Privacy Policy
We outline our privacy policy below
Important Notice
This service is not designed to provide urgent or emergency medical care. If you are in immediate danger or require urgent assistance, please call 999 or go to your nearest Accident & Emergency (A&E) department without delay.
Privacy Policy
This is the privacy notice of Mental Health Views Ltd, company number 10935220. (‘we’, ‘our’, or ‘us’). Our registered office is at Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.
Introduction
This notice describes how we collect, store, transfer and use personal data. It tells you about your privacy rights and how the law protects you.
In the context of the law and this notice, ‘personal data’ is information that clearly identifies you as an individual or which could be used to identify you if combined with other information. Acting in any way on personal data is referred to as ‘processing’.
This notice applies to personal data collected through our website and through social media platforms and email.
We do not share, or sell, or disclose to a third party, any information collected through our website.
This privacy policy also applies to communication with you via telephone call.
Personal data we process
How we obtain personal data
The information we process about you includes information:
-
you have directly provided to us
-
as a result of monitoring how you use our website or our services
Types of personal data we collect directly
When you use our website, our services or buy from us, for example, when you fill in a contact form, referral form, send us personal information by email, create an account on our website (where option allows) etc. we ask you to provide personal data. This can be categorised into the following groups:
-
personal identifiers, such as your first and last names, your title and your date of birth
-
contact information, such as your email address, your telephone number and your postal addresses for billing, delivery and communication
-
account information, including your username and password
-
records of communication between us including messages sent through our website and email messages.
-
marketing preferences that tell us what types of marketing you would like to receive
-
In addition, we may also process:
-
documentation that confirms your identity, such as an image of your passport or driver’s licence
-
an image that shows your face, such as a passport photograph
-
documentation that confirms the qualifications you advertise as holding
-
documentation that confirms your employment, such as recent payslips
-
documentation that confirms your address, such as a tenancy agreement or rental contract
Types of personal data we collect from third parties
We confirm some of the information you provide to us directly using data from other sources. We also add to the information we hold about you, sometimes to remove the need for you to provide it to us and sometimes in order to be able to assess the quality of the services you offer.
The additional information we collect can be categorised as follows:
-
information that confirms your identity
-
business information, including your business trading name and address, your company number (if incorporated), and your VAT number (if registered)
-
information that confirms your contact information
-
reviews and feedback about your business on other websites through which you sell your services
-
unsolicited complaints by other users
Types of personal data we collect from your use of our services
By using our website and our services, we process:
-
your username and password and other information used to access our website and our services (where you provide such information)
-
information you contribute to our community, including reviews (where you provide such information)
-
your replies to polls and surveys (where you provide such information)
-
technical information about the hardware and the software you use to access our website and use our services, including your Internet Protocol (IP) address, your browser type and version and your device’s operating system
-
usage information, including the frequency you use our services, the pages of our website that you visit, whether you receive messages from us and whether you reply to those messages
-
transaction information that includes the details of the products services you have bought from us and payments made to us for those services
-
your preferences to receive marketing from us; how you wish to communicate with us; and responses and actions in relation to your use of our services.
Our use of aggregated information
We may aggregate anonymous information such as statistical or demographic data for any purpose. Anonymous information is that which does not identify you as an individual. Aggregated information may be derived from your personal data but is not considered as such in law because it does not reveal your identity.
For example, we may aggregate usage information to assess whether a feature of our website is useful.
However, if we combine or connect aggregated information with your personal data so that it can identify you in any way, we treat the combined information as personal data, and it will be used in accordance with this privacy notice.
Special personal data
Special personal data is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
It also includes information about criminal convictions and offences.
We may collect special personal data about you if there is a lawful basis on which to do so.
If you do not provide personal data we need
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract.
In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.
The bases on which we process information about you
The law requires us to determine under which of six defined bases we process different categories of your personal data, and to notify you of the basis for each category.
If a basis on which we process your personal data is no longer relevant then we shall immediately stop processing your data.
If the basis changes, then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Information we process because we have a contractual obligation with you
When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal data.
We may use it in order to:
-
verify your identity for security purposes when you use our services
-
sell products to you
-
provide you with our services
-
provide you with suggestions and advice on products, services and how to obtain the most from using our website
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, you provide your consent to us to process information that may be personal data.
Wherever possible, we aim to obtain your explicit consent to process this information, for example, we ask you to agree to our use of non-essential cookies when you access our website.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us info@mentalhealthviews.com. However, if you do so, you may not be able to use our website or our services further.
We aim to obtain and keep your consent to process your information. However, while we take your consent into account in decisions about whether or not to process your personal data, the withdrawal of your consent does not necessarily prevent us from continuing to process it. The law may allow us to continue to process your personal data, provided that there is another basis on which we may do so. For example, we may have a legal obligation to do so.
Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do after having given careful consideration to:
-
whether the same objective could be achieved through other means
-
whether processing (or not processing) might cause you harm
-
whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
-
For example, we may process your data on this basis for the purposes of:
-
improving our services
-
record-keeping for the proper and necessary administration of our business
-
responding to unsolicited communication from you to which we believe you would expect a response
-
preventing fraudulent use of our services
-
exercising our legal rights, including to detect and prevent fraud and to protect our intellectual property
-
insuring against or obtaining professional advice that is required to manage risk
-
protecting your interests where we believe we have a duty to do so
Information we process because we have a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal data.
Information we process to protect vital interests
In situations where processing personal information is necessary to protect someone’s life, where consent is unable to be given and where other lawful bases are not appropriate, we may process personal information on the basis of vital interests.
For example, we may inform relevant organisations if we have a safeguarding concern about a vulnerable person.
How and when we process your personal data
Information you provide publicly on our website
Note: This clause applies to information publicly posted on our website.
Where our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people.
For example, when you leave a review or post a message on our website, we reasonably assume that you consent for the message to be seen by others. We may include your username with your message, and your message may contain information that is personal data.
Other examples include:
-
tagging an image
-
clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks
In posting personal data, it is up to you to satisfy yourself about the privacy level of every person who might use it.
We do not specifically use this information except to allow it to be displayed or shared.
We do store it, and we reserve a right to use it in the future in any way we decide.
Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.
Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal data that you have posted on our website. You can make a request by contacting us at info@mentalhealthviews.com.
Payment information
Payment information is never taken by us or transferred to us either through our website or otherwise. Our employees and contractors never have access to it.
At the point of payment, you are transferred to a secure page on the website of Stripe or some other reputable payment service provider. That page may be branded to look like a page on our website, but it is not controlled by us.
Information obtained from third parties
Although we do not disclose your personal data to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal data from third parties whose services we use.
No such information is personally identifiable to you.
Credit reference
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
Third party advertising on our website
Third parties may advertise on our website. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about you when their advertisement is displayed on our website.
They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts.
We do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.
Service providers and business partners
We may share your personal data with businesses that provide services to us, or with business partners.
As examples:
-
we may pass your payment information to our payment service provider to take payments from you
-
we may use fraud prevention agencies and credit reference agencies to verify your identity and we may pass your information to those agencies if we strongly suspect fraud on our website
-
we may pass your contact information to advertising agencies to use to promote our services to you
-
we may pass any feedback that you provide about our service or the clinical care that you’ve received and use this feedback to support lessons learned for appraisal or revalidation purposes. When you complete feedback, your personal details maybe stored along with your feedback comments.
Use of information we collect through automated systems
When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.
If you choose not to use cookies or you prevent their use through your browser settings, you may not be able to use all the functionality of our website.
We use cookies in the following ways (subject to our website offering such features, which may vary from time to time):
-
to track how you use our website
-
to record whether you have seen specific messages we display on our website
-
to keep you signed in to our website
-
to record your answers to surveys and questionnaires on our site while you complete them
-
to record the conversation thread during a live chat with our support team
Cookies
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit a website that uses them. They allow information gathered on one web page to be stored until it is needed for use at a later date.
They are commonly used to provide you with a personalised experience while you browse a website, for example, allowing your preferences to be remembered.
They can also provide core functionality such as security, network management, and accessibility; record how you interact with the website so that the owner can understand how to improve the experience of other visitors; and serve you advertisements that are relevant to your browsing history.
Some cookies may last for a defined period of time, such as one visit (known as a session), one day or until you close your browser. Others last indefinitely until you delete them.
Your web browser should allow you to delete any cookie you choose. It should also allow you to prevent or limit their use. Your web browser may support a plug-in or add-on that helps you manage which cookies you wish to allow to operate.
The law requires you to give explicit consent for use of any cookies that are not strictly necessary for the operation of a website.
Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you. If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
Data Security and Storage
Data Collection and Use
When you use our website, booking, and contact forms, or send us emails, we collect personal information such as your name, email address, phone number, and any other details you provide. This information is used for the purpose of responding to your enquiries, processing your bookings, and providing you with the services you request.
Data Storage
Your data is stored securely on Wix’s servers, Google Workspace servers, and a Network Attached Storage (NAS) device. Wix’s servers are hosted on Amazon Web Services (AWS) and Google Cloud Platform, while Google Workspace servers are hosted in Google’s data centres. Both platforms comply with industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and PCI DSS Level 1.
In addition, your data will also be stored on a NAS device, which employs robust security measures to protect your data. This includes encryption using AES-256, ensuring that your data is secure both at rest and in transit.
Data Security
Wix employs a dedicated security team that constantly monitors and improves the company’s defence systems. They perform regular security assessments, penetration tests, and quality assurance measures to ensure the integrity and security of your data. Source
Google Workspace also employs a comprehensive security infrastructure, including advanced anti-malware and anti-phishing protection, which scans incoming and outgoing emails, attachments, and URLs for potential threats. Additionally, all data transmitted between your device and our servers is encrypted using HTTPS and SSL/TLS protocols.
Encryption of Data
When you submit personal information through our contact forms, Wix ensures that your data is encrypted both in transit and at rest. In transit, data is encrypted using HTTPS over TLS 1.2 and above, ensuring secure communication between your browser and Wix’s servers. At rest, data is encrypted using AES-256, the industry standard for encryption methods.
Similarly, emails stored in Google Workspace are encrypted both in transit and at rest. In transit, data is encrypted using TLS, and at rest, data is encrypted using AES-256. For organisations requiring additional security, Google Workspace also offers client-side encryption, giving you sole control over your encryption keys.
Third-Party Access
We do not share your personal information with third parties except as necessary to provide our services or as required by law. Any third-party service providers we use are also required to adhere to strict data protection standards.
User Rights
You have the right to access, correct, or delete your personal information at any time. If you have any questions or concerns about how your data is handled, please contact us directly.
Limitations of Data Security
While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Despite our best efforts, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot ensure or warrant the security of any information you transmit to us or store on our systems. By using our services, you acknowledge and accept these inherent risks.
Data may be processed outside the UK
Our websites are hosted by Wix. Wix hosts its websites for UK businesses on servers located in Europe and the United States. Wix utilises Google Cloud CDN (Content Delivery Network) to ensure global coverage and low latency, meaning your website content is delivered from the server closest to your visitors for faster loading times.
We may also use outsourced services in countries outside the UK from time to time in other aspects of our business. Accordingly, data obtained within the UK or any other country could be processed outside the UK.
Your data, including information stored in Google Workspace and Google email, may be stored outside of the United Kingdom in various locations around the world. By default, Google may store data in data centres located in the United States, Europe, and other regions to ensure optimal performance and reliability.
Control over your own information
It is important that the personal data we hold about you is accurate and up to date. Please inform us if your personal data changes.
At any time, you may contact us to request that we provide you with the personal data we hold about you.
To obtain a copy of any information that is not provided on our website you should contact us to make that request.
When we receive any request to access, edit or delete personal data we first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Please be aware that we are not obliged by law to provide you with all personal data we hold about you, and that if we do provide you with information, the law allows us to charge for such provision if doing so incurs costs for us. After receiving your request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
If you wish us to remove personally identifiable information from our website you should contact us to make your request (for example, this may occur where you have posted something publicly).
This may limit the service we can provide to you.
We remind you that we are not obliged by law to delete your personal data or to stop processing it simply because you do not consent to us doing so. While having your consent is an important consideration as to whether to process it, if there is another legitimate basis on which we may process it, we may do so on that basis.
Data Retention Periods
The retention period for mental health records
Where we provide you with an assessment of your mental health or wellbeing, or any form of mental health service for you, we are required to retain patient medical records for up to 20 years or 10 years after death (noting: Northern Ireland it is 8 years after death) to ensure consistency in the management of patient records across different types of healthcare providers.
For the avoidance of doubt, this will also include (but is not limited to) any information you have filled in, completed, supplied to us, sent to us, or where you have given consent for us to receive further information about you from other health professionals or third parties which are holding your medical information that we have obtained.
For example: We will retain your patient medical records, which may include, but not be limited to: handwritten notes, electronic records, correspondence between health professionals, visual and audio recordings, notes taken from video conferences, laboratory reports, communications with patients (including texts and emails, letters), any information that we may have reviewed in order to undertake a mental health assessment.
We comply with the retention periods detailed in Records Management Code of Practice - NHS Transformation Directorate (england.nhs.uk), as this is the recommended time frame, which helps ensure consistency in the management of patient records across different types of healthcare providers.
Non-Medical data retention periods:
Except as otherwise mentioned in this privacy notice, we keep your personal data only for as long as required by us:
-
to provide you with the services you have requested
-
to comply with other law, including for the period demanded by our tax authorities
-
to support a claim or defence in court
Communicating with us
When you contact us, whether by telephone, through our website or by email, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
Raising Concerns / Complaints
If you are not happy with our privacy policy, or if you have any complaint, then you should tell us by contacting us at:
When we receive a concern or complaint, we record the information you have given to us on the basis of consent. We use that information to resolve your complaint.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
If your complaint reasonably requires us to notify some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal data, you have a right to lodge a complaint with the Information Commissioner's Office (ICO). We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO.
Compliance with the law
Our privacy policy complies with the law in the United Kingdom, specifically with the Data Protection Act 2018 (the ‘Act’) accordingly incorporating the EU General Data Protection Regulation (‘GDPR’) and the Privacy and Electronic Communications Regulations (‘PECR’).
Review of this privacy policy
We may update this privacy notice periodically as needed, without prior notification to you. Therefore, we recommend that you review this policy each time you use our website or undertake a service from us.
Mental Health Views Limited, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
Registration Number: 10935220
© 2024 Mental Health Views Ltd. All rights reserved.