HealtheMinds is committed to protecting your privacy. There are various ways that you might interact with HealtheMinds, and the information you provide when doing so allows us to improve our services.
Our Online Services are designed to provide tools for you to use to treat or support your mental wellness.
If you are visiting us from the European Union (“EU”) or European Economic Area (“EEA”), please see the section entitled “Additional Information for European Union Users” for information on how we comply with privacy laws applicable to you.
HealtheMinds means HealtheMinds Pvt Ltd, a mental wellness company with its registered address at Plot No. G7, Opposite Graphite India, Whitefield, Bangalore 560 048 INDIA.
Personal data means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, e-mail addresses, etc. but also includes any other information relating to that person which, if combined, means that the person can be identified.
Special Category Data
Special category data means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetic, biometrics (if used for identification purposes), health, sex life, or sexual orientation.
Processing covers all activities relating to the use of personal data by an organisation, from its collection to its storage and disposal, and everything in between.
GDPR is the General Data Protection Regulation issued by the European Union. It regulates the processing of personal data of individuals in the EU by an individual, company or organisation.
Data Subject is the person whose personal data is being processed.
Data Controller means the person or company who determines how and for what purposes personal information will be processed.
Data Processor means the person or company who processes personal information on behalf of the data controller.
Principles for Processing Personal Data
We adhere strictly to these principles when processing your personal data:
- Fairness and lawfulness. When we process any personal data, your individual rights as a data subject are protected. All personal data must be processed in a legally compliant and fair manner.
- You have the right to be informed of how your personal data is processed and what we use it for.
What Personal Data We Collect
When you register for Online Services, we may collect the following Personal Data from you:
- Your full name, preferred name, postal address, e-mail address, telephone number, virtual conferencing ID (for example, your Skype, Zoom or Google Meet ID)
- Healthcare provider name and contact details
- Health insurance provider name and ID (if you are eligible for our services under your insurance plan)
- Your employee number, company name, postal address, e-mail address, telephone number (if you are part of an Employee Assistance Program or EAP)
- Sex and gender
- Date of birth
- Other demographic information
- Moods, goals, thought records, assessments and questionnaires, messages and session recordings with your counsellor, therapist or customer service agent (if connected)
- Messages, appointments and session recordings with your clinician (if connected)
- Website usage data, device and system data, such as type of device, operating system and network information)
When you use Online Services, you may provide certain Personal Data directly to us, including when you allow us to obtain information about you from other sources.
Certain features of the Online Services may actively record information about you as you use the Online Services.
You may limit the Personal Data you provide or make available to us if you wish; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.
Our Online Services operate on computer servers located in India; therefore, any Personal Data you provide will be processed by a computer server located in India.
How We Use Personal Data
We may use your Personal Data for a number of purposes, such as:
- To respond to an e-mail or particular request from you
- To communicate with you
- To provide you with content through our Online Services or other services that we offer
- To process an application for a service you have requested
- To authenticate you on any portion of our Online Services and with vendors acting on our behalf
- To administer surveys and promotions
- To personalise your experience of Online Services
- To provide you with informational or promotional offers that we believe may be useful to you, as permitted by law
- To perform analytics to improve our Online Services and other services
- To comply with applicable laws, regulations and legal processes
- To protect someone’s health, safety or welfare
- To keep a record of our transactions and communications
- To conduct health and behavioural research, including with our research partners
- As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law, or for any other purpose with your consent
We may use Personal Data to contact you through any contact information you provide through our Online Services or any other services we offer, including any e-mail address or telephone number.
We may, when permitted, combine your Personal Data with other information, whether online or offline, maintained and available to use from you or from other sources, and we may use and disclose the combined data for the purposes described in this Section or for internal business purposes.
We may, when permitted, use and disclose anonymised and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes, such as evaluating the effectiveness of Online Services or providing additional benefits, programs and services.
We may use your Personal Data for internal research purposes, and we may share such information with third party research partners who are bound to maintain the confidentiality of any and all personally identifiable information and use it only for such research purposes as described under “How We Share Personal Data”.
How We Share Personal Data
- We may share Personal Data if all or part of the Company is sold, merged, dissolved, acquired or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events
- We may share Personal Data in response to a court order, subpoena, search warrant, or to comply with law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to others.
- We may share Personal Data within the Company, including among affiliates, or with our parent company, or subsidiaries.
- We may share Personal Data with third-party companies that we have a business relationship with or hire to perform services on our behalf, including assisting with the purposes described under the “How We Use Personal Data” section. For example, we may hire a company to help us send and manage e-mail, and we might provide that company with your e-mail address and certain other information in order for them to send you an e-mail on our behalf. Similarly, we may hire companies to host or operate some of our Online Services and related computers or software applications. These service providers are not allowed to use or disclose your Personal Data other than as specified in our contract with them and as permitted by law.
- We may share aggregate information about the usage, performance and outcomes of our Online Services with your healthcare provider, employer or the party that referred you to us, but we will not share your personal thought records (where you record your thoughts and emotions) or personally identifiable content from your thought records with them.
- We may share information about your use of the Online Services with your healthcare provider or EAP administrator solely to evaluate the performance of the Online Services and manage your care. We will not share your thought records with your healthcare provider or EAP administrator.
- We may share information with research partners or other third-party companies conducting mental health or behavioural research, including your Personal Data. However, we will require that such companies and their vendors not disclose any such Personal Data; that they and their vendors use such Personal Data only for research purposes; and that they and their vendors not use such Personal Data to direct any advertising to you or evaluate you for any third-party product or service or for any employment opportunity.
Posting Messages, Comments & Content
Our Online Services may have collaboration areas, including but not limited to blogs, events, live chats, webcasts, etc. that permit users to have collaborative discussions and/or share information. Please note that any information you submit or post to these collaboration areas may be visible to other users of the Online Services, and such users may share that information with others. Therefore, please be thoughtful in what you write and always assume that this information is public.
If you are a user of social media and are considering posting content about us on your social media account, please read this section carefully.
We are under no obligation to screen or monitor your social media posts or any other user content. However, we reserve the right to monitor participation to ensure that, in responding to any social media posts we may make, you stay on topic, are courteous, and avoid making offensive comments. Your posts and user content in response to or addressed to our social media posts must adhere to the following requirements and cannot:
- Contain any third-party material including logos, drawings, tattoos, photographs, pictures, sculptures, paintings or other images or works of art, phrases, trademarks, trade secrets or other items without explicit prior permission to use such materials
- Contain any sexually explicit, graphic, gratuitous or unnecessarily violent content
- Contain any defamatory or derogatory content against any ethnic, racial, gender, religious, sexual orientation, professional or age group or contain any pornographic material
- Contain any private information about yourself or any other individual, including, without limitation, information related to the health of the individual, financial information about the individual, or any identifying or account numbers relating to the individual, with or without their consent
- Contain any software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment
- Contain any advertising, promotional materials, junk mail, spam, chain letters, pyramid schemes, or promote any illegal activity or solicitation
We reserve the right to edit comments for content, remove off-topic contributions, delete offensive comments or remarks, block offensive contributors and delete actual or suspected spam directed at us from our Online Services or social media.
Please be aware that once you post something online, there is potential for numerous individuals to read your words, even years from now. Therefore, we suggest that you exercise caution when posting on any social media and never disclose Personal Data of any kind.
We accept no responsibility for the content of any comments or responses posted by other persons not authorised by us to any social media or to our Online Services. We do not control the placement of any marketing or advertising displayed on our web pages by social media or third-party entities.How to Manage Your Personal Data
Our Online Services may permit you to view your profile, if applicable, and access related Personal Data about you and to request changes to, or deletion of, such Personal Data. If this function is available, you may have access to a page on the Online Services through which you may review your profile, if applicable, and related Personal Data, and you may have options to modify or delete the Personal Data.
Please remember, however, that if we have already disclosed some of this Personal Data to third parties, we may not have access to that disclosed information and may not be able to force the deletion or modification of any information by the third parties to whom we have made those disclosures.
If you need assistance in opting out of a communication, please contact us at [email protected]. Please be aware that opt-outs may not apply to certain types of communications, such as account status, Online Service updates, or other communications.
Cookies & Tracking
HealtheMinds may use various technologies, including cookies, tokens, tags, Web logs, Web beacons, scripts, and Web server logs, to automatically collect information, and may aggregate this information from our Online Services visitors or to enable certain features of our Online Services.
This information may include demographic data, technical information about the device used to connect to the Online Services, Web browser information, your Internet Protocol (“IP”) address, your Operating System (“OS”), camera use, use of screen, patterns of application usage, and browsing behaviour such as pages visited and how often they are visited (“Activity Information”).
For more information about third party advertising networks and similar entities that use these technologies, visit http://www.aboutads.info/consumers. To opt out of such ad networks’ and services’ advertising practicies, visit http://www.aboutads.info/consumers and http://www.networkadvertising.org/choices. You may choose to opt out of all participating advertising companies or only advertising provided by specific advertising companies.
Please note that to the extent that advertising technology is integrated into the Online Services, you may still receive advertisements even if you opt out of tailored advertising, though in that case the ads will not be tailored. We do not control any of the above opt-out links and are not responsible for the choices you make using these mechanisms the continued availability, effectiveness and accuracy of these mechanisms.
Activity Information is captured using various technologies and may include cookies. A “cookie” is a small text file that may be placed on your computer when you visit an Online Service or click on a link. Cookies may include “single session cookies” which generally record information during a single visit to a website and are then erased, and “persistent cookies” which are generally stored on a computer unless or until they are deleted or set to expire.
You may disable cookies and similar items by adjusting your privacy settings or browser preferences at any time; however, this may limit your ability to take advantage of all the features of our Online Services.
You may also manage the collection of Activity Information by:
- Managing the use of “Flash” technologies with the Flash management tools
- Clicking on the opt-out link at the bottom of the applicable Web page
- Visiting Google to opt out of display advertising or customising Google display network ads
Please note that we do not currently respond to Web browser “Do not track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites.
Some ways in which we use your Activity Information include:
- Customising your website experience, including recording and managing your preferences
- Authenticating your account information
- Marketing, product development and research
- Tracking resources, content and data accessed through Online Services
- Developing reports regarding Online Service usage, activity and statistics
- Assisting users experiencing problems with our services
- Quality control of our therapy, counselling and clinical services
- Updating and servicing our Online Services
- Enabling new and improved functions and tools on the Online Services
- Tracking paths of visitors to and within the Online Services to improve and simplify navigation
We may use tracking technologies that allow us to recognise your device when you return to our Online Services within a certain period of time, determined by us, and to support automatic log-in to your Online Services. To maintain your privacy, you should affirmatively log out of your account prior to your session ending. Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any other user of your device visits the Online Services.
Information We Collect through Google Analytics
For more information on Google Analytics or to opt out of having your information shared through Google Analytics, visit http://support.google.com/analytics/answer/6004245.
How We Protect Personal Data
We maintain administrative, technical and physical safeguards designed to protect Personal Data that you provide on our Online Services. These safeguards vary based on the sensitivity of the information that is being collected, used and stored. However, no security system is impenetrable and we cannot guarantee the security of our Online Services, nor can we guarantee the security of the Personal Data you transmit to us over the Internet, including your use of e-mail. We are not liable for the illegal acts of third parties such as criminal hackers or purveyors of malware.
It is your responsibility to safeguard the devices you use to access our Online Services, and to use appropriate security settings on those devices. If those devices are stolen, lost or misplaced, others may be able to access your account and your Personal Data using those devices. If you log into the Online Services using a public or shared device, or a device belonging to another person, you should affirmatively log out of your account prior to ending your session. Otherwise, the next user of the device may be able to access your account and the information therein.
We are not responsible for any harm that may result from someone accessing your account or Personal Data on a lost, stolen or misplaced device or on a public or shared device where you do not, for any reason, take the necessary precautions to ensure that you affirmatively log out from said device when your session has ended.
We offer mobile applications that enable us to communicate with you through push notifications. You may be able to turn off push notifications in your mobile phone settings. You may also be able to control preview settings in your e-mail applications. Please note that choosing to disable some functionality in the website or mobile application may impact the functionality of other areas of the website or mobile application.
We have extensive controls in place to maintain the security and integrity of our information systems and the data contained therein. Your Personal Data is protected with safeguards according to the sensitivity of the information. Appropriate controls, such as restricted access, are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to employees and third-party service providers who are authorised.
As a condition of employment, HealtheMinds employees are required to follow all applicable laws and regulations, including those relating to data protection and privacy. Access to sensitive or personally identifiable client information is limited to those employees and third-party partners who need it to perform their professional duties. Unauthorised use or disclosure of confidential client information is prohibited and may result in disciplinary action up to and including termination of employment or contract and legal action.
When you contact HealtheMinds via a medium other than the Online Services, you may be asked for some Personal Data to authenticate you and ensure that only you or someone authorised by you has access to your Personal Data available with us. You may be similarly asked to authenticate yourself in the event that you forget your Online Services password and are unable to reset it on your own, or require other technical support that involves accessing the Personal Data in your Online Services account.
We retain your Personal Data for as long as necessary for the purpose for which it was collected, subject to a longer period if the Personal Data is relevant to a legal challenge.
Children Under the Age of 13
We do not intentionally collect any information from children aged under thirteen years through our Online Services without receiving written parental consent. If you think we have collected such personal information from a child under the age of thirteen through our Online Services, please contact us immediately at [email protected].
Additional Rights for European Union Users
The following sections (“Personal Information”, “Data Controller and Data Protection Officer”, “EU and UK Residents Under 16”, “Lawful Basis for Data Processing”, “Retention” and “Your Rights”) apply to you if you are a resident in the EU or the EEA using our Online Services (an “EU User”).
Data Controller and Data Protection Officer
HealtheMinds is the Data Controller of your Personal Data for purposes of GDPR. You can contact our Data Protection Officer at [email protected].
EU and UK Residents Under 16
HealtheMinds’s Online Services may not be used by any EU or UK residents under the age of sixteen years.
Lawful Basis for Data Processing
We only collect, store and process the personal information of EU Users where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:
- You, the Data Subject, have given consent to the processing of your personal information for one or more specific purposes, for example by consenting to receive electronic marketing communications, in which case you may withdraw your consent subsequently at any time by e-mailing [email protected] without affecting the lawfulness of processing based on consent before its withdrawal
- Processing is necessary for the performance of services to which you, the Data Subject, are a party
- Processing is necessary to comply with a legal obligation to which HealtheMinds, as a Data Controller, is subject
- Processing is necessary for the purposes of the legitimate interests pursued by us as the Data Controller, or by a third party, except where such interests are overridden by your, the Data Subject’s, interests or fundamental freedoms, which require protection of your personal information
If you are an EU User, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.
By law, we are required to keep basic information about our customers (including Contact, Identity, Financial and Transaction information) for a period mandated by law in each region where we operate after they cease being customers for tax purposes. The mandated period varies by country.
In some circumstances, we may anonymise your personal information, in which case we may use this information indefinitely without further notice to you.
GDPR gives EU Users certain rights regarding your personal information. EU Users may ask us to take the following actions in relation to your personal information that we hold:
- Opt in or opt out if you want to receive or discontinue receiving direct marketing communications. You may continue to receive service-related and other non-marketing communications
- Get access to your personal information and understand how we process it and for what purposes
- Update or correct inaccuracies in your personal information
- Delete your personal information
- Transfer a machine-readable copy of your personal information to you or a third party of your choice
- Object to our reliance on our legitimate business interests as the basis of our processing of your personal information that impacts your rights
You can submit these requests by e-mail to [email protected]. We may request specific details from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described below or submit a complaint to the data protection regulator in your jurisdiction.