This Privacy Statement sets out how we collect and process personal data about:
- Visitors to our Site;
- Clients who use our services;
- Individuals who we communicate or interact with in the course of our business; and
- Individuals whose personal data is provided to us in connection with the provision of our services e.g. clients’ next of kin.
1. Information that we collect
“Personal data” under Data Protection Law (including the EU General Data Protection Regulation 2016/679 (GDPR), the EU Privacy and Electronic Communications Directive 2002/58/EC, and all national implementing legislation) means any information about an individual from which that person can be identified. You can use our Site without being required to provide any personal data to us. We only collect personal data about you on the Site which you volunteer when you email us, by using our online forms, in order to deliver a service to you, or to send you newsletters or other information. In addition to the information you provide to us, we collect certain information when you visit our Site.
We collect and process the following types of personal data about you:
Identity Data including name, username or similar identifier, civil status, title, date of birth and gender.
Contact Data including billing address, delivery address, email address and telephone numbers.
Financial Data including bank account and payment card details.
Transaction Data including details about payments to and from you and other details of services you have purchased from us.
Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.
Profile Data including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data including information about how you use our Site and services.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Sensitive Personal Data is data consisting of race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We collect general details concerning your mental health when you book an appointment with a healthcare professional through our Site. This data is used only for the purposes of providing mental health care to you.
If you do not provide the requested information, we will not be able to deliver our services to you or respond to you.
2. Purposes for which data is collected and processed and the legal basis for doing so
MyMind processes the types of data listed above for the following purposes:
|Purpose(s) for Processing||Legal Basis for Processing|
· For technical and operational reasons related to maintaining and operating our Site
|· To support our legitimate interests in managing our business and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned.|
|· Communicating with you, our clients or other persons in the course of our business.||· As above.|
|· To register and create an account on our Site and to provide you with customer services.||· As above.|
|· For the scheduling of appointments requested by our clients and to contact our clients in relation to appointment scheduling (please note we may use your telephone number to contact you in relation to scheduling appointments).||· The processing is necessary to perform our contract with you.|
|· To share with our volunteers (such as external psychotherapists, psychologists, psychiatrists and other healthcare professionals) for the purpose of arranging appointments with you.||· The processing is necessary to enter and perform our contract with you.|
|· Marketing to you about our services||· Consent, which you may withdraw at any time.|
From time to time, we may use customer information for new, unanticipated uses not previously disclosed in this Privacy Statement. If our information practices change at some time in the future, we will contact you before we use your data for these new purposes to notify you of the policy change and to provide you with the ability to opt-out of these new uses.
3. Recipients of data
We may disclose your personal data to third parties who provide a service to us, including our Internet Service Provider who records data on our behalf and is bound by confidentiality provisions, or in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or where necessary for our legitimate business interests to protect the rights, property, or safety of MyMind, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. We share your information with contractors and volunteers (such as external psychotherapists, psychologists and/or psychiatrists) for the purpose of arranging appointments on your behalf (on your express request only) and, in that instance in order to indicate (where necessary) the type of services and assistance that you require. To the extent that the mental health professionals take notes during individual sessions, the mental health professionals are the data controllers of this information and have separate obligations to you as a data subject. In respect of data collected or processed for technical and operational reasons related to the Site, this data is stored in Microsoft Azure, G Suite and Google Analytics service.
With regard to the MyMind appointment system: You can access all data stored by MyMind by using your username and password. This is without prejudice to your right as a data subject to submit an access request.
MyMind will not ordinarily transfer your Personal Data to countries outside the European Economic Area (EEA). In the event that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
4. Your rights
To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
- The right of access enables you to receive a copy of your personal data
- The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
- The right to erasure enables you to ask us to delete your personal data in certain circumstances
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances,
- The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
- The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest
You also have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. Contact the Irish Data Protection Commission here or by e-mail: email@example.com | Telephone +353 761 104 800 (Lo Call Number 1890 252 231) | Postal Address Data Protection Commissioner, Canal House, Station Road, Portarlington, Co Laois R32 AP2
5. Security and where we store your personal data
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our Site, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
We will store your personal data only for as long as necessary for the purposes of providing access to our Site and related services to you; as required by law, and for the exercise or defence of legal claims.
5. Changes to this Privacy Statement
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the Site prior to the change becoming effective. Please review this Privacy Statement periodically for updates.
6. Contact Information
The Data Protection Officer for MyMind is Krystian Fikert, who can be contacted by emailing firstname.lastname@example.org.
Our postal address is 137 Rathmines Road Lower, Rathmines, Dublin 6, Ireland.
We can be reached by e-mail at email@example.com or you can reach us by telephone at (+353) 76 680 1060.
Last Updated: 25th of May 2018