Last updated January 2025
Please read this Privacy Notice carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information. We do not and will not sell your data to third parties.
We respect your right to privacy and are committed to protecting it and complying with data protection laws. We will always keep your personal data safe. We will be clear and open with you about how we collect your personal data and how we use it. Where you have choices or rights, we will explain them to you and respect your wishes.
Mindchart (‘we’ / ‘us’ / ‘our’) is owned and run by Mindchart Health Ltd, with a registered office at 167-169 Great Portland Street, 5th Floor, London W1W 5PF.
For the purpose of data protection law, Mindchart Health Ltd is the data controller of your data and processes your data on behalf of your service provider, our customer. We are registered with the Information Commissioner’s Office. Our registration number is: ZB609147.
How to contact us
If you have any questions about the content of this privacy notice or the processing of your personal data you can contact us at:
Postal address
Mindchart Health Ltd
167-169 Great Portland Street
5th Floor
London
W1W 5PF
You may also like to contact your service provider if you would like more information on how they use your data.
You can contact the Information Commissioner’s Office if you would like to complain about how we use your data, or find out more about data protection legislation.
https://ico.org.uk/global/contact-us/
We may collect, store and process any of the following information about you, some of which is ‘personal data’. Personal data as defined by data protection law is any information about an individual from which the person can be identified.
You may give us information about yourself by completing surveys, questionnaires or forms on our website platform at www.mindchart.co.uk or any other prefixed URL by which our service might be accessed (our ‘Platform’). This includes information that you or your service provider gives during registration on our platform or when requesting further information from us. We may also ask for further information when you report a problem with our platform or the services we provide. If you contact us, we may keep a record of any correspondence.
All of the information entered into our Platform will be done in collaboration with you or your service provider (e.g., clinic / clinician / therapist / mental health professional). Your data is created directly by you or your service provider when any survey, questionnaire or form is completed as part of your therapy / treatment.
The information you or your service provider gives to us may include your name, your date of birth, your gender, your email address, and information about any mental health conditions and treatments. Some of this information constitutes special category personal data that needs more protection because it is sensitive data.Health data is Special Category Personal Data and we collect it when you provide us information about your health through surveys and questionnaires. We also may collect information about your mood and other states via our Platform. By using our Platform and our services, you explicitly consent to our processing of your sensitive personal data or special category data as described in this privacy policy.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your questionnaire data with other users of our Platform to calculate the percentage of users showing a change on a specific measure.
However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Notice.
We will not process your special category personal data in order to aggregate it without a lawful basis to do so.
By submitting your personal data, you agree to us storing and processing it. We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy. All personal identifiable information we collect is automatically encrypted using an industry standard AES algorithm and is stored on or within servers that are secure and comply with ISO 27001. Safety features to protect information against unauthorised access in the event a portable device with access to the patient identifiable information is lost or stolen are in place and systems are capable of withstanding a determined and intelligent attempt to access the information without permission.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The GDPR has been written to ensure that your rights are central to how organisations manage your data. You have certain rights, depending on the basis for processing, that you can exercise at any time.
You can find more information about your individual rights on the website of the Information Commissioners Office here.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will keep personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your therapy/treatment has ended. This information will not be freely accessible to anyone and will only be accessed by your service provider.
