MOMENT HEALTH PRIVACY NOTICE
1. ABOUT US
1.1. We are Happy Mummy Happy Baby Limited, a company with its registered address at 41 Malone Hill Park, Belfast, BT9 6RE, Northern Ireland and registration number: NI640865 (we, us, our).
1.2. We provide a website and app which provides users with information and tools relating to mental health issues. Any reference in this notice to Moment Health is a reference to these platforms (our Services)
2. ABOUT THIS NOTICE
2.1. The nature of the services we provide means that we may process Personal Data (that is information relating to an individual who can be identified). The Personal Data we hold may be about you or other people.
2.2. We understand the confidential nature of the information which our Users might want to share or upload on to their Moment Health account, so we take very seriously our obligation to manage that data responsibly. This notice is intended to explain exactly how we’ll do that, so you can be really clear on what we uses we make of any data on Moment Health.
2.3. This notice only deals with our use of Personal Data. If you decide to join our community group, this infrastructure will be provided by a third party platform (such as Facebook, Whatsapp or Twitter), which will hold your data as a controller. This notice will not apply to any such third party’s use of your Personal Data. Please read their privacy notice before making a decision about joining the group or posting any content.
2.4. We might need to change this privacy notice from time to time. We will publish our privacy notice on our website (available at momenthealth.io) and do our best to update you directly if we think the changes might affect you. Please do keep an eye on our notice before sending us any Personal Data.
2.5. If you have any questions about this notice feel free to send us an email to hello@Momenthealth.io.
3. WHO DO WE HOLD PERSONAL DATA ABOUT?
3.1. The biggest group of people we’ll hold and manage data on behalf of are users of Moment Health (Users). This could be anyone, but will typically be mothers and fathers and may also include people related to them. There may also be other users who are given access to Moment Health so they can gather statistical data. If there are, they will not be given any special access to information uploaded by another user in confidence.
3.2. We may also contract with businesses to make Moment Health (or certain functions on Moment Health) available to a designated group (such as its staff members). We will refer to any such business as an Enterprise, which term will also include their key contact(s).
3.3. Finally, we might also collect details about people who we think might be interested in using our Services at some point in the future. We will refer to this group as Prospective Customer.
4. WHAT PERSONAL DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?
4.1. There are a number of ways that we might collect information about Users. We’ve set these out below:
(i) Information which you give us directly when you contact us. This is likely to include:
- Your name and contact details
- Information about what area you live in
- Information about your family
- Information about your health or well-being
- Your interests
- Payment information
- Any other information which you send us by email or tell us over the phone
- Information you provide us with if you complete a survey
- Marketing preferences.
(ii) Information you upload on to Moment Health. This might be:
- Your name and contact details
- Information about your family or health
- Information about what area you live in
- Any images, text or other content that you decide to upload (whether in posts or comments or otherwise) relating to how you feel and experiences you’ve had
(iii) Information we collect about you. This might be:
- Information about in-app purchases or other transactions you have carried out
- Usage data: which might include information about how you use Moment Health
- Aggregate statistical data (this will be anonymised and will not identify you)
(iv) Information which we receive from other people. This could be:
- Information that another User shares about you in a community group (though we don’t consciously or intentionally record or store any social media conversations which take place)
- If you have been given access to Moment Health at the request of an Enterprise, we may have received your name and contact details from the Enterprise.
4.2. Some of the data which we hold in connection with our Services to you may include Special Categories of data. That is: details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.
(i) Information which an Enterprise provides us about its key contact(s). This could be:
- Name and business contact details
- Information about your job position and authority to act for the Enterprise.
(i) Information which a Prospective Customer gives us directly. This is likely to include:
- Name and contact details
- Information about your business, workforce and needs (if relevant)
- Any other information which you send us by email, post or telephone
(ii) Information we collect about Prospective Customers. This might be:
- Usage data: which might include information about how you use Moment Health
- Traffic data: which might include information about websites, ads or links which you clicked on before, during or after visiting Moment Health
- Technical data: which might include information about the device you used to access Moment Health.
For more information about what cookies we use, please see our Cookies Policy, which can be accessed here.
5. ARE WE ACTING AS A CONTROLLER OR PROCESSOR?
5.1. Under EU data protection law any business handling data must be doing so either as a Controller or Processor.
- A Controller is the business which makes the decision about what Personal Data to collect and the purposes for which the data should be used.
- A Processor is the business which is only managing the Personal Data because they have been asked to do so by the Controller. Save for decisions relating to security and technical processes, a Processor does not have discretion about how the Personal Data should be used.
5.2. Since we decide what data to collect and make decisions about how to use it, we believe we are acting as a Controller in respect of any Personal Data we hold. This means that we make decisions about what types of Personal Data we need to collect and retain, and we have discretion about how it should best be used in order to provide our Services and run our business effectively.
6. HOW WE USE PERSONAL DATA AND OUR LAWFUL BASES FOR DOING SO
6.1. We may use Personal Data relating to Users as set out in the table below.
6.2. Where we have relied on legitimate interests as our lawful basis, we have carried out a legitimate interests assessment and have concluded that: (i) the processing is necessary to protect our legitimate interest (running our business); (ii) that such use is likely to be reasonably expected by Users and is not likely to be invasive of their privacy, and; (iii) as the processing is intended to safeguard the running of the business, the processing is likely to be aligned with the interests of Users (by helping us provide a sustainable and robust service).
6.3 We may use Personal Data relating to Enterprises for the following purposes:
Prospective Customer Data
6.4 We may use Personal Data about Prospective Customers as set out in the table below.
7. DISCLOSURE OF PERSONAL DATA
7.1. We may disclose Personal Data that we hold to other parties in the following circumstances:
(i) to our employees and third parties who are contracted to help us to provide our Services and our business. We may transfer Personal Data to processors for the following services:
- Email Provider
- (and app sales)
Any such employees and/or processors contracted by us will be subject to strict contractual requirements only to use Personal Data in accordance with our privacy notice. If you would like more information about third party processors used by us, please contact us at hello@Momenthealth.io.
(iii) to any buyer if we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.
7.2. We may also disclose anonymised aggregate data to third parties for academic research purposes.
7.3. If you join a community group or decide to publish a blog or post, the content you upload will be available to other Users or members of the group. Unless you have set up a public profile, nothing in your account with us will be made public or shared by us. It is likely that the community group will interact on a third party platform such as Facebook. We are not responsible for the actions or security measures implemented by any such third party platform. Please read their privacy notice carefully before decided to join any community group and/or upload any content.
8. WHAT SECURITY PROCEDURES DO YOU HAVE IN PLACE?
8.1. We are aware how important it is for us to keep the data we hold about Users and other parties secure and have implemented the following processes and procedures:
- Our employees are required to hold any data which they handle on our behalf securely and confidentially and are contractually bound to do so.
- We minimise the Personal Data we collect by using platforms such as the Apple Store, which means that we do not hold the contact or financial details of anyone who downloads our app, unless they chose to transfer those details separately.
- We make sure that any data processors (such as Mailchimp and Amazon Web Services) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.
- While we store the content you upload to your private account, the information is encrypted and not readily accessible either to us or our employees. We could access it, for example, in an emergency or if it was necessary to comply with a request from you or to defend or protect our legal rights.
9. WHERE DO YOU STORE THE PERSONAL DATA YOU COLLECT?
9.1 We store the Personal Data we hold in different locations including:
- on our premises
- in our emails (which are supported by a third party)
9.2 We store any Personal Data we hold within the EEA and only use processors with servers in the EEA.
10. OUR RETENTION POLICIES
10.1. Our retention policies are as follows:
11. RIGHTS OF A DATA SUBJECT
11.1. Data Subjects generally have the following rights in respect of Personal Data relating to them which can be enforced against whoever is the Controller. This will be us in respect of any Personal Data we hold which is covered by this Privacy Notice.
(a) Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
(b) Right of access: the right to request a copy of the Personal Data held, as well as confirmation of:
(i) the purposes of the processing;
(ii) the categories of personal data concerned;
(iii) the recipients to whom the personal data has/will be disclosed;
(iv) for how long it will be stored; and
(c) Right of rectification: the right to require the Controller to correct any Personal Data held about you which is inaccurate or incomplete.
(d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held about you erased from the Controller’s records.
(e) Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing until the data has been reviewed and updated if necessary.
(f) Right of portability: the right to have the Personal Data held by the Controller about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
(g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
(h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you. We do not carry out any automated decision-making process.
11.2. If you want to avail of any of these rights, you should contact us immediately at hello@Momenthealth.io.. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.
11.3. We will confirm to you in writing to acknowledge receipt of any request we receive relating to your rights as a Data Subject, and we will let you know if we have complied with your request. If having, carried out an assessment, we believe we have an overriding reason for retaining the data, we will let you know why we have reached that conclusion.
12. WHAT HAPPENS IF YOU REQUEST US TO STOP PROCESSING PERSONAL DATA RELATING TO YOU?
12.1. You may notify us at any time that you no long want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example:
12.2. If you ask us to stop processing Personal Data about you, you will no longer be able to access your user account since we will not be able to identify you.
12.3. If you ask us to stop processing Personal Data about you for direct marketing purposes, this will not impact on your ability to make access your user account.
13. DETAILS FOR QUESTIONS OR COMPLAINTS ABOUT HOW WE PROCESS PERSONAL DATA RELATING TO YOU
13.1. If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to hello@Momenthealth.io. If we are processing Personal Data about you on behalf of Users, we will need to pass your complaint to Users – we will only do so with your consent.
13.2. If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.
Last updated: 23-05-2018.
Our company registration number is NI640865 Belfast, Northern Ireland. The term ‘you’ refers to the user or viewer of our website.
The content of the pages of this website is for your general information and use only. It is subject to change without notice.
Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
All trademarks reproduced in this website, which are not the property of, or licensed to the operator, are acknowledged on the website.
Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
From time to time, this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Northern Ireland, Scotland and Wales.