Contents
- Introductory Text
- Who are we?
- Types of Information we Collect
- How we use your personal data and why?
- How we collect your personal data
- Who do we share your personal data with?
- What are your rights?
- Data security, integrity, and retention of your personal data
- Data transfers, storage and processing
- Our policy on children
- Cookies and tracking technologies
Last updated: 02 October 2024
Unmind Privacy Policy
Introductory Text
This Privacy Policy describes how Unmind collects, uses, and shares your personal data when you use our website at https://unmind.com/ (“Site”), you use our Unmind app and platform, you contact us, you sign up to our newsletter, or you otherwise engage us. We know that these aren’t always the easiest documents to read, so we have tried to make this Policy as short and easy to understand as possible. We make updates to this Privacy Policy and will let you know by email when we do, so we encourage you to come back and have another look when you receive an update notification from us.
If you are one of our users or clients who access our platform from outside the United Kingdom (UK), you may have certain additional privacy rights so make sure you check the side menu to see if there is another privacy page for the country you are living in.
If there’s something that doesn’t make sense, or you would like to know more about, please send an email to privacy@unmind.com and we’ll get back to you as soon as we can.
Who are we?
We are Unmind Ltd, an organisation that empowers employees with evidence-based digital tools to proactively manage and improve their mental wellbeing. We are a company registered in England and Wales under company number 10310694 and our registered office at 140 Borough High Street, London, United Kingdom, SE1 1LB. We are the controller responsible for your personal data.
Unmind Headquarters (UK)
140 Borough High St
London SE1 1LB
Unmind New York
875 Washington Street
New York, NY 10014
Unmind Sydney
388 George Street,
Sydney, NSW 2000
We comply with our obligations under the Data Protection Act 2018, the EU law retained version of the General Data Protection Regulation (EU) (2016/679) (“data protection laws”).
We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (https://ico.org.uk/), and our registration reference number is ZA210634. You have the right to make a complaint at any time to the ICO, however, we appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by emailing privacy@unmind.com.
Types of Information we Collect
In this Privacy Policy, we’re going to tell you about how we use your personal data, so this means any information that identifies you personally like your name, your email address, or any other personal data you submit to our platform. Personal data is anything that can be used to identify you.
At Unmind we will only collect the personal data that we need, wherever possible, we use ‘anonymous data’. Anonymous data means that we can no longer identify you, so it doesn’t come into scope of this Privacy Policy.
The table below helps you understand what personal data we do collect about you. This list isn’t exhaustive and may change from time to time, we will be sure to update this table and notify you if this happens.
Category of Personal Data
What it means
Identity Data
First and last name, email address, date of birth*, location, department/team, employee number (or similar identifier provided by an employer if required). *Users who sign up to Unmind via one of our 3rd Party Health & Wellbeing partners may be required to provide us with their date of birth on sign up. This will be deleted as soon as registration eligibility is confirmed.
Profile Data
Your username and password, your interests, preferences, feedback, and survey responses.
Marketing and Communications Data
Your preferences in receiving marketing and other communications from us.
Behavioural Data
This is inferred or assumed information relating to your behaviour and interests, based on your activity on the Unmind application. This information helps us understand the popularity of our features and to tailor your experience.
Technical Data
Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, device ID, usage data, operating system and platform and other technology on the devices you use to access the Site or use our services. You can contact us via the contact details at the end of this policy if you would like the full list of technical data collected. Technical data also includes intelligence experience information such as recording what links you click on and how often you visit certain pages. Organisations who have opted to use the Microsoft Teams integration as a secondary communication and application access channel then further ‘conversation reference’ data will be stored. This applies to active directory ID, Microsoft ID, Tenant ID, Service URL, Conversation ref ID and encrypted email address used to sign into MS Teams. Those organisations using the Unmind Slack integration additional data will be stored by Unmind. Namely; Enterprise ID, Enterprise Name, Team name (Workspace), Team ID (Workspace ID) and Slack user ID.
User-Generated Data
Information and content that you submit to our platform such as when you fill in free text fields.
Aggregated Data
Aggregated data is information that we collect from multiple sources and individuals in an anonymous format which allows us to prepare data summaries or summary reports for our clients (your employer). Aggregated Data does not constitute personal data as it does not directly or indirectly reveal your identity. We have an anonymity threshold of six people or more. This means that we will endeavour to ensure that we do not anonymise or aggregate any personal data where there are less than six people within the dataset to prevent the risk of it becoming identifiable again.
Special Category Data
Special categories of personal data are data that include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetics, and biometric data.
Since you are able to enter details of your mood or mental state when: Interacting with the Unmind mood tracker;
Whilst using the AI Coach feature,
When requesting Unmind Talk sessions* or
When completing a ‘session prep’ questionnaire prior to a Talk session.*
The personal data you provide us may contain data relating to your health or other special categories of personal data. Either in the form of a free text box or a scale based answer withina questionnaire.
Using these features is optional. Unmind will never require you to provide us with special category personal data in order to use our service. If you choose to use the features where special category data is entered, the lawful basis we will relyon is to fulfil a contract and with your consent (as explained later in this Privacy Policy).
*Dependent on organisational service agreement.
How we use your personal data and why?
We collect, use, and share your personal data on the following legal grounds (lawful bases):
- With your consent. We may ask for you to consent to certain activities when you sign up with us; we will only use your personal data for the explicit purposes for which you have consented to. You can withdraw your consent at any time by emailing us at privacy@unmind.com.
- As necessary to fulfil our contract with you.
- As necessary to comply with our legal obligations.
- As necessary for our (or others’) legitimate interests, including our interests in providing a helpful, personalised and safe service to you.
If you are using the Unmind platform from outside of the UK or the European Economic Area (EEA), then please make sure you check to see if there is additional information about our legal grounds for processing your information in the side menu of this page.
Our purposes for using your information are primarily to:
- Registration: Send you a registration email and register you as a new user. We collect your Identity, Contact, and User-Generated Data. The lawful bases we rely on are to fulfil our contract with you and legitimate interests.
- Use the mood and wellbeing trackers: To enable you to use the mood and wellbeing trackers on our platform, you will be invited (but not required) to share a variety of personal data, including Identity and Contact Data. Most importantly, to gain full benefit of the mood and wellbeing trackers, you will need to share specific information about your quality of wellbeing, including your physical and mental health. This is considered Special Category Data, and we treat this with the utmost sensitivity. The lawful basis we rely on when we collect that Special Category Data is to fulfil a contract, as without it we wouldn’t be able to give you access to the full mood and wellbeing tracker experience and with your consent.
- Using the Unmind AI Coach feature: To enable you to use the Unmind AI Coach, a ‘digital assistant’ for personal wellbeing, guiding Unmind users to personal growth and improved mental health, you will again be invited (but not required) to share a variety of personal data, which may be inputted by the user in the form of conversation text input. To gain the full benefit of the AI Coaching tool, you will share specific information about your quality of wellbeing, including your physical and mental health. This is considered Special Category Data. The lawful basis we rely on when we collect that Special Category Data is with your consent.
- Service and Support: Provide you with the services offered on our Site (including technical support services), such as for example, “Insights” (helping you to track your wellbeing). We collect Identity, Contact, Profile, User-Generated and Marketing and Communications Data. The lawful bases we rely on are to fulfil our contract with you and legitimate interests.
- Surveys: Complete surveys and obtain data for research purposes and in an anonymised format (although you do not have to respond to such surveys). We collect your Identity, Contact, User-Generated and Profile Data. The lawful basis we rely on is legitimate interests.
- Research and Development: In an anonymised format, to develop the Unmind offering, to create and distribute white papers, to conduct and publish research, and to share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing. If you choose to share it with us, we may collect Special Category Data. The lawful basis we rely on is with your consent and legitimate interests.
- Fraud Prevention: To keep our Site, our services, your personal data and associated systems operational and secure. We collect Identity, Contact and Technical Data. The lawful bases we rely on are to comply with our legal obligations and legitimate interests.
- Communication and Marketing: When you sign up to our platform, users are able to ‘opt in’ to receiving marketing emails by ticking the “I would like to receive marketing emails from Unmind” check box. By default Unmind will send you non-marketing based communications such as: wellbeing reminders, upcoming events and product updates as these relate directly to optimising the service for the end user. (Please see table below for examples of our service optimisation emails) These notifications and communications can be managed within the user account preference centre under ‘Notifications’. In addition all email correspondence from Unmind will include links to directly manage your notification preferences from the point of contact. When you download our mobile app, you will be asked if you would like to receive push notifications. If you choose to do this, but change your mind later, you may turn them off at the device level. When you opt out of receiving marketing messages, this will not apply to service correspondence mentioned above that allows us to help you administer your account, notifications about your account or any updates we might send you about our site changes. We will collect Identity, Contact, Profile, Technical, Behavioural, Marketing and Communications Data. The lawful basis we rely on is legitimate interests.
Service optimization emails and notifications.
Community updates
Enter wellbeing challenges, improve your wellbeing knowledge and get alerted on wellbeing days
Upcoming events
Get invites to our expert-led Member Spaces.
Product updates
Get notified about exciting new features and release
How we collect your personal data
When you sign up
When you sign up use our platform, we will collect your Identity, Contact, Profile, and User-Generated (and Special Category Data if you choose to share it with us) so that we can send you a registration email and so that we can validate your eligibility, create an account for you and enable you to use our platform. The lawful bases we rely on are to fulfil a contract, with your consent and legitimate interests.
When you use Unmind
We will continue to collect personal data, such as your activity on our platform, your communication preferences, and any support requests you may have whenever you interact with the Unmind platform. This is Identity, Contact, Profile, Technical, Behavioural and Special Category Data. The lawful bases we rely on are to fulfil a contract, with your consent and legitimate interests.
We also collect personal data through a variety of technologies, such as cookies (you can read more about this in our Cookies Policy) and via analytics tools such as third-party experience intelligence providers. This enables us to better understand your experience by recording details such as how much time you spend on certain pages and tools, and which links you choose to click. These details assist us in understanding what content you and other users do and don’t like and hence, allows us to constantly improve our offering to you. These cookies therefore may collect Technical Data and Behavioural Data.
We always have appropriate data processing agreements in place with any experience intelligence providers to ensure that your personal data is protected in line with this Privacy Policy.
Unmind engages Open AI, L.L.C (OpenAI) to support the Unmind AI coach feature. As Open AI data centres are currently located in the United States your free text ‘prompts’ will be processed in the US by Open AI and stored for a maximum of 30 days by Open AI. This data will never be used by OpenAI to ‘train’ their language models. This is stipulated in the terms and conditions of using the Open AI API service. Please see here for further information on Open AI’s approach to privacy.
Unmind stores the historic ‘conversation’ data for the life of the account as explained below in the Data security, integrity, and retention of your personal data section.
Information from Third-Party Sources
In addition to the personal data that we collect directly from you, we may also collect personal data from third parties. These might include our 3rd Party Health & Wellbeing Partners, the provisioner of your “guest” account (where your Unmind access has been granted by a friend, family member, or peer) or analytics providers.
Direct Interactions
You may give us your Identity and Contact Data by filling in forms or by corresponding or engaging with us by post, phone, email, social media or otherwise.
What happens if you don’t provide us with the right personal data?
Where we need to process your personal data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that personal data when requested, you may not be able to use our platform.
In this case, we may have to stop you from using our Site or revoke your Unmind account, but we will notify you if this is the case at the time.
3rd Party Health & Wellbeing Partners
Members creating an Unmind account through one of our 3rd Party Health and Wellbeing Partners may be required to provide us with their date of birth alongside their full name and email address. We will use this personal data to validate it against our partners’ data in order to confirm your eligibility for an account. We may not be able to confirm your eligibility without this personal data.
We will not retain your date of birth details after eligibility has been confirmed, but your name and email will be retained in order to complete the account creation (see How do we use your personal data and why?).
For the processing of Unmind Help requests, we work with trusted 3rd Party Health and Wellbeing Partners. This means your data and privacy rights are managed by a 3rd party when you use the Unmind Help service. For clarity & visibility, we have linked their respective Privacy Policies below:
Who do we share your personal data with?
We will never sell your personal data but we may need to share your personal data with third-party data processors so that we can use their technology to deliver and improve the Unmind experience for you. But you don’t need to worry because we have a detailed screening process in place to ensure that we only work with companies we trust.
Below is a non-exhaustive list of when we may share your personal data with a third-party:
- With companies who provide us with IT and system administration services so that we can offer a smooth, uninterrupted and safe experience for you.
- With trusted technical and professional consultants, external auditors and our legal advisors who may require access to personal data on an ad hoc basis and only with a relevant purpose, such as maintaining the security of our service or within the provision of professional services.
- With authorities who may require reporting of processing activities in specific circumstances such as complying with applicable law or responding to a valid legal process from law enforcement or other government agencies.
- With the provisioner of your “guest” account (where your Unmind access has been granted by a friend, family member, or peer) so that we can maintain and validate your “guest” account.
- With our 3rd Party Health & Wellbeing Partners to ensure that users who sign up via this method receive points towards their Rewards system when they complete relevant activities.
What are your rights?
By law, you have ten important rights when it comes to your personal data. If you are accessing Unmind from a country outside of the UK or the EEA, then make sure to check for any additional information in the side menu of this page.
- The right to object to processing: You have the right to object to certain types of processing, including processing for direct communications (for instance, if you don’t want us to send you any more emails).
- The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights (this is why we ask you to read this page).
- The right of access: You have the right to access your personal data (if we’re processing it) so that you can check we are processing it in alignment with data protection law.
- The right to rectification: You can correct your personal details from your account settings, but if you’re having trouble, you can contact us and request that we fix any personal data we hold about you that is incorrect.
- The right to erasure: You can ask us to delete any personal data we hold about you. Be careful, this isn’t a general right to erasure; there are exceptions. But we strive to meet your requests where we can.
- The right to restrict processing: You have rights to ask us to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but we won’t be able to use it anymore.
- The right to data portability: You have rights to obtain and reuse your personal data for your own purposes across different services. If you ask us for your personal data in a portable format, then that means we will give it to you in an accessible and machine-readable, for example as a csv file. You can also ask us to safely transfer it to another system for you.
- The right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data. Please let us know at privacy@unmind.com if you have an issue. If we can’t fix it for you, you are within your rights to raise it with your national data protection regulator.
- The right to withdraw consent: At Unmind, we don’t generally rely on consent as our legal basis for processing your personal data (unless we need to according to your local data protection law; make sure you read the section How we use your personal data and check to see if there is different information in your country’s addendum to this page). But, if you have given your consent, for example, for us to email you, then you can change your mind at any time. All you have to do is let us know (e.g. by clicking the unsubscribe button at the bottom of an email, or by emailing us at privacy@unmind.com.)
- You have the right to not be subject to a decision based solely on automated processing. But don’t worry, we don’t do that here at Unmind anyway!
You won’t have to pay a fee to access your personal data (or to exercise any of the other rights), but we can charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we can refuse to comply in these circumstances.
We may need you to provide evidence of your identity as a security measure and we may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month, but it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Data security, integrity, and retention of your personal data
The security, integrity, and confidentiality of your personal data is extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal data from being misused or accessed by the wrong people. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If there is an incident where we become aware that there has been a data breach, we will let you know without undue delay. We will then take all necessary steps, including informing the ICO, to limit the extent of the breach and to prevent a further reoccurrence.
We will retain your personal data for the length of time needed to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. If you ask us to delete your account, we will delete your contact and ID information within 60 days of your request. Records of your interactions with our platform will be permanently and irrevocably anonymised so that it can never be reconstructed to identify you as an individual. The reason we do this is so that we can create and distribute white papers, conduct, and publish research, and share the data with health professionals and academics to improve Unmind and other services relating to mental wellbeing.
Data transfers, storage and processing
Unmind are growing quickly and are proud that we can improve the wellbeing of individuals all around the world. This does mean that sometimes, we will need to share, store and process your personal data with third-party processors who are located outside of your country.
Our platform is hosted in the European Union (EU) within the Republic of Ireland (RoI), so your personal data will be processed in the RoI. However, as some of our offices and trusted third parties are located outside the RoI, there may be times when your personal data may be transferred, disclosed or processed in another country (for example, the United States).
Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK or the EEA which give personal data the same protection it has in the UK or the EEA.
- Where applicable when using certain service providers based in the US we rely on the EU - U.S. Data Privacy Framework (“EU-US DPF”) the UK Extension to the EU-U.S. Data Privacy Framework (“UK - U.S. DPF) and the Swiss - U.S. Data Privacy Framework (“Swiss - U.S. DPF”). For more information regarding the EU - U.S. Data Privacy Framework please visit https://www.dataprivacyframework.gov/s/
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or the EEA.
Our policy on children
We believe that mental health is for everyone, but our platform has been designed for individuals over the age of 16 and we don’t knowingly collect the personal data of those under the age of 16. So, if you are under the age of 16, we encourage you to reach out to an adult or someone you trust, but you’re not allowed to use our platform.
Cookies and tracking technologies
Cookies
We may collect personal data using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.
You can view our Cookies Policy here.
Third Party Links
This Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your personal data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every site you visit.
Contact us
We understand that this Privacy Policy is a lot to read through, and that there may be concepts or terms that seem strange or unfamiliar to you. Or maybe you would like to exercise some of the rights you read about in the What are your rights? section. If that’s the case, please do reach out to us by emailing our data protection contact at privacy@unmind.com, we are always happy to have a chat!
.
European Representative
If you are in the European Union (EU), you may reach us through our local Representative. You can contact them via addressing your request to eurep@unmind.com.