Privacy Policy
We are Mentalwell Ltd trading as Mentalwell, (“Mentalwell”, “we”, “us”, or “our”). Our company registration number is 15374247 and our registered address is 925 Finchley Road, London, England, NW11 7PE.
For the purposes of UK laws regarding data protection, the data controller is Mentalwell, and we are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB659566.
This privacy policy applies to: (i) individuals who visit our website at https://www.mentalwell.co.uk/ (the “Website”), any of our web portals or online platform (including individuals that access our Mentalwell portals as a clinician or a patient) (“Platform”), engage with us via our Website, Platform or social media accounts, and in connection with any services, contracts or related matters; (ii) individuals we deal with in their business capacity, such as representatives of our suppliers or investors; and (iii) individuals that apply for work with us (“you”, “your”).
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Mentalwell – Privacy Statement
At Mentalwell, your privacy is important to us. We believe in a responsible and pro-active approach when dealing with your personal information.
This policy sets out how and why we collect, store, use and share personal information generally, our dedication to protect it, as well as your rights in relation to your personal information and details of how to contact us and supervisory authorities if you have a complaint.
If you have any questions about how we use your personal data, please contact: daniel@mentalwell.co.uk.
1. The types of personal data we collect
We may collect and use the following information about you:
-
Identity Data including your first name and surname.
-
Contact Data including your billing address, residential address, email address, and telephone numbers.
-
Business Data including the name of the organisation you represent, your position, department and business ID numbers.
-
Financial Data including bank account and payment card details.
-
Transactional Data including information about our dealings, transactions and interactions with you.
-
Technical Data including your IP address when you visit or engage with our Website, Platform or social media accounts.
-
Usage Data including information about how you use or search our Website, Platform and services including any user preferences.
-
Survey Data including data from surveys that we may, from time to time, run on the Website and Platform for research purposes, if you choose to respond to, or participate in, them.
-
Marketing and Communications Data including your preferences in receiving marketing from us, your communication preferences and your language settings.
-
Health Data including medical history, treatment plans, assessment meeting recordings and transcripts and any other information you or your clinician share with us on the Platform about your health and / or wellbeing.
-
Recruitment Data including within your resume/CV or provided by recruitment agencies, information held on your social media accounts such as LinkedIn and any other information that is shared with us throughout the application process including information about your employment history, education history and references, criminal records check (if applicable) and any relevant recruitment test results (if applicable).
-
Qualifications Data including information about your professional qualifications, licensing certificates and any relevant insurance coverage.
We will indicate where any personal information we have requested is mandatory. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to provide you with certain services.
2. Lawful basis for processing
We will only process your personal data where we have a lawful basis to do so. The lawful basis will depend on the purposes for which we have collected and used your personal information. In almost every case, the lawful basis will be one of the following:
-
Our legitimate business interests: Where we have a legitimate interest to use personal data regarding you in relation to the operation of our business.
-
Performance of an agreement with you (or in order to take steps prior to entering into an agreement with you): For example:
-
where you have provided your information in order to receive details in relation to the services available on our Platform; or
-
where you have provided your payment information in order to receive our services.
-
Compliance with the law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.
-
Consent: Where you have given consent for us to process your personal data for a specific purpose.
Please find a table which sets out each category of personal data we collect below, and the lawful basis for processing it.
We collect most categories of personal data from you directly or when you use our Website or Platform or engage with us via social media.
Purpose of Processing | Category of Personal Data | Lawful Bases |
---|---|---|
To consider your application for work with us (including either as a clinician on the Platform or as an employee of Mentalwell) and to allow you to participate in our recruitment processes | Identity data Contact Data Business Data | Our legitimate interests for our business operationsa |
To administer and manage our relationships with our investors | Identity Data Contact Data Financial Data Investor Data | Performance of an agreement with you |
To make service recommendations | Identity Data Contact Data Transactional Data Health Data | Consent Our legitimate interests for our business operations |
To help improve our services (including by way of machine learning using the data obtained in the performance of our services) | Health Data | Consent Our legitimate interests for our business operations |
To perform our day-to-day business operations including business development | All data types | Our legitimate interests for our business operations |
To comply with the law and to enforce our legal rights | All data types | To comply with our legal obligations Our legitimate interests for our business operations |
To handle complaints and disputes | All data types | Our legitimate interests for our business operations |
For direct marketing | Identity Data Contact Data Transactional Data Marketing and Communications Data Business Data | Consent Our legitimate interests for our business operations |
To set and operate cookies and similar technologies on our Website and Platform | Technical Data Usage Data | Consent Our legitimate interests for our business operations |
To manage, deliver and improve our Website, Platform and social media accounts | Technical Data Usage Data | Our legitimate interests for our business operations |
Use of our Website, Platform and social media accounts | Identity Data Contact Data Transactional Data Technical Data Usage Data Survey Data Marketing and Communications Data Business Data | Our legitimate interests for our business operations |
To enter into and fulfil the contracts with customers | Identity data Contact Data Financial Data Transactional Data Marketing and Communications Data Business Data Health Data | Performance of an agreement with you Our legitimate interests for our business operations Consent |
To respond to queries | Identity data Contact Data Business Data | Our legitimate interests to respond to queries |
3. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel any services you have engaged us to provide, but we will notify you if this is the case at the time.
4. How we share your personal data with third parties
We may share your personal information with our suppliers (including clinicians), business partners, prospective investors and other providers, such as the supplier who hosts our Website, or payment gateway and other payment transaction processors. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, these third-party service providers may have their own privacy policies in respect of the information we are required to provide to them. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by them.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our Website and Platform, for example via a link, you are no longer governed by this privacy policy or our Terms & Conditions.
We may disclose your personal information to other third parties in the following cases:
-
in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
-
if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request;
-
in the case of an emergency, in which case we shall share personal data as is necessary and proportionate; or
-
to protect the rights, property or safety of us or our users, or others, and in order to enforce or apply the terms of our contracts with customers (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5. Marketing
Where permitted by law or where we have asked for your consent, we may send you marketing materials which we believe may be of interest to you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You may receive marketing communications from us if you have requested information from us or engaged with us and you have not opted out of receiving that marketing.
-
Third-party marketing. We are committed to protecting and respecting your personal data. We will not sell or rent your personal data to any third parties. We will not share your personal data with third parties for marketing purposes.
-
Opting out. You can ask us to stop sending you marketing messages at any time by contacting us at any time at hello@mentalwell.co.uk.
6. Cookies
We also collect personal data automatically when you use the Website and Platform and when you navigate through the Website and Platform. We us cookies to distinguish you from other users of our Website and Platform. This helps us to provide you with a good experience when you browse our Website and Platform and also allows us to improve our Website and Platform. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. We use the following cookies:
-
Strictly necessary cookies. These are cookies that are required for the operation of our Website and Platform. They include, for example, cookies that enable you to log into secure areas of our Platform.
-
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website and Platform when they are using it. This helps us to improve the way our Website and Platform works, for example, by ensuring that users are finding what they are looking for easily.
-
Functionality cookies. These are used to recognise you when you return to our Website and Platform. This enables us to personalise our content for you, greet you by name and remember your preferences.
-
Targeting cookies. These cookies record your visit to our Website Platform, the pages you have visited and the links you have followed.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly.
We do not share the information collected by the cookies with any third parties.
7. Age of consent
By using the Website and Platform, you represent that you are at least the age necessary to use our services and enter into contracts with us.
8. Where we store your personal data
Your information is stored in the United Kingdom (“UK”) or European Economic Area (“EEA”), but we may transfer it to countries outside the UK and EEA.
Whenever we transfer your information internationally, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this privacy policy. In these cases, we rely on approved data transfer mechanisms (such as the EU “Standard Contractual Clauses” or UK “International Data Transfer Agreement” or “UK Addendum”) to ensure your information is subject to adequate safeguards in the recipient country.
9. Your Rights
Mentalwell takes your privacy very seriously and wants you to be aware of your rights, as follows:
-
you have the right to request (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
-
you have the right to have inaccurate personal data rectified, or completed if it is incomplete;
-
in certain situations, you have the right to have your personal data erased or transmitted directly to another company, where technically feasible;
-
where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time without impact to any data processing activities that have taken place before such withdrawal;
-
you have the right not to be subject to any decisions based solely on automated processing, including profiling, which has legal or other similarly significantly effects on you unless we have your consent, it is authorised by law or it is necessary for the performance of an agreement; and
-
in certain situations, you have the right to restrict or object to our processing of personal data regarding you.
Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please send us an email at hello@mentalwell.co.uk if you would like to exercise any of your rights.
10. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We take steps to ensure that your information is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption or by using pseudonymisation in the case of credit card information on payment, we cannot guarantee the security of your information transmitted via the internet; any transmission is at your own risk.
We have appropriate technical and organisational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other individuals. We maintain these technical and organisational measures and will amend them from time to time to improve the overall security of our systems.
In addition, we limit access to your personal data to those employees and other third parties who have a business need to know.
We may, from time to time, include links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.
11. How long we keep your personal data
We retain your information for as long as it is necessary for the purposes for which it was collected and processed. Additionally, we retain data for the purposes of satisfying any legal, regulatory, accounting, finance, tax, reporting and insurance requirements after which we take steps to destroy or de-identify personal data when the information is no longer required for any purpose for which it may be used or disclosed by us and we are no longer required by law or regulation to retain the information. Please note that this will be assessed on a case-by-case basis.
After our agreement with you expires or terminates, or our relationship with you has otherwise ended, we may also store your information in an aggregated and anonymised format.
13. Complaints
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at hello@mentalwell.co.uk and we will endeavour to deal with your request as soon as possible.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
14. Changes
We will generally notify you of any material changes to this policy, through a notice provided via the Website and Platform or otherwise supplied to you. However, you should look at this policy regularly to check for any changes. We will also update the “Last Updated” date at the top of this policy, which reflects the effective date of such policy. Your continued engagement with us after the date of the updated policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop your engagement with us.
Mentalwell is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices concerning the collection, use, and protection of the data we collect from you when you visit our website or use our services.
Please read this Privacy Policy carefully to understand how we collect, use, and safeguard your information. By using our website or services, you consent to the practices described in this policy.
Information We Collect:
We collect both personally identifiable information (PII) and non-personally identifiable information (non-PII) from our website visitors and users. PII may include your name, contact information, and any other information that you voluntarily provide to us. Non-PII may include data such as your IP address, browser type, and the pages you visit on our website.
How We Use Your Information:
We use the information we collect for various purposes, including:
-
To provide the services and information you request.
-
To process and complete transactions.
-
To improve our website and services.
-
To send you promotional or informational emails, but only if you have provided your consent.
-
To respond to your inquiries or requests.
-
To meet our legal and regulatory requirements.
Protection of Your Information:
We employ industry-standard security measures to protect your personal information. These measures include encryption, firewalls, and secure server technologies. We regularly review and update our security policies to ensure the safety of your data.
Sharing Your Information:
Mentalwell does not sell, trade, or rent your personal information to third parties. However, we may share your information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you, provided that these parties agree to keep your information confidential.
Your Rights:
You have the right to access, correct, or delete your personal information. You may also choose to unsubscribe from our promotional emails at any time. To exercise any of these rights or for any privacy-related concerns, please contact us at hello@mentalwell.co.uk.
Updates to Privacy Policy:
Mentalwell may update this Privacy Policy as needed to reflect changes to our practices or for legal, regulatory, or security reasons. We will post the revised policy on our website with a new effective date. Please review this policy periodically to stay informed about how we are protecting your information.
Contact Information:
If you have any questions, concerns, or requests related to our Privacy Policy, please contact us at:
Thank you for trusting Mentalwell with your personal information. We are committed to maintaining your privacy and safeguarding your data while providing you with the highest quality of service.