy and Cookies Policy to reflect changes in the App or the law, we will post the changes on our App and, where appropriate, notify you via the App. We strongly encourage you to read our Policy and regularly check for any changes. The date this Policy was last changed is in the heading at the top of the page
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at Privacy@unmaskedmentalhealth.co.uk or by mail using the details provided below:
25 – 27 Horton street, Halifax, UKM, HX1 1QE, United Kingdom