Skip to main content

Introduction

The Pathway through Pain program is produced and run by Wellmind Health. The program is deployed in NHS healthcare settings after being evaluated and validated by expert healthcare professionals. If you have a clinical safety concern, please report it using the contact details in section (13) of this Privacy Policy.

Here we explain how personal data is collected when you participate in the program, how that data is used, your rights, and how you can control/delete that data.

For your security, we are committed and legally required to maintain the confidentiality and integrity of any information you give us. We understand that the privacy and security of your personal data is an important issue and we are committed to protecting it. We aim to be completely transparent on how we collect, process and store your personal data and to ensure that the data we collect is kept to the minimum required for program participation.

'Personal data', is any data that can be used to directly contact or identify an individual, such as full name or email address, as well as any data that is combined directly with such data.

We will treat your personal information and data in accordance with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and the US Health Insurance Portability and Accountability Act (HIPAA). When we collect or use your data, Wellmind Health is the "data controller", which means we decide how and why your data is processed.

For program participants in the USA, please note that there are local state laws, that may provide you with additional rights with regard to your personal data that are not pre-empted by this Privacy Policy.

Our website contains a few links to other websites belonging to third parties which are not covered by this privacy policy. If you want to go through to a third-party website, please make sure that you read the privacy policy for that website.

1. How we obtain your personal data

You provide us information about yourself in various ways when you follow the program. For example, you provide us with data such as your name and email address, or otherwise provide us with various personal information when you interact with the program. We also collect personal information when you communicate directly with us by email or phone.

2. What personal data we collect

  • a. Contact data, including your email address.
  • b. Technical data such as your IP address or web browser type.
  • c. Your responses to self-assessment questionnaires on the program.
  • d. The information you enter as part of your online coursework.

3. How we use your personal data

Wellmind Health processes your personal data for the following purposes:

  • to enhance the learning experience by presenting data in the form of charts and graphs to you as you progress through the program;
  • to provide program support requested by you and any related communications;
  • to analyse trends and profiles in order to better understand our performance, improve the program and better meet the needs of participants;
  • to comply with legal obligations and regulatory compliance;

We reserve the right to anonymise (modify to render anonymous) any data collected from you. Once rendered anonymous this data may be used by us to support research activities, provided that your identity is kept anonymous at all times and cannot be derived from the anonymised data. Also, summaries of anonymous Personal Data (for example average scores of all program participants on questionnaires) will be used to improve the program, and may be used in publications or on the website to indicate the effectiveness of the program. This anonymous data will consist solely of summary information and will not include any personal information that can be used to identify participants of the program. Your participation with the program implies consent for the use of summary data in this way.

The program is marketed and defined as suitable for adults looking to improve their mental health. We do not knowingly collect data relating to minors. If we become aware of a minor registering on the program, they are informed and their account is closed with related data erased. 

4. How we use cookies

A cookie is a small text file stored by your browser on your device when you visit our web pages. We only use those cookies necessary for you to login and use the program securely and for us to track and analyse usage and other statistical information to improve the experience of program participants. We do not use cookies or any other tracking technologies for marketing, remarketing or advertising purposes.

We use strictly essential secure 'session' cookies to enable the identification of users so that they can login and use the program securely. A session cookie expires when you close your browser. The cookies do not contain any personally identifiable data.

Additionally, we make use of non-essential Google Analytics cookies to analyse user behaviours and so improve the functionality of our web pages. 

Please see our Cookie Policy which explains more about our use of cookies and how you can block or manage them.

5. Sharing your personal data

We will not make any personal information about your participation with the program available to any other party, except where you have been given a place on the program by a sponsor. In the case where you have been given access by a sponsor, personal information may be shared with them, with the exception of your coursework and entries in your online diary, which are totally confidential.

If you accept our non-essential Google Analytics cookies when you visit our web pages, then your data about visits and navigation of the website is shared with Google.

6. Our legal basis for processing your data

Before you can begin the program, you are required to agree to this Privacy Policy and the associated Terms and Conditions, which gives us your consent to collect and process your personal data. You have the right to withdraw your consent at any time by contacting us. Please note that without your consent, we will be unable to deliver the program to you.

  • a) Personal data

The law allows us to collect and use personal data if it is reasonably necessary to achieve our purpose (as long as to do so it is fair, balanced and does not unduly impact on your rights). Our purpose is the running of the web-based program and delivering to you the most effective learning experience.

  • b) Sensitive Personal Data

We also collect sensitive personal data known as "special category personal data" as defined in Article 9 of GDPR, in the form of the health information that we collect when you complete the program self-assessment questionnaires. We rely on your consent to legally collect and process this sensitive personal data. We use this data to present charts to you of your self-assessed health information, so you can review your progress on the program. We only collect from you the minimum information necessary for this purpose.

7. How long we keep your information

We only keep your personal information for as long as necessary to fulfil the purposes we hold it for, including satisfying any legal, accounting or regulatory requirements. We keep the necessary personal information for this purpose so you can take long breaks during the program and also to provide you with ongoing access to the post-program online resources.

After a period of 8 years from your last activity, your program related data will be deleted. At any time, you can cancel your participation with the program and have us delete the personal information that we hold.

8. Communicating with you

We may use your email contact details to provide you with information about the program, which we consider may be of interest to you. You can opt out of receiving these emails from us at any time by clicking the "unsubscribe" link at the bottom of our emails. This does not include the program integrated emails, which the receipt of is necessary for program participation.

9. Security

We implement strict security measures to protect against the loss, misuse and alteration of your personal information. No other parties have access to or control over our program platform on Amazon Web Services.

The web-based program is protected by HTTPS, meaning that any personal information that you transfer to us is encrypted and stored as securely as possible.

We make sure that your personal information is only accessible by trained staff that need this data in order to carry out their functions.

We maintain processes and procedures for keeping an audit trail of access to your Protected Health Information (PHI).  All program participant and administrator access and activity within the web-app and/or administration system is logged. Any change to any object is logged in a centralized table. Full versions of certain objects are retained providing full auditing and rollback capabilities.

We regularly review all internal security and privacy policies to ensure that all personal information within, or passing through the company, is handled in accordance with GDPR regulations.

10. Your rights

We rely on your consent to use your personal information and you can withdraw that consent at any time. You also have the following rights:

  • Right of access - You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you. We may ask you for additional information to confirm your identity before disclosing personal information to you.

  • Right of rectification - You have the right to request that we correct inaccurate personal information concerning you. You can ask us to check if you are unsure.

  • Right of erasure - You may request we delete your personal information.

  • Right to restrict processing – You may ask for our use of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.

  • Right to object - You can ask us not to use your personal information to communicate with you, or where we are using it on the basis of our legitimate interests or for research or statistical purposes. You may opt-out from email communications by clicking the 'unsubscribe' link in our emails or contact us.

  • Right to data portability – Where we are processing your personal information by 'automated means', you may ask us to provide your personal information to you or another service provider in a machine-readable format.

  • Rights related to automated decision-making – You have certain rights in relation to decisions made solely on the basis of automated processing of your personal information that has legal or similar effects on you.

  • Right to inspect personal data – You have the right to inspect your personal data and personal health information and how it is used and shared. Under certain limited circumstances, we may deny an individual’s request for access to a portion of the Personal Health Information requested. In this circumstance, you have the right to have the denial reviewed by a licensed healthcare professional who did not participate in the original decision to deny.

    Right to opt out of processing activities – You can opt out of the processing of the personal data that you share with us when you participate with the program. If you opt out, it will not be possible to continue with the program as data processing is necessary to deliver our service.
To exercise any of your rights please get in touch with us as described in the Contact details section (13) of this Privacy Policy. We respond to any requests to exercise rights within 48 hours. When doing this you can request to be contacted in a different way to email. For example, you can ask for correspondence by post to be sent to your home or place of work. There are no charges you will incur when you exercise your rights.

11. Location of Hosting

The personal information that we collect is stored and processed at the Amazon Web Services cloud London region in the UK. 

12. Changes to this policy

We may need to update this Privacy Policy from time to time, including to reflect changes in the relevant law or in the way we collect, process and store your data. We will notify you if significant changes are made to this Privacy Policy.

13. Contact details

If you have any queries relating to this Privacy Policy, please contact Will Mulder, our Data Protection Officer (DPO) or any of the team here either,

  • by email. contact@wellmindhealth.com
  • or by phone. Tel. +44 (0)1273 325136
  • or by post. Wellmind Health Ltd. 124 City Road, London, EC1V 2NX, United Kingdom.

You are entitled to make a complaint to the Information Commissioners Office (ICO) at any time. We are always grateful for the opportunity to resolve your concerns before you feel it is necessary to approach the ICO.

Privacy Policy Changes

  • 29 Apr 18    GDPR update
    23 May 19   Policy clarification update
  • 10 Jun 19    Policy clarification update
  • 18 Nov 21    Policy clarification update
  • 17 May 22   Policy HIPAA clarification update
  • 04 May 23  Policy clarification update