This privacy policy applies to the use of Kind Minds website, web app and WhatsApp service. Upon HR leaders enrolling their organisation via our web app, employees are on boarded and can interact with Kind Mind through WhatsApp.

This document, updated on 19/09/2024, explains how we collect, use, and handle personal data through these specific channels to ensure your privacy and data protection. Please read this policy carefully to understand our practices regarding the management of your personal data across each platform.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This App and Website is not intended for children and we do not knowingly collect data relating to children. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. This policy is provided in a layered format so you can click through to the specific areas set out below.

Important Information and Who We Are

This privacy policy provides information on how Kind Mind collects, uses, and manages the personal data of users through our website, web app, and WhatsApp service. Kind Mind is the data controller responsible for your personal data under this policy. If you have any questions about this policy or our privacy practices, please contact our Data Privacy Officer at:

Email: hello@kindmind.app
Address: 54 Rhiwbina Hill, Cardiff, CF14 6UQ

The Data We Collect About You

We collect various types of personal data to provide and improve our services:

Contact Data: Email addresses and phone numbers
Identity Data: Names, titles, and other identifiers..
Technical Data: IP addresses, browser types, and other system data.
Usage Data: Information on how you interact with our website and app.
Wellbeing Data: Responses to wellbeing assessments.
Marketing Data: Information about your company such as size (number of employees) and your role within the organisation, used for segmentation and personalised marketing.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Wellbeing Data to calculate the percentage of users feeling stressed in a period of time and share such Aggregated Data with your employer.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions or trade union membership). Nor do we collect any information about criminal convictions and offences.

How Is Your Personal Data Collected

Information you give us through the website: Employers provide data directly when using our website. This includes Identity and Contact Data filled out during registration, inquiries, or when requesting resources or newsletters. Employers also submit Marketing Data such as company size and the representative's role to tailor experiences and offerings.

Information you give us through the web app: Employers input data through our web app during the employee onboarding process. This typically includes Employee Contact and Identity Data, which is used to register employees and initiate their access to services, including the WhatsApp integration for further engagement.

Information you give us through WhatsApp: Employees interact with Kind Mind through WhatsApp, where they provide Wellbeing Data directly by responding to surveys and Usage Data by engaging with personalised content designed to support their specific well-being needs. This interaction is crucial for delivering tailored well-being support directly to employees.

Information we receive from other sources including third parties:

Device Data: We receive analytics data, such as usage statistics and engagement metrics, from providers like Google based outside the UK.
Crisis Line Data: We have a relationship with ThroughLine Care, from whom we receive data related to crisis support interactions, enhancing our ability to provide timely and effective assistance.

Cookies

We use cookies and/or other tracking technologies to distinguish you from other users of the App or Website and to remember your preferences. This helps us to provide you with a good experience when you use the App or Website and also allows us to improve them. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our cookie policy.

How We Use Your Personal Data

We process your personal data to provide, maintain, and improve our services, as well as to ensure legal compliance. Here are the specific ways in which we use the data we collect:

Service Delivery: Using Contact and Wellbeing Data to customise and deliver our services through the web app and WhatsApp, ensuring that employees receive personalised well-being support.
User Experience Enhancement: Utilising Technical and Usage Data to enhance the functionality and user-friendliness of our website and web app, which helps in creating a more personalised experience for employers.
Communication: We use Contact Data to send updates, information about new services, and responses to inquiries or feedback.
Legal and Regulatory Compliance: Ensuring compliance with applicable laws and regulations, which may include using personal data to fulfil legal obligations.
Marketing and Promotions: Using Marketing Data to inform employers about relevant services, promotions, and offers that may interest them, enhancing their engagement and satisfaction with our services.
Analytics and Performance Improvements: Analysing data collected from various sources, including third-party analytics and crisis line interactions, to improve service effectiveness and user engagement

Each use of data is justified under applicable data protection laws to ensure that we operate not only in compliance with legal standards but also with a commitment to maintaining user trust.

Disclosures of Your Personal Data

In order to provide seamless services and comply with legal obligations, we may share your personal data under certain circumstances:

Service Providers: We share data with companies that provide services on our behalf, such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, and auditing services.
Legal Requirements: We may disclose your data if required by law or in response to valid requests by public authorities, such as to meet national security or law enforcement requirements.
Business Transfers: If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
Third Parties: With your consent, we may share data with third parties outside the organisation, such as marketing partners who may offer services that complement those provided by Kind Mind.
Crisis Support: We share relevant data with ThroughLine Care when necessary to provide urgent support and crisis intervention services, ensuring timely and effective assistance is available.

International Transfers

Given that your data is stored in AWS servers within the eu-north-1 region (Stockholm, Sweden), we ensure all data handling complies with European data protection standards. For internal transfers of data within Kind Mind:

Within the EU: Transfers between our services and partners are protected under GDPR, ensuring data remains within the EU, thus maintaining high levels of data protection.
Outside the EU: If data needs to be transferred outside the EU for any operational reasons, we implement stringent measures such as standard contractual clauses approved by the European Commission. This ensures that the data protection level remains consistent with European standards.

Data Security

Ensuring the security of your data is a paramount concern at Kind Mind. Here’s how we safeguard your information:

Encryption Standards: All data is encrypted both at rest using AES-256 encryption standards and in transit with SSL/TLS protocols, as hosted on AWS services.
Access Controls: We implement stringent access controls through AWS IAM roles and policies, along with Hasura's role-based access controls, to manage who can see and use specific data sets.
Audit and Monitoring: Continuous monitoring is enabled with AWS CloudTrail and Hasura audit logs, ensuring all access and changes to sensitive data are logged and reviewed.
Incident Response: We have a robust incident response plan in place, regularly tested through drills, to quickly address any security breaches and mitigate potential impacts.

Each use of data is justified under applicable data protection laws to ensure that we operate not only in compliance with legal standards but also with a commitment to maintaining user trust.

Data Retention

Our data retention practices are designed to comply with legal obligations while respecting your privacy rights:

If the Customer fails to make payment of any part of the Price on a due date then, without prejudice to any other right or remedy available to the Service provider, the Service provider shall be entitled to:-

Retention Periods: We retain personal data only as long as necessary for the purposes for which it was collected, plus any additional period required by law. Specific details about retention periods for different types of data are available upon request.
Legal Requirements: By law, we must retain basic customer information, including Contact Data, for six years after they cease being customers.
Deletion and Anonymisation: You can request the deletion of your data, subject to certain conditions. In some cases, we may anonymise your personal data for research or statistical purposes, using this anonymised information indefinitely without further notice.
Inactive Accounts: If you do not use the app for a specified period, we may consider your account as expired, and your personal data may be deleted accordingly.

Your Legal Rights

You have specific rights regarding the personal data we hold about you. Here’s an overview of your key rights:

Right to Access: You can request access to your personal data to verify the lawfulness of the processing.
Right to Correction: You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure: Also known as the right to be forgotten, you can request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing: You have the right to block or suppress processing of your personal data under certain circumstances.
Right to Data Portability: This allows you to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Right to Object: You have the right to object to processing of your personal data based on a particular situation, including for marketing purposes.