Unmind may change its Privacy Policy from time to time, although most changes we make to this Policy are likely to be minor, we encourage you to frequently check this page for any changes that we make. If we make major changes to this Policy, then we will notify you by sending you a notification via email. Your further use of the Unmind platform will be subject to the updated policy.
Unmind respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data in making available our platform, app, and website (“Site”) and tell you about your privacy rights and how the law protects you.
With that in mind, this Privacy Policy is designed to describe:
This Privacy Policy aims to give you information on how Unmind collects and processes your Personal Data through your use of this Site and / or our Unmind platform, including any data you may provide us.
The Privacy Policy is intended to meet our duties of transparency under the UK General Data Protection Regulation or “GDPR”.
We will post any modifications or changes to this Privacy Policy on this page.
Who we are?
When you sign up as a user of the Unmind platform, Unmind Ltd. is the Data Controller (for the purposes of the GDPR) of your Personal Data (referred to as either “Unmind”, “we”, “us” or “our” in this Privacy Policy). Unmind Ltd. is a company registered in England & Wales and our company registration number is 10310694.
How can you contact us?
Our registered head office and address is: 180 Borough High Street, London, England, SE1 1LB.
You can contact us by emailing: privacy@unmind.com.
Our Data Protection Officer
The UK GDPR requires us to appoint a “Data Protection Officer” (DPO), this is a person who is responsible for overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can email: DPO@unmind.com.
Your rights in connection with your Personal Data
The UK GDPR requires us to be transparent with you about how we collect, use, and store your Personal Data. The regulations also provide you with the right to exercise the following rights in certain circumstances:
If you want to exercise any of the rights described above, please contact us at privacy@unmind.com.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. If we ask for ID or request clarification, the one month completion due date will pause until we receive the information we have requested from you.
We will reply to your complaint as soon as we can, but if you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office. You can do that here.
When you sign up to using our platform, we will email you newsletters, course reminders and some promotional materials. You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any of the emails we send to you or by emailing us directly at privacy@unmind.com to adjust your marketing preferences.
When you download our app, you will be asked if you would like to receive push notifications. If you consent to this, but change your mind later on, you may turn them off at the device level.
Where you opt out of receiving these marketing messages, this will not apply to service correspondence that allows us to help you administer your account, notifications about your account or any updates we might send you about our Site changes.
All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.
Before you read that table, it might be useful to explain what “Personal Data” is. The UK GDPR’s (within the Data Protection Act 2018) definition of Personal Data can be found here. But if you don’t have time to read it, we can quickly define it for you here as: Information about an individual from which that individual is either directly identified or can be identified.
Personal Data does not encompass ‘anonymous data’ (i.e., information where the identity of an individual has been permanently removed).
However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
Identity Data
At this time, we only collect the following items of PII data from our users: First and last name, email address, date of birth*, location, department/team, employee number (or similar identifier provided by an employer if required). **
*Users who sign up to Unmind via one of our 3rd Party Health & Wellbeing partners may be required to provide us with their date of birth on sign up. This will be deleted as soon as registration eligibility is confirmed.
**This information is collected depending on organisational requirements.
Contact Data
Email address only.
Marketing and Communications Data
Your preferences in receiving marketing from us and your communication preferences.
Behavioural Data
Inferred or assumed information relating to your behaviour and interests, based on your online activity. We may use this information to assess the popularity of our series and tools, and also to tailor the experience our users receive by ensuring that content they enjoy is easily accessible to them.
Technical Data
Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.
Technical data also includes intelligence experience information such as recording what links you click on and how often you visit certain pages.
User-Generated Data
Personal Data you may include in your user-generated content (i.e. information and content that you submit to the Site), for instance when you fill in the comments box of the “Check-In” form or when you send a Praise to someone and personalise the message.
Aggregated Data
Unmind is offered through partnerships with organisations (our clients) who wish to make the Unmind platform available to their employees. Our clients are interested in how their employees interact with the Unmind platform and whether interactions are resulting in positive improvements to their workplace mental wellbeing culture. To assist them with this, clients are given access to aggregated and anonymised general usage and trend data. Aggregated data is information that we collect from multiple sources and individuals in an anonymous format which allows us to prepare data summaries or summary reports for our clients.
Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the UK GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Behavioural Data to calculate the percentage of users accessing a specific Site feature, or to better understand whether and how use of our Site may improve your wellbeing.
We have an anonymity threshold of six people or more. This means that we will endeavour to ensure that we do not anonymise or aggregate any personal data where there are less than six people within the dataset to prevent the risk of it becoming identifiable again. We will never intentionally share aggregated data unless there were seven or more subjects in the dataset. If we do combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we will treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
Some non-exhaustive examples of why we may share Aggregated Data (i.e., anonymous data) is to demonstrate the average wellbeing of different sub-groups, identify patterns of poor sleep across varying geographic locations, and extrapolate whether use of the Site is more beneficial for some populations compared to others. In no scenario will the sharing of Aggregated Data contain personal information related to your Unmind account or any personally identifiable User Generated Data.
We also use such Aggregated Data to better understand our end-users, to develop the Unmind offering, to create and distribute white papers, to conduct and publish research, and to share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing.
Special Categories of Personal Data
Through our Site, and the services we offer, we may collect some “Special Categories of Personal Data” and information about you, if you provide such data in your User Generated Data*.
Special Categories of Personal Data are data that include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetics, and biometric data. Since you are able to upload details of your mood or mental state on the Site (e.g., through the “Check-In” option), the data you provide us may contain data relating to your health or other Special Categories of Personal Data.
You do not have to submit such data in order to use the Unmind Site and access the content. You will still be able to access the content provided on the Unmind Site and use the Site and Unmind services, even if you do not provide such Special Categories of Personal Data.
We may also anonymise your Special Categories of Personal Data in an Aggregated Data format to better understand our end-users, to develop the Unmind offering, to create and distribute white papers, to conduct and publish research, and to share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing. When sharing Aggregated Data, we do not share any of your Personal Data (including any Special Categories of Personal Data).
None of your Personal Data (including Special Categories of Personal Data) will ever be shared with your employer or any such organisation with whom you are similarly affiliated (e.g., academic institutions, governing bodies).
We do not collect any information about criminal convictions and offences.
*User Generated Data refers to areas of the Unmind platform where users are able to input free text into the platform for users to track their own mood or mental well-being. We will never specifically ask for special category data to be inputted.
We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for a purpose other than what we have specified below, then we will update this Privacy Policy and notify you via email with an explanation about the legal basis which allows us to do so.
What is our “legal basis” for processing your Personal Data?
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:
Where the information you provide to us is considered “Special Category”, then the UK GDPR requires us to have an additional “special condition” for processing that data. Most commonly, we will rely on one of the following special conditions:
Generally, we do not rely on your Consent (or Explicit Consent) as a legal basis for using your Personal Data (including your Special Categories of Personal Data) other than in the context of direct marketing communications.
If you are interested in finding out more about some of the other special conditions that we can rely on, you can do that here.
We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.
Account Creation
To register you as a new user.
Contractual Necessity
N/A
Site Operation
To provide you with the services offered on our Site (including technical support services), such as for example, “Insights” (helping you to track your wellbeing).
Contractual Necessity
Healthcare (where your user-generated data contains Special Categories of Personal Data)
Unmind Content Recommendation
We do this through a smart recommendation engine, to provide you with recommended content from our Site, based on your profile, use of the Site and Unmind Index.
Legitimate Interests.We have a legitimate interest in ensuring that your experience on our Site is as tailored to your specific needs as possible so that the content you view in priority on our Site is most likely to be helpful to you.
Healthcare (where your user-generated data contains Special Categories of Personal Data)
Surveys
To complete surveys and obtain data for research purposes and in an anonymised format (although you do not have to respond to such surveys).
Consent
Explicit Consent (where your user-generated data contains Special Categories of Personal Data)
Praise
To send you your colleagues’ praises.
Legitimate Interests.
It is within our legitimate interests to enhance and personalise our service offering to you. The Praise feature serves to provide you with further tools and engagement opportunities.
N/A
Aggregation for Research & Development Purposes
In an anonymised format, to develop the Unmind offering, to create and distribute white papers, to conduct and publish research, and to share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing.
Legitimate Interests.We have a legitimate interest in understanding our end-users to develop the Unmind offering, to publish white papers and to share the data with health professionals and researchers.
Healthcare (where your user-generated data contains Special Categories of Personal Data)
Aggregation for affiliated or associated organisations (e.g., employers, academic institutions, governing bodies)
In an anonymised, aggregated format to demonstrate the average wellbeing of different populations, to identify usage patterns across and between sub-groups locations, to extrapolate whether use of the Site is more beneficial for some audiences compared to others. These aggregated reports do not contain Personal Data related to your Unmind account or any personally identifiable User Generated Data.
Legitimate Interests.We have a legitimate interest in understanding our end-users to develop the Unmind offering, to publish white papers and to share this anonymous data with health professionals and researchers.
Research (where your user-generated data contains Special Categories of Personal Data)
Fraud Prevention
To keep our website, our services, your Personal Data and associated systems operational and secure.
Legitimate Interests.We have a legitimate interest in ensuring the ongoing security of your information, and proper operation of our services, website and associated IT services and networks.
N/A
Troubleshooting
To track issues that might be occurring on our systems.
Legitimate Interests.It is in our legitimate interests that we are able to monitor and ensure the proper operation of our Sites and associated systems and services to ensure the best user experience for you.
N/A
Marketing
To form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
Consent.
Explicit Consent (where our marketing purposes extend to Special Categories of Personal Data).
3rd Party Health & Wellbeing Partners Rewards Programmes
If you have signed up to Unmind via one of our 3rd Party Health & Wellbeing Partners, we may provide your details relating to your completed activities to that provider so that you can earn points towards any rewards systems you are participating in.
Contractual Necessity
N/A
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Site).
In this case, we may have to stop you from using our Site or revoke your Unmind account, but we will notify you if this is the case at the time.
3rd Party Health & Wellbeing partners
Members creating an Unmind account through one of our 3rd Party Health and Wellbeing Partners may be required to provide us with their date of birth alongside their full name and email address. We will use this information to validate it against our partners’ data in order to confirm your eligibility for an account. We may not be able to confirm your eligibility without this information.
We will not retain your date of birth details after eligibility has been confirmed, but your name and email will be retained in order to complete the account creation (see How do we use your personal data and why?).
In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we also collect certain of your Personal Data from third party sources. These sources are broken down in the table below, together with a description of whether they are publicly available or not.
Your Employer(s), academic institution(s), governing bodies
No
Analytics providers
No
The provisioner of your “guest” account (where your Site access has been granted by a friend, family member, or peer)
No
3rd Party Health & Wellbeing Partners
No
Your Employer(s), academic institution(s), governing bodies
These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request to load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies
These cookies allow our Site to remember choices you make when you use our Site, such as remembering your login details and remembering the changes you make to other parts of our Site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
Analytics and Performance Cookies
These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered via these cookies does not “directly” identify any individual visitor. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our Site. The information collected is aggregated and anonymous. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Site works. You can find out more information about Google Analytics cookies here.
You can find out more about how Google protects your data here.
Disabling Cookies
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our Site. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit our Site.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.
You can also prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Local Storage
We use local storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on the Site may also use HTML5 to collect and store information.
Mobile Analytics
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your mobile phone. This software may record information such as how often you use the Site, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link the information we store within the analytics software to any personal information you submit within the mobile application.
Log Files
As true of most websites, we gather certain information automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
If you receive the HTML-formatted version of our emails, your opening of the email is notified to us and saved. Your clicks on links in the emails are also saved. These and the open statistics are used in aggregate form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting.
The personal information we collect about you will mainly be used by our Unmind staff so that they can provide the best possible service to you.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
Unmind may need to share your information with some of our trusted partners and suppliers who work with us or on our behalf to deliver our services. When we use a third-party partner or supplier, the processing of this information is always carried out under our instruction and we make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes than which we have explicitly stated.
The table below describes who we share your Personal Data with, what we share and why we share it.
Service providers
Our service providers provide us with IT and system administration services.
Professional advisers
Trusted technical and professional consultants, external auditors and our legal advisors may require access to personal data on an ad hoc basis and only with a relevant purpose; such as maintaining the security of our service or within the provision of professional services.
HM Revenue and Customs and other regulators and authorities
Authorities may require reporting of processing activities in specific circumstances such as complying with applicable law or responding to a valid legal process from law enforcement or other government agencies.
The provisioner of your “guest” account (where your Site access has been granted by a friend, family member, or peer)
To maintain and validate your “guest” account access we may need to inform the provisioning account holder of any changes you make to your primary email alias or if your account is deleted for any reason.
3rd Party Health & Wellbeing Partners
To ensure that users who sign up via one of our 3rd Party Health & Wellbeing Partners receive points towards their Rewards system when they complete relevant activities.
Experience Intelligence
We may use third-party experience intelligence providers in order to better understand your needs and to enhance the Unmind experience. This enables us to better understand your experience by recording details such as how much time you spend on certain pages and tools, and which links you choose to click. These details assist us in understanding what content you and other users do and don’t like and hence, allows us to constantly improve our offering to you.
We always have appropriate data processing agreements in place with any experience intelligence providers to ensure that your data is protected in line with this Privacy Policy.
Data transfers
Some of the third parties with whom we may share your Personal Data are based outside the UK and European Economic Area (“Europe”) so their processing of your Personal Data will involve a transfer of data to countries based outside of Europe.
We endeavour to ensure that people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Europe.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.
We are ISO 27001 and Cyber Essentials certified.
We will only retain your Personal Data in an identifiable form for so long as we reasonably need to use it for the purposes set out in this policy unless a longer retention period is required by law (for example for regulatory purposes).
When we no longer need your Personal Data, we will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. The reason we do this is so that we can create and distribute white papers, conduct, and publish research, and share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing.
The table below shows our standard retention practices:
Behavioural Data
For so long as retention is necessary to fulfil the Purposes/Use for which it is used. After this time, it will be permanently and irrevocably anonymized.
Marketing and Communications Data
Technical Data
For so long as you have an Account with Unmind or our Site(s).
Your data is permanently deleted within 60 days of your request (or requirement) to delete your account.
Contact Data
Identity Data
For so long as retention is necessary to fulfil the Purposes/Use for which it is used.Your data is permanently deleted within 60 days of your request (or requirement) to delete your account.
User-Generated Data
For so long as retention is necessary to fulfil the Purposes/Use for which it is used. After this time, it will be permanently and irrevocably anonymized.
Our policy on children
This Site is not intended for children below 16 and we do not knowingly collect data relating to such children. You should not use the Site if you are below 16.
Third party links
This Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every site you visit.
