HelloSelf (UK) Limited – Privacy Notice for Members
Hampshire & Surrey Psychology is a HelloSelf Company. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we are regulated by the Information Commissioner under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and the UK Data Protection Act. We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
Key terms
It would be helpful to start by explaining some key terms used in this policy:
We, us, our |
HelloSelf (UK) Limited, number 11492566, with registered address at International House, 6 Canterbury Crescent, London, England, SW9 7QD. |
---|---|
HelloSelf DPO |
Our Data Protection Officer is Louise Marshall CIPP/E at Dragon Argent, she can be contacted at dpo@helloself.com |
Personal data |
Any information relating to an identified or identifiable natural person |
Special category personal data |
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership Genetic and biometric data Data concerning health, sex life or sexual orientation |
Personal data we collect
The table below sets out the personal data we will or may collect in the course of your interaction with us and your use of our private psychological and other services:
Personal data we collect depending on your engagement with us and use of our services |
---|
When you first browse our website:
Browser metadata such as Google click ID, Ahoy click and visit ID When you register: Full name, address, email address, telephone number If you initiate a chat: Chat messages If you answer questions: Mood tracking data If you proceed to an Assessment with one of our Experts Details of your GP If you have a Session with one of our Experts: Facial and voice recordings When paying for our Services: Bank account and sort code details which we pass directly to our payment processor |
This personal data is required to enable us to provide our services. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting.
How personal data is collected
We collect all of this information directly from you, when you first browse our website, when you register and then any time your personal data is updated. If you engage in sessions with our Experts, they may upload information after the session.
How and why we use personal data
Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
- where we have been given consent by the data subject;
- for the performance of our contract with a Member or to take steps at a Member’s request before entering into a contract;
- to comply with our legal and regulatory obligations; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms.
The table below explains what we use (process) personal data for (our purpose) and our legal basis for doing so:
Our purpose |
Our legal basis |
---|---|
To enable us to provide our online private psychological therapy and other services to you |
For the performance of our contract with Members or to take steps at a Member’s request before entering into a contract |
Operational reasons, such as understanding how users/Members engage with our website |
For our legitimate interests or those of a third party, e.g. to identify and remedy problems with site usage |
Ensuring the confidentiality of Members’ sensitive information |
For our legitimate interests or those of a third party, e.g. to prevent data breaches which could be damaging for Members |
Statistical analysis to help us manage our business |
For our legitimate interests or those of a third party, e.g. to improve understanding of and therefore optimise our conversion rate |
Updating and enhancing Members’ records |
For the performance of our contract with Members or to take steps at a Member’s request before entering into a contract |
Marketing our services |
For our legitimate interests or those of a third party, e.g. to promote our business to existing and future Members |
The above table does not apply to special category personal data, which we will only process with the explicit consent of the data subject. When you book assessments or initiate chat messages, by providing this special category personal data you are giving us your specific, informed, unambiguous and explicit consent to our processing of such data.
Promotional communications
We may use personal data to send Members updates about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in processing personal data for promotional purposes (see above ‘How and why we use personal data’). This means we do not usually need consent to send promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat personal data with the utmost respect and never sell it to other organisations for marketing purposes.
Members always have the right to opt out of receiving promotional communications at any time by contacting us by email or by clicking on the Unsubscribe link included in every communication.
Who we share personal data with
We only share personal data with our expert clinical psychologists, assistant psychologists and life coaches, all of whom are bound by professional codes of confidentiality. We also share certain personal data with Stripe, our payment processor.
We only allow our external third parties to handle personal data if we are satisfied they take appropriate measures to protect all personal data.
We may very occasionally disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Where personal data is held
Personal data is kept in an encrypted form on secure servers primarily inside the EEA. For more information, including on how we safeguard personal data when data is stored outside the EEA see below: ‘Transferring personal data out of the EEA’.
A small proportion may be stored as a password protected pdf document in email.
Keeping personal data secure
Security
The privacy and the security of your personal data is our utmost priority. We recognise that you trust us to keep it secure and private. We have in place appropriate security measures to prevent your personal data from being accidentally lost, or used or accessed unlawfully. We protect you personal data at all times with strong encryption in our secure data centres. We limit access to personal data to those who have a genuine business need to access it and are subject to strict obligations of confidence.
Protecting your data
All your personal data is encrypted using strong encryption both in transit and at rest. We have strict procedures and systems in place to prevent unauthorised access to data. Card Payments are processed via a third party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards.
Securing your data
We monitor and test our servers and work with third parties to ensure our security controls are industry standard. Our Experts are required to use two factor authentication and we use technology to block unauthorised or suspicious attempts to access data. We work with industry-leading hosting and service providers to ensure that infrastructure is protected.
Data Storage
Personal data and special category personal data is primarily stored on our secure servers inside the EEA. It is occasionally necessary for us to store some elements of personal data outside the EEA, such as Click ID, browser meta data and IP addresses. These transfers are subject to special rules under European and UK data protection law. For more information regarding these rules, please contact DPO@helloself.com.
To help us to keep your data protected, please:
- Make sure you have a strong password
- Change your password frequently
- Keep your password safe.
How long personal data will be kept
We follow the best practice guidelines of the British Psychological Society regarding the retention of personal data contained in (amongst other sources) patient notes and clinical records and we retain personal data for a period of 7 years following the cessation by data subjects of engagement with us.
When it is no longer necessary to retain personal data, we will delete or anonymise it.
Transferring personal data out of the EEA
It is sometimes necessary for us to store some elements of personal data outside the European Economic Area (EEA), such as personal data used in chats and some payment information, Click ID, browser meta data and IP addresses.
These transfers are subject to special rules under European and UK data protection law. For more information regarding these rules, please contact dpo@helloself.com
Rights
Data subjects have the following rights, which can be exercised free of charge:
Access |
The right to be provided with a copy of personal data held on a data subject |
Rectification |
The right to require us to correct any mistakes in a data subject’s personal data |
To be forgotten |
The right to require us to delete personal data—in certain situations |
Restriction of processing |
The right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested |
Data portability |
The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object |
The right to object: |
Not to be subject to automated individual decision-making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation
To exercise any of those rights, please contact us —see below: ‘How to contact us’.
How to complain
We hope that we can resolve any query or concern raised about our use of personal information.
The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Changes to this privacy policy
We may change this privacy policy from time to time, when we do we will inform clients via email.
How to contact us
We can be contacted by post, email or telephone.
For all data subject rights, please contact dpo@helloself.com
Our contact details are shown below:
Our contact details |
---|
Data Protection Officer HelloSelf International House 6 Canterbury Crescent London SW9 7QDOr by email at: dpo@helloself.com Telephone: 020 3936 8384 |
Cookies
We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.
Some cookies are allocated to your PC only for the duration of your visit to a website, and these are called session based cookies. These automatically expire when you close down your browser. Another type of cookie known as “persistent” cookies can remain on your PC for a period of time.
How we obtain your consent to cookies
When you visit our website for the first time we will show you a notice which tells you that we use cookies, why we use them, and how you can change which cookies you choose to accept. If you enter our website having seen this notice without making any changes to the existing cookie settings we will take this as your agreement to those settings as we have told you about them and we assume you are happy with them.
How to remove cookies
You can block cookies by activating the setting on your browser which allows you to refuse the use of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be to access all or parts of our site. If you’re stuck on how to change your cookie settings please contact us and we will be happy to assist you.
Last updated: 1 February 2021
Hampshire & Surrey Psychology Privacy Policy Archive