We're committed to safeguarding your privacy.
MyTransitions (‘We’, ‘Our’ or ‘Us’) are committed to safeguarding your privacy as a user of Our web application (the ‘Application‘).
We process your personal data and for the purposes of the Data Protection Act 2018 (the ‘Act‘) and the General Data Protection Regulations (2016/679) (‘GDPR‘). We are a
- ‘Data Processor’: which means We collect, record, organise, structure, store, use and otherwise deal with your personal data.
- We are instructed by a ‘data controller’ (the lead service supporting you) how to deal with your personal data – how to process your information and what to process. For those working with GSH we are the lead service therefore also the data controller.
Service users in Ireland: GPs are independent data controllers in their own right and may refer patients to MyTransitions for this service. MyTransitions are also data controllers for this programme as they collect, record, organise, structure, store, use and otherwise deal with your personal data. The HSE supports the MyTransitions service but is not the designated data controller for any personal data collected and processed by MyTransitions.
How we use your personal data
Below We set out:
- the general categories of personal data We process;
- the purposes for which We process that personal data; and
- the legal basis for processing that personal data.
- ‘Account Data’ – This is information provided to Us by the data controller when registering for Our services. Account Data includes your name, address, date of birth, email address and telephone number. Account Data is processed for the purposes of setting up, providing access to and operating your account on Our Application.
- ‘Correspondence Data’ – This is information contained in or relating to any communication that you send to Us. Correspondence Data may be processed for the purposes of communicating with you and recording Our communications with you. The basis for processing is Our legitimate interest in the proper administration of Our Application and communications with its users.
- ‘Enquiry Data’ – This is the information you provide to Us by contacting Us in relation to Our services. Enquiry Data may be processed for the purposes of offering relevant services to you.
- ‘Profile Data’ – This is the information you provide through your user profile on Our Application. This includes your name, address, email address, telephone number, profile picture, your gender, interests. written thoughts, reflections, personal opinion, photographs and documents. Profile Data may be processed for the purposes of enabling and monitoring your use of Our Application and services.
- ‘Usage Data’ – This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and Application navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the Usage Data is Our analytics tracking system. This Usage Data may be processed for the purposes of analysing the use of the Application and services.
- ‘Wellbeing Data’ – This may include health records, referral information to other services and self- assessment scores. Well-being data is processed to safeguard, protect or improve your well-being and otherwise as part of the provision of Our services to you. The basis for this processing is legitimate interest as set out by the controller(s). Where We have reasonable grounds to believe that your well-being is at risk, We will otherwise process Well-being Data in order to protect your vital interests.
Sensitive personal data
We may ask you to provide sensitive personal data when using Our Application. We will only collect your sensitive personal data in line with controllers’ requirements for legitimate interest to provide the services requested: fulfilling contractual obligations with the controllers.
Sensitive personal data includes information relating to:
- your ethnic origin;
- your religious beliefs;
- your physical or mental health or condition;
- your genetics or biometrics; and
- your sexual life.
Processing personal data out of necessity and/or legal obligation
We may process any of your personal data where it is;
- necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or otherwise. The basis for this processing is Our legitimate interest in the protection of; and being able to assert, Our legal rights, your legal rights and the legal rights of others; and/or
- necessary for compliance with a legal obligation to which We are subject, or in order to protect your vital interests or the vital interests of another natural person.
Personal data provided by third parties
Occasionally We may receive personal data about you from third parties, which We will add to the data We already hold about you in order to help Us deliver and improve Our service to you. Where appropriate and proportionate, We will advise of the source and type of that data. Your rights in relation to that personal data are also as set out below.
Personal data about other individuals
Please do not supply any other person’s personal data to Us, unless We expressly ask you to do so.
Children’s personal data
Where you are a child below the age of 16 years of age, We will only process your personal data where consent is given or authorised by the holder of parental responsibility to the relevant controller(s).
Who your information might be shared with
We may disclose your personal data:
- to other companies within Our group (including any subsidiaries) insofar as is reasonably necessary for the purposes set out in this policy;
- subject to your consent, to Our agents and service providers, insofar as is reasonably necessary in providing Our services to you. This includes;
- Your referrer: being the person or organisation that referred you to Our application for the purpose of you receiving access to education, early wellbeing support, mental health promotion and self-care; and
- Education, Employment, Health and Social Care Professionals: for the purpose of tailoring and recording support and meeting your well-being needs.
- to anyone that you grant access, via your account login;
- to protect your vital interests or those of another where We have a legitimate concern about your or their safety; and
- to law enforcement agencies in connection with any investigation to help prevent unlawful activity or otherwise in compliance with a legal obligation to which We are subject.
We may use your email address; provided as part of your Account Data and Enquiry Data to send email marketing communications about:
- new interventions; and
- new developments to the Application.
You will be asked to expressly agree in advance to Our use of your personal information for marketing purposes.
You may opt out or instruct Us at any time not to process your personal information for marketing purposes.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you;
- We store your personal data on secure servers; and
- Our systems are PEN tested ensuring security.
While We will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason We cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact Us using Our contact details below.
What can I do to keep my information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Retaining and deleting personal data
The personal data that We process will not be kept for longer than is necessary for the processing purpose.
We will retain your personal data for 1 year from the closure of your account, at the end of which it will be deleted from Our systems.
In some instances, your personal data may be retained for a longer period. This includes:
- where you seek re-referral to Our service;
- where the data controller determines a longer retention, period is required (your data controller will inform you of this);
- where you are Looked After and/or Leaving Care;
- where necessary for Us to defend or bring any actual or contemplated legal proceedings;
- where there are; or reasonably may be, child or adult protection or safeguarding concerns, or otherwise in order to protect your vital interests or the vital interests of another natural person.
You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this Application.
We may also notify you of changes to this policy by email or through messages displayed on your profile and/or Our Application.
You have the following rights in respect of the personal data We hold about you:
- Right of accessYou have the right to request a copy of the personal data which We hold about you. You may also request details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Requests should initially go to the data controller.
- Right to rectificationYou have the right to have any inaccurate personal data about you rectified and to have any incomplete personal data about you completed.
- Right to erasureIn certain circumstances, you have the right to request that We delete personal data held about you, free of charge and without undue delay.Those circumstances include:
- where personal data is no longer necessary in relation to the purposes for which they were processed;
- the processing is for direct marketing purposes; and/or
- the personal data have been unlawfully processed.
Where data has been lawfully processed and is integral to the data controllers processing, erasure may not be granted.
- Right to restrict processing of your personal dataYou have the right to ask Us not to process your personal data where:
- the accuracy of the personal data is contested;
- processing is unlawful and you do not wish for the personal data to be erased; and
- We no longer need the personal data for the purposes of Our processing, but where you require the data for the establishment, exercise or defence of legal claims.
- Right to object to processing of your personal dataYou have the right to object to Our processing your personal data:
- on grounds related to your situation. We will stop processing your personal data unless We have a legitimate ground for processing which overrides your interests or rights;
- where processing is for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
- Right to Data PortabilityWhere the legal basis for Our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from Us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
- Right to Withdraw ConsentWhere the legal basis for Our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- Right to ComplainIf you consider that Our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
Exercising your rights in relation to your personal data
You can exercise your rights at any time by contacting the us using the contact details below. Your request will then be shared with the Controller.
Following a request by you, We may request account information and/or proof of your identity and address in order to help Us identify you (for example, a copy of your driving licence or passport and a recent utility or credit card bill).
Where you request a copy of the personal data which We hold, the first copy will be provided free of charge, however We may charge a small administration fee for additional requests.
Our details and how to contact us
The Application is owned and operated by MYMUP Digital Ltd, a community interest company registered in England and Wales under Company Number: 11318914.
Our registered office address and principal place of business and Postal Address is:
Regus 1st Floor East Suite
You can contact Us:
- By post, using Our Postal Address;
- By email to firstname.lastname@example.org; or
- By telephone on 01274 897714.
Data Protection Officer
Our nominated Data Protection Officer for the purposes of the Act and the GDPR is Kaela Shuttleworth.
You can contact Our Data Protection Officer:
- By post, using Our Postal Address;
- By email to email@example.com; or
- By telephone on 01274 897714.