Ieso Digital Health Limited (”We”) are committed to protecting and respecting your personal data and privacy.
These Privacy Notices cover personal information processing of data collected via the Site and/ or direct marketing/ business development emails, and reflect legal requirements and regulations. Here we explain what personal information we collect about you, how it is used, shared, secured, stored, and how you can exercise choices and manage your data. For the purpose of data protection legislation, the data controller is Ieso Digital Health Ltd of The Jeffreys Building, Cowley Road, Cambridge, CB4 0DS, registered with the Information Commissioner (ZA239229). Under the General Data Protection Regulations the different purposes of processing your data are legally permitted under Article 6 (1) (a) consent, Article 6 (1) (b) contract or Article 6 (1) (f) legitimate interests (Where the legal basis of the processing is Legitimate Interests, a legitimate interests assessment has been carried out and the legitimate interests identified as being able to inform existing customers about changes in the service, our attendance at conferences etc, or to make potential new customers aware that services/ opportunities to meet us exist (including within the NHS where there is public interest in individuals having access to services that support them with their mental health needs), to provide answers to questions posed by website visitors), or information to potential investors, business partners and/ or collaborators.
Information we collect from you
You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services/ information.
Information collected automatically from you as a result of your interactions with the Site
We do not collect any personal information from you on this site if you click on ‘Career opportunities’ or ‘Become an Ieso therapist’. In these instances, you are delivered to our recruitment site which has its own set of privacy notices and you personal details are collected there.
Information we collect from other sources
For the purposes of direct marketing we may collect your identity and contact data including title, name, job title/ function, the organisation you work for or are engaged by, email address, telephone numbers, address from:
How we use collected information
Ieso takes care to ensure that only the right people have access to your personal data. We have internal procedures in place to safeguard your privacy and anyone within Ieso receiving information about you will be under an equal legal duty to keep it confidential.
If you require information requested via our ‘contact us’ website forms, or by email, that is best answered by our PR agency (with whom we have appropriate confidentiality and data protection agreements), your contact details will be passed to them to respond.
We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation or for any other reason than those set out in this policy without your knowledge or permission unless we have an overriding legal duty to do so.
If you are an individual representing an organisation for whom our company or services may be, or already are, of interest and are added to our customer relationship management system and or marketing automation system, then we may contact you in line with our marketing and business development communications protocols and Legitimate Interests Assessment for purposes such as informing you about Ieso services or attendance at conferences etc, and where we offer you the option of opting out of such communications.
In the event that we undergo re-organisation or all or a part of our business is sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party, whether such acquisition is by way of merger, consolidation, or purchase of all or a portion of our assets, or in connection with any bankruptcy or reorganization proceeding brought by or against us.
We may disclose aggregate statistics about visitors to the Site in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
Transferring data outside the UK
We seek where possible to prevent any transfers of your personal information to countries which do not have adequate data protection standards.
The European Commission makes the decisions on the adequacy of the protection of personal data in third countries and have decided that personal data can flow safely between countries in the European Union, the European Economic Area (EEA), and 11 other territories without any further safeguards being necessary.
Transfers outside these areas are only made when the data is stored/ processed by the SaaS providers we use – see ‘How we store your personal data’ below.
How we secure your personal data
We place great importance on the security of personal information. We have put controls in place to safeguard your personal information, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal information under Our control. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We have achieved the International Standard certification for Information Security (ISO 27001) and maintain the Cyber Essentials Plus certification.
How we store your personal data
We use a small number of well known SaaS providers to store your information and we have Data Processor Agreements in place with each. These providers either store the data in the UK or EEA or have in place Binding Corporate Rules, EU-US Privacy Shield self certification, or EU Model Clauses to uphold your legal data protection rights.
If we are keeping your contact details to inform you of the service becoming available to you, we will ask you at 5 year intervals whether you wish us to continue doing this. (You can let us know that you do not want us to continue to do this at any intervening time.)
If you are in a self referral area and begin the referral process on this Site, your personal details will form part of your health record which we retain as a resource that you can return to at any time you wish. This can help you remember coping strategies, techniques or processes that you learnt in therapy. If you were to experience a setback between sessions or after you’ve completed treatment you may find it useful to refer to your therapy transcripts and messages. Also, if you were to require further therapy sessions at any time in the future, your therapists would be able to access all your therapy notes. We retain your clinical record by reference to the IGA Records Management Code of Practice for Health and Social Care guidance for managing health records https://digital.nhs.uk/information-governance-alliance and to support our legal obligations to be accountable for your care.
If you have sent a contact message via the website or a direct email, the retention periods for your personal information will vary. We will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of it, and any applicable legal or regulatory requirements.
Our retention practices are reviewed at least annually in conjunction with industry standards and best practice.
Your data protection rights
Data protection law provides you with rights that Ieso Digital Health is committed to supporting you with:
Right to Access
You have the right to obtain:
If you feel there is an error of fact within your personal details held by us, please contact us. If we agree the information is incorrect, the alteration will be made, but if we are not satisfied the information is factually incorrect, a note will be made of the information you consider is inaccurate, and you will be notified of either the correction or the note.
Data protection law also includes the right to make other requests to seek to erase, port, object to and restrict personal data processing where certain limited grounds apply. Note however that data processed for health, employment and legal purposes, or where other legitimate grounds for the processing apply, are examples of circumstances where some of these rights may be restricted or not apply in practice. Where the legal basis of the processing is Legitimate Interests and the activity is direct marketing, the right to object is absolute.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
If you need any assistance in these areas, please contact our Data Protection Officer.
A cookie is a small data file stored by your browser on your device's hard disk for record-keeping purposes and typically includes a unique reference code that relates to, or is accessed from, a user's device and that enables that device to be remembered when next visiting the same site.
Session cookies are stored only temporarily during a browsing session and are deleted from the user’s device when the browser is closed;
Persistent cookies are saved on your computer for a longer, fixed period and are not deleted when the browser is closed and are used to remember you when you visit the website again; and
Third party cookies are set by a different organisation to the owner of the website you are visiting. They might include cookies set for website visitor analytics or embedded content, for example Google Analytics. You can opt-out from the collection of this information by Google by downloading and installing a browser plug-in at https://tools.google.com/dlpage/gaoptout.
Most computers and some mobile devices will automatically accept cookies but, if you prefer you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the Site.
Any third-party websites you access because of your role as an employee of Ieso will be covered by their own cookie policies, which should be easily accessible on their sites, and are not the control or responsibility of Ieso.
Questions, comments and requests regarding these privacy notices or data protection should be addressed to our Data Protection Officer (DPO): Helen Simpson email@example.com
Changes to these Privacy Notices
Changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third Party sites
Our site may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.