Welsh (Preifatrwydd)

Māori 

APPS USERS PRIVACY POLICY

If you’re a child or young person then you need to know these five things about how Mind Of My Own keeps your personal details safe and private.

1. SIGNING UP
When you sign up for an account it belongs to you only. No workers, parents, carers or services can access it. During the sign-up you are given information about your privacy so you can give informed consent for Mind Of My Own to store your data.

2. LOGGING IN
Make sure you keep your log in details safe so that no one else can get into your account.  We also recommend that after using the app you log out or use a device security lock in case you lose your device.

3. SENDING A STATEMENT
When you finish making a statement and are ready to send it you will see some more information about your privacy that will help you decide whether to consent to what happens to your information at that point.

4. WHAT HAPPENS TO YOUR STATEMENT
When sending a Mind Of My Own statement to a professional listed on the app you can expect they will treat what you say according to their service’s privacy policy. This means they attach it to your case file or might share it with other colleagues. They will also contact you by phone, text or email. If you can’t remember their privacy policy then ask them for a copy.

5. YOU CAN DELETE YOUR ACCOUNT
In your Mind Of My Own account you are able to edit your information any time you want. You can also delete your account yourself, using the button on the Account page. You can’t retrieve data from an account that is deleted, so as part of the deletion procedure, we will send you a link to a zipped PDF containing all of the statements you have made. This will happen with two weeks of you choosing to delete your account. Deleting means that all information about you, or created by you, in Mind Of My Own, will be deleted from our servers, but your information will still be visible by the services you have used to send Mind Of My Own statements to. If you want absolute total deletion, including deleting from the service portal at the organisation your statements were sent to, then you have the right to be forgotten and can request a full delete by email privacy@mindofmyown.org.uk  We will do the full delete, let you know by email that we did it, then remove your email address from our system.

Want to know more?

There is an email contact at the bottom of this page, we’d love to hear from you.

 

  1. Introduction: your rights, our responsibilities

This policy is for users of the Mind Of My Own apps, One app, Express, Service portal and Xchange.

1.1 Your rights                         

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

  • be informed about how your data is being used
  • access your personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances.

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests.

1.2. Our responsibilities

Mind Of My Own complies with The UK General Data Protection Regulation (UKGDPR), the Data Protection Act 2018 and Children’s Code.

  1. Data protection and the law

2.1 What is data protection?

Data protection is an area of the law that governs what may and what may not be done with personal information.  This personal information may be in electronic (eg stored on computer) or manual form (papers in a filing system).

The purpose of the UK GDPR, Data Protection Act 2018 and Children’s Code, is to protect the rights of individuals whose data (information) is obtained, stored, processed and disclosed. It covers the whole UK.

2.2 The law

Mind Of My Own is required by law to comply with the Act, so we have to:

  • Register with the Information Commissioner’s Office (ICO)
  • Apply the six data protection principles
  • Educate and train our staff in the correct use of data.

2.2.1 Mind Of My Own is registered with the ICO and our number is ZA217007

  1. The six data protection principles

There are six principles of information processing that Mind Of My Own as the data controller must comply with.

Personal data shall be:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
  1. How Mind Of My Own complies with data protection principles

4.1 Principle 1: Data is used fairly, lawfully and transparently

This means that when Mind Of My own is collecting personal information from individuals:

  • they are made aware of the uses of this information
  • individual consent has been obtained
  • they are made aware of disclosures of their personal information to any third parties.

Personal information held by Mind Of My Own is described fully in the Data privacy impact assessment.

Consent is always required before Mind Of My Own can process personal data.

Mind Of My Own does not share any personal information with third parties.

Anonymised data is analysed by Mind Of My Own to help us understand how our apps are being used.

4.2 Principle 2: Data is used for specified, explicit purposes

Mind Of My Own never uses personal information for any purpose other than what the individual has consented to in using the apps.

4.3 Principle 3: Data is used in a way that is adequate, relevant and limited to only what is necessary

Mind Of My Own only holds the minimum of personal information necessary in order to fulfil its purpose (make the apps work).

4.4 Principle 4: Data is accurate and, where necessary, kept up-to-date

Mind Of My Own encourages app users with their own account to edit their personal information as and when it changes.

4.5 Principle 5: Data is not kept longer than is necessary

App users with their own Mind Of My Own account are able to deactivate their account at any time, which removes their data from the Mind Of My Own servers, although it will remain visible on the service portal of the organisation the user has sent statements to. Those wishing to be forgotten can request a full delete from Mind Of My Own and it will be carried out within one month, confirmed by email, then that user’s email address also finally destroyed.

4.6 Principle 6:  Data is handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

All information processed by Mind Of My Own is processed securely, using processes detailed in the Mind Of My Own information security management system (ISMS). The ISMS is audited and reviewed internally every month and inspected independently every year for accreditation with the international standard ISO27001.

  1. In-app privacy notices

5.1 Privacy information to inform apps users’ consent is offered in the One app at these points:

  • On signing up for an account
  • Before sending a statement for the first time

At these two points the user can only continue if they give consent.

  • Within the account under right to be forgotten.

At each stage users can choose between reading simple text or words with pictures

5.2 Privacy information to inform apps users’ consent is offered in Express in two ways

5.2.1 If Express is accessed from a worker account the worker must follow a link to child friendly, pictures-based privacy information and must explain to the child and confirm the information was understood. This is the basis for that child’s consent.

5.2.2 If Express is accessed from a young person’s own account they will see the same child friendly pictures-based information, but in-app, in order to give their consent.

Copies of all in-app privacy information are freely available on request.

  1. Glossary

Data: means information in a form in which it can be processed (automatically)

Personal data: means data relating to a living person who can be identified either from the data, or from the data in conjunction with other information in the possession of the data controller

Data controller: is a person who, either alone or with others, controls the contents and use of personal data

Data subject: the individual person who is the subject of any relevant persona data (information)

Third party: someone other than the data subject or data controller, or someone who does not have the authority of the controller to process the data

Data subject’s consent: means freely given specific and informed indication of the data subject’s wishes by which that person signifies agreement to their personal data being processed.

 

Preifatrwydd

Ar gyfer plant a phobl ifanc sy’n defnyddio apiau Mind of My Own:

Os ydych yn blentyn neu berson ifanc mae angen i chi wybod y pum peth hyn am sut mae Mind of My Own yn cadw eich manylion personol yn ddiogel ac yn breifat.

1.            Pan fyddwch yn cofrestru ar gyfer cyfrif mae’n perthyn dim ond i chi. Ni all unrhyw weithwyr, rhieni, gofalwyr neu wasanaethau gael mynediad ato. Wrth i chi fewngofnodi, rhoddir gwybodaeth i chi am eich preifatrwydd fel y gallwch roi caniatâd gwybodus i Mind of My Own storio’ch data.

2.            Cofiwch gadw eich manylion mewngofnodi’n ddiogel fel na all neb arall gael mynediad at eich cyfrif. Rydym yn argymell hefyd ar ôl i chi ddefnyddio’r ap eich bod yn allgofnodi neu ddefnyddio clo diogelwch eich dyfais rhag ofn i chi golli eich dyfais.

3.            Pan fyddwch yn gorffen gwneud datganiad a’ch bod yn barod i’w anfon byddwch yn gweld mwy o wybodaeth am eich preifatrwydd a fydd yn helpu chi benderfynu p’un a fyddwch yn rhoi caniatâd i beth bynnag sy’n digwydd gyda’ch gwybodaeth ar y pwynt hwnnw.

4.            Pan fyddwch yn gyrru datganiad Mind of My Own at weithiwr proffesiynol sydd wedi’i restru ar yr ap, gallwch ddisgwyl y bydd yn trin yr hyn a ddwedwch yn unol â pholisi preifatrwydd eu gwasanaeth nhw. Mae hyn yn golygu eu bod yn ei atodi i’ch ffeil achos neu efallai yn ei rannu â chydweithwyr eraill. Byddant hefyd yn cysylltu â chi dros y ffôn, trwy neges destun neu e-bost. Os na allwch gofio eu polisi preifatrwydd, gofynnwch iddynt am gopi.

5.            Gallwch olygu eich gwybodaeth unrhyw bryd a fynnwch yn eich cyfrif Mind of My Own. Gallwch ddadalluogi eich cyfrif eich hun hefyd; ni allwch adalw data o gyfrif sydd wedi’i ddadalluogi. Mae dadalluogi’n golygu y bydd yr holl wybodaeth amdanoch chi neu a grëwyd gennych o fewn Mind of My Own yn cael ei dileu o’n gweinyddion, ond bydd eich gwybodaeth yn weladwy o hyd i’r gwasanaethau rydych wedi’u defnyddio i anfon datganiadau Mind of My Own iddynt. Os ydych eisiau dilead llwyr, gan gynnwys dileu o borth gwasanaeth y sefydliad yr anfonwyd eich datganiadau iddo, mae hawl gennych i gael eich anghofio a gallwch ofyn am ddilead llawn. Byddwn ni’n gwneud y dilead llawn, yn eich hysbysu trwy e-bost ein bod wedi’i wneud, ac yna yn dileu eich cyfeiriad e-bost o’n system.

Eisiau gwybod mwy?

Mae cyfeiriad e-bost cyswllt ar waelod y dudalen hon, hoffem glywed oddi wrthych yn fawr.

 

  1. Cyflwyniad: eich hawliau, ein cyfrifoldebau

Mae’r polisi hwn ar gyfer defnyddwyr yr apiau Mind of My Own, One, Express a’r Porth Gwasanaeth.

1.1 Eich hawliau                         

O dan Ddeddf Diogelu Data 2018, mae hawl gennych i ddarganfod pa wybodaeth y mae’r llywodraeth a sefydliadau eraill yn ei storio amdanoch chi. Mae’r rhain yn cynnwys yr hawl i:

  • gael eich hysbysu am sut mae eich data’n cael ei ddefnyddio
  • cyrchu eich data personol
  • trefnu i ddata anghywir gael ei ddiweddaru
  • trefnu i ddata gael ei ddileu
  • atal neu gyfyngu ar brosesu’ch data
  • cludadwyedd data (gan alluogi chi i ddod o hyd i’ch data a’i ailddefnyddio mewn gwasanaethau eraill)
  • gwrthwynebu sut mae eich data’n cael ei brosesu o dan amgylchiadau penodol.

Mae gennych hawliau hefyd pan fydd sefydliad yn defnyddio eich data personol ar gyfer:

  • prosesau gwneud penderfyniadau wedi’u hawtomeiddio (heb fod bodau dynol yn rhan o’r broses)
  • proffilio, er enghraifft i ddarogan eich ymddygiad neu ddiddordebau.

1.2. Ein cyfrifoldebau

Deddf Diogelu Data 2018 yw gweithrediad y Deyrnas Unedig o’r Rheoliad Diogelu Data Cyffredinol (GDPR).

Mae’n rhaid i bawb sy’n gyfrifol am ddefnyddio data personol ddilyn rheolau llym o’r enw ‘egwyddorion diogelu data’. Mae’n rhaid iddynt sicrhau bod y data’n:

  • cael ei ddefnyddio’n deg, yn gyfreithlon ac yn dryloyw
  • cael ei ddefnyddio at ddibenion penodedig echblyg
  • cael ei ddefnyddio mewn ffordd sy’n ddigonol, perthnasol ac yn gyfyngedig i’r hyn sydd ei angen
  • cywir a, phan fydd angen, yn cael ei ddiweddaru
  • cael ei gadw dim ond cyn hired ag y mae ei angen
  • cael ei drin mewn ffordd sy’n sicrhau gwarchodaeth briodol, gan gynnwys amddiffyn yn erbyn prosesu, mynediad, colled, dinistriad neu ddifrod anghyfreithlon neu anawdurdodedig.
  1. Diogelu data a’r gyfraith

3.1 Beth yw diogelu data?

Mae diogelu data’n rhan o’r gyfraith sy’n llywodraethu’r hyn a all ac na all gael ei wneud gyda gwybodaeth bersonol. Gall yr wybodaeth bersonol hon fod ar ffurf electronig (e.e. wedi’i storio ar gyfrifiadur) neu galed (papurau mewn system ffeilio).

Diben Deddf Diogelu Data 2018 yw diogelu hawliau unigolion y mae eu data (gwybodaeth) wedi’i gyrchu, ei storio, ei brosesu a’i ddatgelu. Mae’n cynnwys y Deyrnas Unedig gyfan.

3.2 Y gyfraith

Mae’n ofynnol yn ôl y gyfraith i Mind Of My Own gydymffurfio â’r Ddeddf, felly mae’n rhaid i ni:

  • Gofrestru gyda Swyddfa’r Comisiynydd Gwybodaeth (ICO)
  • Cymhwyso’r wyth egwyddor diogelu data
  • Addysgu a hyfforddi ein staff ar y defnydd cywir o ddata.

3.2.1 Mae Mind Of My Own yn gofrestredig gyda’r ICO a’n rhif yw 09842033

  1. Yr wyth egwyddor diogelu data

Ceir wyth egwyddor prosesu gwybodaeth y mae’n rhaid i Mind of My Own gydymffurfio â nhw fel rheolydd data:

Bydd data personol yn:

  1. cael ei brosesu’n deg ac yn gyfreithlon
  2. cael ei gaffael dim ond at y diben a nodir
  3. digonol, perthnasol a ddim yn ormodol
  4. cywir a, phan fydd angen, yn cael ei ddiweddaru
  5. cael ei gadw dim ond cyn hired ag y mae ei angen ar gyfer y diben
  6. cael ei brosesu’n unol â hawliau gwrthrychau data o dan y Ddeddf
  7. cael ei ddiogelu yn erbyn prosesu anawdurdodedig neu anghyfreithlon ac yn erbyn colled, dinistriad neu ddifrod damweiniol
  8. peidio â chael ei drosglwyddo i wledydd nad oes ganddynt warchodaeth ddigonol.
  1. Cydymffurfio ag egwyddorion diogelu data

5.1 Egwyddor 1: Cael ei brosesu’n deg ac yn gyfreithlon

Mae hyn yn golygu, pan fydd Mind of My Own yn cywain data personol gan unigolion:

  • eu bod yn cael eu hysbysu am ddefnyddiau’r wybodaeth hon
  • y daethpwyd o hyd i ganiatâd unigol
  • eu bod yn cael eu hysbysu os datgelir eu gwybodaeth bersonol i unrhyw drydydd partïon.

Disgrifir gwybodaeth bersonol a ddelir gan Mind of My Own yn llawn yn yr Asesiad effaith preifatrwydd data.

Mae angen caniatâd bob amser cyn y gall Mind of My Own brosesu data personol.

Nid yw Mind of My Own yn rhannu unrhyw ddata personol gyda thrydydd partïon.

Dadansoddir data dienw gan Mind of My Own i’n helpu deall sut mae ein hapiau’n cael eu defnyddio.

5.2 Egwyddor 2: Cael ei gaffael dim ond at y diben a nodir

Gellir caffael gwybodaeth bersonol dim ond at un neu fwy o ddibenion penodedig a chyfreithlon.

Nid yw Mind of My Own byth yn defnyddio gwybodaeth bersonol at unrhyw ddiben ar wahân i’r hyn y mae’r unigolyn wedi rhoi caniatâd iddo wrth ddefnyddio’r apiau.

5.3 Egwyddor 3: Digonol, perthnasol a ddim yn ormodol

Nid yw Mind of My Own ond yn cadw gwybodaeth bersonol sy’n ddigonol, perthnasol a ddim yn ormodol, sy’n golygu y delir yr isafswm gwybodaeth bersonol sydd ei hangen i gyflawni ei diben.

5.4 Egwyddor 4: Cywir a, phan fydd angen, yn cael ei ddiweddaru

Mae Mind of My Own yn annog defnyddwyr apiau sydd â’u cyfrif eu hunain i olygu eu gwybodaeth bersonol pan fydd yn newid.

5.5 Egwyddor 5: Cael ei gadw dim ond cyn hired ag y mae ei angen

Gall defnyddwyr apiau sydd â’u cyfrif Mind of My Own eu hunain ddadalluogi eu cyfrif unrhyw bryd, sy’n dileu eu data o weinyddion Mind of My Own. Er hynny bydd yn weladwy o hyd ar borth gwasanaeth y sefydliad y mae’r defnyddiwr wedi anfon datganiadau iddo. Gall unrhyw un sydd eisiau cael ei anghofio ofyn i Mind of My Own am ddilead llawn, a gaiff ei gyflawni o fewn mis, caiff ei gadarnhau trwy e-bost ac ar y diwedd bydd cofnod cyfeiriad e-bost y defnyddiwr hwnnw yn cael ei ddinistrio hefyd.

5.6 Egwyddor 6:  Cael ei brosesu’n unol â hawliau gwrthrychau data o dan y Ddeddf

Mae gan unigolion hawl mynediad cyffredinol i’w gwybodaeth bersonol sy’n cael ei phrosesu gan Mind of My Own. Mae’r holl wybodaeth honno’n weladwy i ddeiliad y cyfrif. Gall unigolion ofyn ymhellach am weld eu datganiadau Mind of My Own a anfonwyd a gadwir mewn cofnodion achos – mae hyn y tu hwnt i reolaeth Mind of My Own ac mae’n rhaid trafod hyn gyda’r sefydliad perthnasol.

5.7 Cael ei ddiogelu yn erbyn prosesu anawdurdodedig neu anghyfreithlon ac yn erbyn colled, dinistriad neu ddifrod damweiniol

Delir yr holl wybodaeth a brosesir gan Mind of My Own yn ddiogel, gan ddefnyddio prosesau a fanylir yn system rheoli gwarchodaeth wybodaeth (ISMS) Mind of My Own. Mae ISMS yn cael ei archwilio a’i adolygu’n fewnol bob mis a’i archwilio’n annibynnol bob blwyddyn am achrediad â’r safon ryngwladol ISO27001.

5.8 Peidio â chael ei drosglwyddo i wledydd nad oes ganddynt warchodaeth ddigonol

Mae’r holl weinyddion Mind of My Own ar gyfer defnyddwyr ym Mhrydain Fawr wedi’u lleoli ym Mhrydain Fawr ac nid yw gwybodaeth byth yn cael ei phrosesu neu ei throsglwyddo i wledydd eraill.

  1. Rhestr termau

Data: gwybodaeth ar ffurf all gael ei phrosesu (yn awtomatig)

Data personol: data sy’n ymwneud â rhywun byw a all gael ei adnabod naill ai o’r data, neu o’r data ynghyd â gwybodaeth arall sydd gan y rheolydd data

Rheolydd data: rhywun sydd, naill ai ar ei ben ei hun neu gydag eraill, yn rheoli cynnwys data personol a’r defnydd ohono

Gwrthrych data: yr unigolyn sy’n destun unrhyw ddata personol perthnasol (gwybodaeth)

Trydydd parti: rhywun ar wahân i’r gwrthrych data neu’r rheolydd data, neu rywun nad oes ganddo awdurdod y rheolydd i brosesu’r data

Caniatâd y gwrthrych data: arwydd penodol a gwybodus o ddymuniadau’r gwrthrych data a roddwyd o’i wirfodd sy’n nodi caniatâd yr unigolyn hwnnw i brosesu ei ddata personol.

Hoffech chi gael mwy o wybodaeth? Cysylltwch ag Yvonne Anderson, sef y Cyfarwyddwr sydd â gofal gwarchodaeth a phreifatrwydd gwybodaeth Mind of My Own. Defnyddiwch y cyfeiriad e-bost hwn: privacy@mindofmyown.org.uk 

 

Māori

Mēnā he tamaiti koe, he rangatahi rānei me mōhio koe ki ēnei mea e rima ka pēhea a Mind Of My Own mō te whakahaumaru me te whakanoho matatapu i ō taipitopito whaiaro.

  1. TE HAINATANGA

Inā ka haina koe mō tētahi pūkete, nōu tonu. Kāore e taea e ētahi kaimahi, e ētahi mātua, e ētahi kaimanaaki, e ētahi ratonga hoki te tomo atu. I te wā e haina ana ka hoatuhia he pārongo ki a koe mō tō noho matatapu kia taea ai e koe te whakaae i runga i te mōhio mō Mind Of My Own ki te pupuri i ō raraunga.

  1. TE WHAKAURU

Me āta whakahaumaruhia e koe ō taipitopito whakauru kia kore e taea e tētahi te tomo atu i tō pūkete. E āta tohutohu ana hoki mātou i muri mai i te whakamahi i te taupānga me whakaputa koe, ā, me whakamahia rānei tētahi aukatinga nuka whakahaumaru kei tūpono ngaro i a koe tō nuka.

  1. TE TUKU KŌRERO

Inā ka mutu tō whakaputa kōrero, ā, kua reri koe ki te tuku ka kite koe i ētahi atu pārongo mō tō noho matatapu hei āwhina i a koe ki te whakatau mēnā me whakaae koe ka ahatia ō pārongo i taua wā tonu.

  1. KA AHATIA TŌ KŌRERO

Inā ka tuku kōrero Mind Of My Own koe ki tētahi mātanga kei runga i te rārangi o te taupānga me mōhio mārika koe ka whakahāwinihia e rātou ō kōrero e ai ki te kaupapa here noho matatapu o tō ratou ratonga.

  1. KA TAEA E KOE TE WHAKAKORE I TŌ PŪKETE

I tō pūkete Mind Of My Own ka taea e koe te whakapanoni i ō pārongo i te wā e hiahia ana koe. Ka taea hoki e koe tonu te whakaweto i tō pūkete; kāore e taea te tiki atu anō i ngā raraunga mai tētahi pūkete kua whakawetohia. Ko te tikanga o te whakaweto ka whakakorehia ngā pārongo mōu mai ō mātou kaituku, engari ka kitea tonu ō pārongo i ngā ratonga i whakamahia e koe ki te tuku kōrero Mind Of My Own. Mēnā e hiahia ana koe ki te tino whakakore mō āke tonu atu, me te whakakore mai ngā kaituku tomokanga ki te ratonga i tukuna ai e koe ō kōrero, kei a koe te tika kia kaua koe e maumaharatia, ā, ka taea te tono ki te whakakore mō āke tonu atu. Mā mātou e whakamahi i te whakakore mō āke tonu atu, ka tuku īmēra ki a koe ki te whakamōhiohia atu kua mahia e mātou, ā, kātahi ka tango i tō wāhitau īmēra mai tō mātou pūnaha.