Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who we are?
We are Orpheus Mind Technologies Limited (Company number 12038605) and our registered office is c/o Slater Heelis LLP, 86 Deansgate Manchester M3 2ER and we collect, use and are responsible for personal information about you. We are the ‘controller’ of this information for the purposes of the General Data Protection Regulation, Data Protection Act 2018, and other applicable data protection laws.
Our Data Protection contacts are Dr David Jay or Mr Peter Owen.
Personal Information we collect about you
We may collect, use, store and transfer the following different kinds of personal information about you:
- Telephone number
- Email address
- Marketing preferences
We do not hold payment details of our individual customers on our internal systems.
How your personal information is collected
We collect all personal data from you when you give us your personal information by filling in forms or by corresponding with us by post, phone, email or otherwise.
How and why we use your personal information?
We will only use your personal data if we have a proper reason for doing so, for example:
- For the performance of a contract with you (or, if you work for a business customer, your business).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
- Where we need to comply with a legal and/or regulatory obligation.
We have set out below, in a table format, a description of the ways we plan to use your personal data, and our reasons for doing so.
|What we use your personal information for||Our reasons|
|To register you (or, if you work for a business customer, your business) as potentially interested in our services||Necessary for our legitimate interests (i.e. to develop our services and grow our business)|
|To deliver relevant content to you and measure or understand the effectiveness of providing said content||Necessary for our legitimate interests (i.e. to study how potential customers may use our services, to grow our business and to inform our marketing strategy)|
|To provide products and/or services to you (or, if you work for a business customer, your business)||The performance of our contract with you (or your business) or to take steps at your (or your business’) request before entering into a contract|
|To prevent and detect fraud||For our legitimate interests or those of a third party (i.e. to minimise fraud that could be damaging for us and for you)|
|Operational reasons such as improving efficiency, training and quality control||For our legitimate interests or those of a third party (i.e. to be as efficient as we can so we can deliver the best service for you at the best price)|
|Ensuring the confidentiality of commercially sensitive information||For our legitimate interests (i.e. to protect trade secrets and other commercially valuable information)To comply with our legal and regulatory obligations|
|Statistical analysis to help us manage our business||For our legitimate interests (i.e. to be as efficient as we can and deliver the best service for you at the best price)|
|Marketing our services||For our legitimate interests (i.e. to promote our business)|
We may use your personal information to send you updates (by email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in processing your information for these purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed we will ask for this consent separately and clearly.
You can ask us to stop sending you messages at any time by contacting us as per the details at the bottom of this privacy notice.
Who we share your personal information with
We will not share your personal data with any third party for marketing purposes.
We have relationships with a number of third parties that we may share your personal data with e.g. for us to receive IT services. For a list of these third parties please contact our Data Protection Contact.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent.
Where your personal information is stored
Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents.
Some of these third parties may be based outside the European Economic Area and where we share personal information out of the European Economic Area these transfers are subject to special rules under European and UK data protection law.
The Orpheus App is hosted on AWS servers in the London, UK Data Centre. The Modules in the App are hosted on AWS servers and delivered by AWS CloudFront which has over 100 edge locations around the world depending on where the user is. The App uses TLS encryption, and the transfer of data between the App and servers is encrypted over HTTPS.
How long will we store your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal or regulatory requirements. In some circumstances you can ask us to delete your personal data (see “Your rights” below). Personal data is destroyed after the 10 year retention period.
Under the General Data Protection Regulation, you have the following rights that you can exercise free of charge.
- Access to your personal information and other supplementary information;
- Rectification of any mistakes or completion of missing information we hold on you;
- Erasure of your personal information in certain circumstances;
- Receiving a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing and in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way.
For more information about these rights including the circumstances in which they apply see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you want to exercise any of these rights, please:
- Email Personal Data Contacts at the below address;
- Provide other information so that we can identify you. We may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address;
- State the right or rights that you wish to exercise.
We will respond to you within one month from when we receive your request.
Security for your personal information
We have appropriate security measures to prevent your personal information from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
If you require further information about how we protect your data, please contact our Data Protection Contact (see “How to contact us” below).
How to complain
Please contact our Data Protection Contact if you have any issues or complaints (see “How to contact us ” below).
The General Data Protection Regulation also gives you the right to make a complaint with a supervisory authority, in particular, in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns or on 0303 123 1113.
Changes to this privacy notice
This privacy noticed was published on 2 May 2020.
We may change this policy from time to time. When we do we will inform you.
How to contact us
If you have any questions about this privacy notice or the information we hold about you or wish to opt-out please contact the Data Protection Contact.
The best way to do this is to email us at firstname.lastname@example.org, using the subject header “FAO: Data Protection Officer”.
Do you need extra help?
If it would like to have this notice in another format (for example: in another language, audio, braille) please contact us (see “How to contact us” above)