Apps User Privacy Policy
For children and young people using Mind Of My Own apps: If you are a child or young person then you need to know these five things about how Mind Of My Own keeps your personal details safe and private. A. When you sign up for an account it belongs to you only. No practitioners, parents, carers or services can access it. During the sign-up you are given information about your privacy so you can give informed consent for Mind Of My Own to store your personal data. In this policy, a “practitioner” means the person who is supporting you when you send statements in the apps. This might be your social worker or IRO, teacher, youth justice worker, or another children’s service professional. B. Make sure you keep your log in details safe so that no one else can get into your account. We also recommend that after using the app you log out or use a device security lock (e.g. you lock your phone) in case you lose your device. C. When you finish making a statement and are ready to send it, you will see some more information about your privacy that will help you decide whether to consent to what happens to your information at that point. D. When sending a Mind Of My Own statement to a professional listed on the app, you can expect they will treat what you say according to their service’s privacy policy. This means they attach it to your case file or might share it with other colleagues. They will also contact you by phone, text or email. If you can’t remember their privacy policy, then ask them for a copy. E. In your Mind Of My Own account you are able to edit your information any time you want. You can also delete your account yourself, using the button on the Account page. You can’t retrieve data from an account that is deleted, so as part of the deletion procedure, we will send you a link to a zipped PDF containing all of the statements you have made. This will happen within two weeks of you choosing to delete your account. Deleting means that all information about you, or created by you, in Mind Of My Own, will be deleted from our servers, but your information will still be visible by the services you have used to send Mind Of My Own statements to. If you want absolute total deletion, including deleting from the service portal at the organisation your statements were sent to, then you have the right to be forgotten and can request a full delete by email DPO@novevasoftwaregroup.com. Where possible, we will do the full delete, let you know by email that we did it, then remove your email address from our system. |
Introduction
We want to keep your personal data safe. This privacy policy explains how Mind Of My Own (“we”, “us”) will use the personal data you provide in the apps, and who we share it with. This policy is for children and young adults using the Mind Of My Own apps, which include One app, Express, Service portal and Xchange (the “apps”).
1. Our role and responsibilities
1.1 Mind Of My Own (“we”, “us”) will process (which means, use, handle, store or hold) your personal data when you use the apps. Personal data means any information that can be used to identify you, such as your name, date of birth or contact details. Personal data can also be information about your health or wellbeing.
1.2 Mind Of My Own is the controller of the personal data you put in the apps. If you want to get in touch with us, you can contact us (or ask a parent or responsible adult to do this for you), through the contact details provided at section 6 of this privacy policy.
2. How we follow the rules in data protection laws to keep your data safe
2.1 Data protection is an area of the law that sets rules on how your personal data can be used, and how it should be protected. We know it is very important that we keep your personal data safe, and so we will only process it in a way that follows the rules written in data protection laws called the UK General Data Protection Regulation (or UK GDPR) and the Data Protection Act 2018 (or DPA 2018).
3. Your rights under data protection laws
3.1 You have different rights under the UK GDPR around how we use your personal data. The rights you have allow you to:
- request access to your personal data, which means asking for a copy of the personal data held about you
- request to correct your personal data
- request to have your personal data deleted, in certain circumstances
- request us to stop, or to restrict the processing of your personal data, in certain circumstances
- request the transfer of your personal data to you or another person/company (this is called data portability)
- object to how your personal data is processed in certain circumstances
- be informed about how your personal data is being used
- remove your consent to the processing of your personal data at any time (where we rely on your consent to allow us to process it).
You also have the right to say no to processing of your personal data where it is usedfor:
- automated decision-making processes (when we make decisions about you using only computers and without any humans involved)
- profiling purposes, for example to predict your behaviour or interests.
However, we do not use your personal data for automated decision-making processes or profiling purposes.
If you want to use any of the rights set out above, please contact us (or ask a parent or responsible adult to do so for you) using the contact details set out in paragraph 6 below, or through the Account page within the app.
4. The data protection principles
To comply with the law, Mind Of My Own must follow the data protection principles set out in the UK GDPR. This means that Mind Of My Own will process your personal data:
- fairly, lawfully and transparently
- for specified, explicit and legitimate purposes
- in a way that is adequate, relevant and limited to only what is necessary
- in a way that is accurate and, where necessary, the data will be kept up to date
- for no longer than is necessary
- in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
- with accountability, being able to show we have complied with these principles.
4.1 Principle 1: Data is used fairly, lawfully and transparently
This means that when we are collecting personal data from you, we must make sure that we clearly explain:
- the types of personal data we collect about you
- the lawful basis we rely on to process it
- whether we share the personal data with any third parties, and if so, who they are.
4.1.1 What personal data do we collect about you?
We will collect personal data about you to allow you to use the apps. The types of personal data we collect are explained below:
- Information we use to know who you are, such as your first name, last name, date of birth.
- Information we use to contact you where you provide this, such as your email address
- We might also collect information about the device (e.g. your phone) you use to log on to use the apps, such as your login data, browser type and version, time zone setting.
- Information about your account on the app, such as your username and password.
- Information you provide when you use the apps, such as information about your wellbeing and your health that you might write about in your statements, should you chose to provide it.
- Sometimes we might collect data that is more sensitive about you (this includes details about your race or ethnicity, religion, sexual orientation, information about your health), when you chose to provide it. This is called special category data.
4.1.2 Who do we share your personal data with?
Your personal data may be shared with some other people and organisations that are listed below:
- Practitioners who you send your statements to in the apps.
- The organisations that the practitioners work for (e.g. social services)
- Companies that help us with fixed technical problems in the apps
- The companies that we pay to store your personal data
None of your personal data will be shared or sent outside of the UK.
4.1.3 What lawful basis do we rely on to use your personal data?
We have to follow the rules set out in the law when we process your personal data. One of those rules means that we are only allowed to process your personal data if we have something called “lawful basis” to do so. We rely on one or more of the lawful bases listed below:
- Legitimate Interests: We collect and use your personal data for our legitimate interests in running and providing the services on the app, such as to allow us to set up user accounts, to provide IT services and technical support.
- Consent: We rely on your consent when you have given your active agreement for us to use your personal data for a specific reason. You can stop giving your consent at any time in the apps through the button on the Account page.If you stop giving consent, this will not affect the lawfulness of any processing carried out before you stop consenting. If you do stop giving your consent, we may not be able to provide the apps services to you. We will advise you if this is the case at the time you stop giving your consent.
4.2 Principle 2: Data is used for specified, explicit and legitimate purposes
4.2.1 Why do we use your personal data?
Mind Of My Own uses your personal data for these purposes:
- to provide the services within the apps, such as to allow you to set up an account and to be able to send a statement to a practitioner.
- to allow us to carry out system maintenance and technical support
- Where you give your consent to the processing of your personal data, we will only use that personal data for the purposes you have consented to.
4.3 Principle 3: Data is used in a way that is adequate, relevant and limited to only what is necessary
4.3.1 How much personal data do we hold about you?
Mind Of My Own only holds the minimum amount of personal data needed to achieve the purposes for processing set out above.
4.4 Principle 4: Data is accurate and, where necessary, kept up-to-date
4.4.1 How do we keep your personal data accurate?
Mind Of My Own encourages app users with their own account to edit their personal data as and when it changes. You can also request to exercise your right to have your personal data corrected as explained above in section 3.
4.5 Principle 5: Data is not kept longer than is necessary
4.5.1 How long do we hold your personal data for?
Mind Of My Own will only use and store your personal data for as long as needed to achieve the purposes we collected it for. This includes storing the personal data to allow you to use the app, or for as long as needed to comply with our legal requirements.
You can also request for us to delete the personal data we hold about you as explained above in the statement on page 2, and in section 3 of this privacy policy.
4.6 Principle 6: Data is handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
4.6.1 How do we keep your personal data safe and secure?
Mind Of My Own follows the rules that are written in the UK GDPR to keep your personal data safe and secure. This includes protecting your personal data from being accidentally lost, or from being accessed or used without permission. All personal data processed by Mind Of My Own is processed securely, using processes detailed in the Mind Of My Own Cloud security policy.
5 In-app consent
5.1 We will ask for your consent to process your personal data before you can use some parts of the apps. We will provide you with clear information in the apps about how your personal data will be used so that you can choose if you want to give your consent.
5.2 You can choose to read this information about consent either as normal text, or words with pictures in the apps. You might also be shown this information by a Practitioner before you give your consent.
6. How to contact Mind Of My Own
6.1 If you have any questions about this privacy policy, or about how we use your personal data, or if you want to use any of your privacy rights (listed in section 3), please contact us (or ask your parent or responsible adult to contact us for you) through our contact details below:
- Our email address is: DPO@novevasoftwaregroup.com
- Our registered office address is 86-90 Paul Street, London EC2A 4NE
6.2 If you want to contact our Data Protection Officer, please use the contact details below:
7. Your right to make a complaint
7.1 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which is the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance using the contact details above.