Online Services Privacy Policy

HealtheMinds is committed to protecting your privacy. There are various ways that you might interact with HealtheMinds, and the information you provide when doing so allows us to improve our services.

This privacy policy applies to HealtheMinds Solutions Pvt Ltd (“HealtheMinds”, “we”, “our”, “us” and “Company”) and covers our collection and processing activities as a data controller. It governs how we handle your personal information during the course of our business.

This Online Services Privacy Policy (“Privacy Policy”) describes our practices in connection with information we collect through online and mobile websites, platforms, services and applications that we own or operate and that contain a link to this Privacy Policy (collectively, “Online Services”).

Our Online Services are designed to provide tools for you to use to treat or support your mental wellness.

If you are visiting us from the European Union (“EU”) or European Economic Area (“EEA”), please see the section entitled “Additional Information for European Union Users” for information on how we comply with privacy laws applicable to you.

HealtheMinds may amend this privacy policy from time to time. This page will always have the latest version and the Effective Date is at the top of this page. Whether you are a casual visitor to our website, a regular client or just someone who’s considering becoming a client of HealtheMinds, we urge you to read this privacy policy carefully and check it regularly for updates.

By using the Online Services, you consent to our collection, use, disclosure and storage of information as described in this Privacy Policy.

 

Definitions

HealtheMinds

HealtheMinds means HealtheMinds Pvt Ltd, a mental wellness company with its registered address at Plot No. G7, Opposite Graphite India, Whitefield, Bangalore 560 048 INDIA.

Personal Data

Personal data means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, e-mail addresses, etc. but also includes any other information relating to that person which, if combined, means that the person can be identified.

Special Category Data

Special category data means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetic, biometrics (if used for identification purposes), health, sex life, or sexual orientation.

Processing

Processing covers all activities relating to the use of personal data by an organisation, from its collection to its storage and disposal, and everything in between.

GDPR

GDPR is the General Data Protection Regulation issued by the European Union. It regulates the processing of personal data of individuals in the EU by an individual, company or organisation.

Data Subject

Data Subject is the person whose personal data is being processed.

Data Controller

Data Controller means the person or company who determines how and for what purposes personal information will be processed.

Data Processor

Data Processor means the person or company who processes personal information on behalf of the data controller.

 

Principles for Processing Personal Data

We adhere strictly to these principles when processing your personal data:

  • Fairness and lawfulness. When we process any personal data, your individual rights as a data subject are protected. All personal data must be processed in a legally compliant and fair manner.
  • Restricted to a specific purpose. We process your personal data only for specific purposes which are described in this privacy policy.
  • You have the right to be informed of how your personal data is processed and what we use it for.

 

What Personal Data We Collect

When you register for Online Services, we may collect the following Personal Data from you:

  • Your full name, preferred name, postal address, e-mail address, telephone number, virtual conferencing ID (for example, your Skype, Zoom or Google Meet ID)
  • Healthcare provider name and contact details
  • Health insurance provider name and ID (if you are eligible for our services under your insurance plan)
  • Your employee number, company name, postal address, e-mail address, telephone number (if you are part of an Employee Assistance Program or EAP)
  • Password
  • Sex and gender
  • Date of birth
  • Other demographic information
  • Moods, goals, thought records, assessments and questionnaires, messages and session recordings with your counsellor, therapist or customer service agent (if connected)
  • Messages, appointments and session recordings with your clinician (if connected)
  • Website usage data, device and system data, such as type of device, operating system and network information)
  • Other information as described in this Privacy Policy

We may enter into business associate agreements with your employer (EAPs). To make our Online Services available to participants in such EAPs, we may collect Personal Data about you, directly or indirectly, from or through your employer. In such a case, the privacy of your Personal Data will be governed by the agreement entered into between HealtheMinds and your employer for the purposes of the EAP. Please contact your employer for a copy of the appropriate Privacy Policy.

When you use Online Services, you may provide certain Personal Data directly to us, including when you allow us to obtain information about you from other sources.

We may also obtain automatically-collected information through the Online Services. We may use cookies, tokens, tags, beacons, scripts and Web server logs, as well as functionality that can collect data from a mobile device. This automatically-collected information may include demographic, de-identified, aggregated or certain information collected automatically through your device, such as technical information about your device, Web browser information and server log files collected by us or provided by you. Our mobile applications may also collect information specific to the use of your mobile device, such as a unique device identifier or precise geolocation information.

Certain features of the Online Services may actively record information about you as you use the Online Services.

You may limit the Personal Data you provide or make available to us if you wish; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.

Our Online Services operate on computer servers located in India; therefore, any Personal Data you provide will be processed by a computer server located in India.

 

How We Use Personal Data

We may use your Personal Data for a number of purposes, such as:

  • To respond to an e-mail or particular request from you
  • To communicate with you
  • To provide you with content through our Online Services or other services that we offer
  • To process an application for a service you have requested
  • To authenticate you on any portion of our Online Services and with vendors acting on our behalf
  • To administer surveys and promotions
  • To personalise your experience of Online Services
  • To provide you with informational or promotional offers that we believe may be useful to you, as permitted by law
  • To perform analytics to improve our Online Services and other services
  • To comply with applicable laws, regulations and legal processes
  • To protect someone’s health, safety or welfare
  • To protect our rights, the rights of our affiliates or related third parties, or take appropriate legal action, such as to enforce our Terms of Use
  • To keep a record of our transactions and communications
  • To conduct health and behavioural research, including with our research partners
  • As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law, or for any other purpose with your consent

We may use Personal Data to contact you through any contact information you provide through our Online Services or any other services we offer, including any e-mail address or telephone number.

We may, when permitted, combine your Personal Data with other information, whether online or offline, maintained and available to use from you or from other sources, and we may use and disclose the combined data for the purposes described in this Section or for internal business purposes.

We may, when permitted, use and disclose anonymised and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes, such as evaluating the effectiveness of Online Services or providing additional benefits, programs and services.

We may use your Personal Data for internal research purposes, and we may share such information with third party research partners who are bound to maintain the confidentiality of any and all personally identifiable information and use it only for such research purposes as described under “How We Share Personal Data”.

 

How We Share Personal Data

We will only share your Personal Data with third parties as outlined in this Privacy Policy and as otherwise permitted by law or as permitted with your consent, including:

  • We may share Personal Data if all or part of the Company is sold, merged, dissolved, acquired or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events
  • We may share Personal Data in response to a court order, subpoena, search warrant, or to comply with law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to others.
  • We may share Personal Data within the Company, including among affiliates, or with our parent company, or subsidiaries.
  • We may share Personal Data with third-party companies that we have a business relationship with or hire to perform services on our behalf, including assisting with the purposes described under the “How We Use Personal Data” section. For example, we may hire a company to help us send and manage e-mail, and we might provide that company with your e-mail address and certain other information in order for them to send you an e-mail on our behalf. Similarly, we may hire companies to host or operate some of our Online Services and related computers or software applications. These service providers are not allowed to use or disclose your Personal Data other than as specified in our contract with them and as permitted by law.
  • We may share aggregate information about the usage, performance and outcomes of our Online Services with your healthcare provider, employer or the party that referred you to us, but we will not share your personal thought records (where you record your thoughts and emotions) or personally identifiable content from your thought records with them.
  • We may share information about your use of the Online Services with your healthcare provider or EAP administrator solely to evaluate the performance of the Online Services and manage your care. We will not share your thought records with your healthcare provider or EAP administrator.
  • We may share information with research partners or other third-party companies conducting mental health or behavioural research, including your Personal Data. However, we will require that such companies and their vendors not disclose any such Personal Data; that they and their vendors use such Personal Data only for research purposes; and that they and their vendors not use such Personal Data to direct any advertising to you or evaluate you for any third-party product or service or for any employment opportunity.

 

Posting Messages, Comments & Content

Our Online Services may have collaboration areas, including but not limited to blogs, events, live chats, webcasts, etc. that permit users to have collaborative discussions and/or share information. Please note that any information you submit or post to these collaboration areas may be visible to other users of the Online Services, and such users may share that information with others. Therefore, please be thoughtful in what you write and always assume that this information is public.

 

Social Media

If you are a user of social media and are considering posting content about us on your social media account, please read this section carefully.

We are under no obligation to screen or monitor your social media posts or any other user content. However, we reserve the right to monitor participation to ensure that, in responding to any social media posts we may make, you stay on topic, are courteous, and avoid making offensive comments. Your posts and user content in response to or addressed to our social media posts must adhere to the following requirements and cannot:

  • Contain any third-party material including logos, drawings, tattoos, photographs, pictures, sculptures, paintings or other images or works of art, phrases, trademarks, trade secrets or other items without explicit prior permission to use such materials
  • Contain any sexually explicit, graphic, gratuitous or unnecessarily violent content
  • Contain any defamatory or derogatory content against any ethnic, racial, gender, religious, sexual orientation, professional or age group or contain any pornographic material
  • Contain any private information about yourself or any other individual, including, without limitation, information related to the health of the individual, financial information about the individual, or any identifying or account numbers relating to the individual, with or without their consent
  • Contain any software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment
  • Contain any advertising, promotional materials, junk mail, spam, chain letters, pyramid schemes, or promote any illegal activity or solicitation

We reserve the right to edit comments for content, remove off-topic contributions, delete offensive comments or remarks, block offensive contributors and delete actual or suspected spam directed at us from our Online Services or social media.

Please be aware that once you post something online, there is potential for numerous individuals to read your words, even years from now. Therefore, we suggest that you exercise caution when posting on any social media and never disclose Personal Data of any kind.

We accept no responsibility for the content of any comments or responses posted by other persons not authorised by us to any social media or to our Online Services. We do not control the placement of any marketing or advertising displayed on our web pages by social media or third-party entities.How to Manage Your Personal Data

Our Online Services may permit you to view your profile, if applicable, and access related Personal Data about you and to request changes to, or deletion of, such Personal Data. If this function is available, you may have access to a page on the Online Services through which you may review your profile, if applicable, and related Personal Data, and you may have options to modify or delete the Personal Data.

Please remember, however, that if we have already disclosed some of this Personal Data to third parties, we may not have access to that disclosed information and may not be able to force the deletion or modification of any information by the third parties to whom we have made those disclosures.

If you need assistance in opting out of a communication, please contact us at info@HealtheMinds.org. Please be aware that opt-outs may not apply to certain types of communications, such as account status, Online Service updates, or other communications.

 

Cookies & Tracking

HealtheMinds may use various technologies, including cookies, tokens, tags, Web logs, Web beacons, scripts, and Web server logs, to automatically collect information, and may aggregate this information from our Online Services visitors or to enable certain features of our Online Services.

This information may include demographic data, technical information about the device used to connect to the Online Services, Web browser information, your Internet Protocol (“IP”) address, your Operating System (“OS”), camera use, use of screen, patterns of application usage, and browsing behaviour such as pages visited and how often they are visited (“Activity Information”).

We may use third-party analytics companies to provide these services. We may also use third-party service providers to use cookies and other technologies to collect information and track browsing activity over time and across third-party websites such as Web browsers used to read our website, which websites are referring traffic to or linking to our websites, and to deliver targeted advertisements to you. We do not control these third-party technologies and their use is governed by the privacy policies of third parties using such technologies.

For more information about third party advertising networks and similar entities that use these technologies, visit http://www.aboutads.info/consumers. To opt out of such ad networks’ and services’ advertising practicies, visit http://www.aboutads.info/consumers and http://www.networkadvertising.org/choices. You may choose to opt out of all participating advertising companies or only advertising provided by specific advertising companies.

Please note that to the extent that advertising technology is integrated into the Online Services, you may still receive advertisements even if you opt out of tailored advertising, though in that case the ads will not be tailored. We do not control any of the above opt-out links and are not responsible for the choices you make using these mechanisms the continued availability, effectiveness and accuracy of these mechanisms.

Activity Information is captured using various technologies and may include cookies. A “cookie” is a small text file that may be placed on your computer when you visit an Online Service or click on a link. Cookies may include “single session cookies” which generally record information during a single visit to a website and are then erased, and “persistent cookies” which are generally stored on a computer unless or until they are deleted or set to expire.

You may disable cookies and similar items by adjusting your privacy settings or browser preferences at any time; however, this may limit your ability to take advantage of all the features of our Online Services.

You may also manage the collection of Activity Information by:

  • Managing the use of “Flash” technologies with the Flash management tools
  • Clicking on the opt-out link at the bottom of the applicable Web page
  • Visiting Google to opt out of display advertising or customising Google display network ads

Please note that we do not currently respond to Web browser “Do not track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites.

We gather Activity Information about you to improve the quality of our Online Services and website experience. Without limiting the other ways in which we may use your Personal Data as described herein, we may otherwise use and disclose your Activity Information unless restricted by this Privacy Policy or by law.

Some ways in which we use your Activity Information include:

  • Customising your website experience, including recording and managing your preferences
  • Authenticating your account information
  • Marketing, product development and research
  • Tracking resources, content and data accessed through Online Services
  • Developing reports regarding Online Service usage, activity and statistics
  • Assisting users experiencing problems with our services
  • Quality control of our therapy, counselling and clinical services
  • Updating and servicing our Online Services
  • Enabling new and improved functions and tools on the Online Services
  • Tracking paths of visitors to and within the Online Services to improve and simplify navigation

We may use tracking technologies that allow us to recognise your device when you return to our Online Services within a certain period of time, determined by us, and to support automatic log-in to your Online Services. To maintain your privacy, you should affirmatively log out of your account prior to your session ending. Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any other user of your device visits the Online Services.

 

Information We Collect through Google Analytics

 If you visit this site and have javascript enabled on your computer or mobile device, your activity on this site is being tracked through Google Analytics, which collects information anonymously and reports website trends to us without identifying individual visitors. Google Analytics collects a variety of information from site visitors, including the Internet Protocol (IP) address that is used to connect your device to the Internet (which it does not report to us), your Internet Service Provider (ISP), browser software, type of operating system, the full Uniform Resource Locator (URL) clickstream to, through and from our website, including date and time, cookie, the length of time you spend on each page, which links you click while on our site, and similar site visit information. Google Analytics data are shared with Google.

For more information on Google Analytics or to opt out of having your information shared through Google Analytics, visit http://support.google.com/analytics/answer/6004245.

For more information on Google’s privacy policy, visit https://policies.google.com/privacy?hl=en.

 

How We Protect Personal Data

We maintain administrative, technical and physical safeguards designed to protect Personal Data that you provide on our Online Services. These safeguards vary based on the sensitivity of the information that is being collected, used and stored. However, no security system is impenetrable and we cannot guarantee the security of our Online Services, nor can we guarantee the security of the Personal Data you transmit to us over the Internet, including your use of e-mail. We are not liable for the illegal acts of third parties such as criminal hackers or purveyors of malware.

It is your responsibility to safeguard the devices you use to access our Online Services, and to use appropriate security settings on those devices. If those devices are stolen, lost or misplaced, others may be able to access your account and your Personal Data using those devices. If you log into the Online Services using a public or shared device, or a device belonging to another person, you should affirmatively log out of your account prior to ending your session. Otherwise, the next user of the device may be able to access your account and the information therein.

We are not responsible for any harm that may result from someone accessing your account or Personal Data on a lost, stolen or misplaced device or on a public or shared device where you do not, for any reason, take the necessary precautions to ensure that you affirmatively log out from said device when your session has ended.

We offer mobile applications that enable us to communicate with you through push notifications. You may be able to turn off push notifications in your mobile phone settings. You may also be able to control preview settings in your e-mail applications. Please note that choosing to disable some functionality in the website or mobile application may impact the functionality of other areas of the website or mobile application.

We have extensive controls in place to maintain the security and integrity of our information systems and the data contained therein. Your Personal Data is protected with safeguards according to the sensitivity of the information. Appropriate controls, such as restricted access, are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to employees and third-party service providers who are authorised.

As a condition of employment, HealtheMinds employees are required to follow all applicable laws and regulations, including those relating to data protection and privacy. Access to sensitive or personally identifiable client information is limited to those employees and third-party partners who need it to perform their professional duties. Unauthorised use or disclosure of confidential client information is prohibited and may result in disciplinary action up to and including termination of employment or contract and legal action.

When you contact HealtheMinds via a medium other than the Online Services, you may be asked for some Personal Data to authenticate you and ensure that only you or someone authorised by you has access to your Personal Data available with us. You may be similarly asked to authenticate yourself in the event that you forget your Online Services password and are unable to reset it on your own, or require other technical support that involves accessing the Personal Data in your Online Services account.

We retain your Personal Data for as long as necessary for the purpose for which it was collected, subject to a longer period if the Personal Data is relevant to a legal challenge.

 

Children Under the Age of 13

We do not intentionally collect any information from children aged under thirteen years through our Online Services without receiving written parental consent. If you think we have collected such personal information from a child under the age of thirteen through our Online Services, please contact us immediately at info@HealtheMinds.org.

 

Additional Rights for European Union Users

The following sections (“Personal Information”, “Data Controller and Data Protection Officer”, “EU and UK Residents Under 16”, “Lawful Basis for Data Processing”, “Retention” and “Your Rights”) apply to you if you are a resident in the EU or the EEA using our Online Services (an “EU User”).

 

Personal Information

References to “Personal Information” in this Privacy Policy are equivalent to “Personal Data” governed by the GDPR.

 

Data Controller and Data Protection Officer

HealtheMinds is the Data Controller of your Personal Data for purposes of GDPR. You can contact our Data Protection Officer at info@HealtheMinds.org.

 

EU and UK Residents Under 16

HealtheMinds’s Online Services may not be used by any EU or UK residents under the age of sixteen years.

 

Lawful Basis for Data Processing

We only collect, store and process the personal information of EU Users where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:

  • You, the Data Subject, have given consent to the processing of your personal information for one or more specific purposes, for example by consenting to receive electronic marketing communications, in which case you may withdraw your consent subsequently at any time by e-mailing info@HealtheMinds.org without affecting the lawfulness of processing based on consent before its withdrawal
  • Processing is necessary for the performance of services to which you, the Data Subject, are a party
  • Processing is necessary to comply with a legal obligation to which HealtheMinds, as a Data Controller, is subject
  • Processing is necessary for the purposes of the legitimate interests pursued by us as the Data Controller, or by a third party, except where such interests are overridden by your, the Data Subject’s, interests or fundamental freedoms, which require protection of your personal information

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. However, we will not share personal information of EU Users with a third party for research purposes unrelated to improving our services without obtaining your prior consent to do so as required b

 

Retention

If you are an EU User, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

By law, we are required to keep basic information about our customers (including Contact, Identity, Financial and Transaction information) for a period mandated by law in each region where we operate after they cease being customers for tax purposes. The mandated period varies by country.

In some circumstances, we may anonymise your personal information, in which case we may use this information indefinitely without further notice to you.

 

Your Rights

GDPR gives EU Users certain rights regarding your personal information. EU Users may ask us to take the following actions in relation to your personal information that we hold:

  • Opt in or opt out if you want to receive or discontinue receiving direct marketing communications. You may continue to receive service-related and other non-marketing communications
  • Get access to your personal information and understand how we process it and for what purposes
  • Update or correct inaccuracies in your personal information
  • Delete your personal information
  • Transfer a machine-readable copy of your personal information to you or a third party of your choice
  • Object to our reliance on our legitimate business interests as the basis of our processing of your personal information that impacts your rights

You can submit these requests by e-mail to info@HealtheMinds.org. We may request specific details from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described below or submit a complaint to the data protection regulator in your jurisdiction.

 

When This Privacy Policy Applies

Our Privacy Policy applies to Online Services that we own or operate and that contain a link to this Privacy Policy. Our Policy does not apply to information collected through other means such as by telephone, via mobile applications that do not link to this Privacy Policy, or in person, though that information may be protected by other privacy policies.

Our Privacy Policy does not apply to the practices of other companies or other websites or software applications that may be linked from or made available through our Online Services. Some online services offered by us may be governed by a separate privacy policy.

The inclusion of a link on our Online Services or the ability to utilise a third-party website or software application through our Online Services does not imply that we endorse or otherwise monitor the privacy or security practices of the that third-party website or software application or the accuracy of its content. Your use of a third-party website or software application is governed by that third-party’s privacy policy.

This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

 

Contact Us

Contact us regarding this Privacy Policy, our privacy practices, of if you believe we or any company associated with us has misused your information, by writing to the Data Protection Officer, HealtheMinds Pvt. Ltd., Plot No. G7, Opp. Graphite India, Whitefield, Bengaluru 560 048 INDIA or sending an e-mail to info@HealtheMinds.org.

 

Changes to this privacy policy

If we decide to change our privacy policy, we will post the changes here. If the changes are significant, we may also choose to e-mail all our registered users with the new details. If required by law, we will get your permission or give you the opportunity to opt out of any new uses of your data.