Help Centre
What kind of help do you need?Privacy Notice
Effective date: 11 May 2020
This privacy notice is for people who use the SilverCloud platform and programmes on this site as a client or supporter.
SilverCloud Health provides its platform to many healthcare services and other organisations. In this notice we will tell you how we process your personal data on behalf of your service (that is, the healthcare team that has given you access to SilverCloud). Your service is the ‘data controller’, which means they decide how and why your data is processed, and SilverCloud is the ‘data processor’, which means we follow their instructions. Your service may also have a privacy notice that is relevant to you.
SilverCloud also uses some of your data to understand how the SilverCloud platform is used and could be improved. When we collect or use your data on our own behalf, SilverCloud is the ‘data controller’.
Supported service
We have marked sections that only apply to you if you are working with a supporter with Supported service. These sections do not apply if you are using SilverCloud as a self-help tool.
There is a separate privacy notice for people who use the SilverCloud company website and for people who we communicate with for marketing purposes.
Contact details for SilverCloud are listed at the bottom of this notice.
-
How we collect your personal data
Your data is collected by SilverCloud in a few ways:
- Data you give directly
- Data we collect automatically when you use SilverCloud
Supported service
- Data given about you (by a client, a supporter or a referring professional)
-
What personal data we collect and use
Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers.
- Contact details
- Health data
- Data about your use of SilverCloud
- Feedback data
- Other personal data about yourself that you give voluntarily
Contact details
Your name, email address (for notifications)
Other personal data about yourself that you give voluntarily
Interests, likes/dislikes, profile image
Health data
Data about your health is considered ‘special category’ data.
Your SilverCloud programme; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries.
Supported service
Messages between clients and supporters
For adverse event reporting, we will collect details about adverse events (“side-effects”) including health symptoms.
Data about your use of SilverCloud
Your invitation, when you first signed up, pages and sections viewed, other actions you take on SilverCloud, emails sent to you, server errors that affect you
When you log in and log out, your IP address, browser type and version, time zone and language, notification preferences
Your login details (username, encrypted password)
Feedback data
Your feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud
Data we do not collect
Children's data
SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.
-
How and why we use your personal data
SilverCloud processes your data for specific purposes and where there is a legal basis.
- Provide SilverCloud platform and programmes
- Technical support
- Understanding usage and improving service
Supported service
- Support
- Risk management
Provide SilverCloud platform and programmes
SilverCloud collects and processes your data under a contract with your service in order to provide you with secure access the SilverCloud platform and programmes.
This includes displaying programme pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notifications.
Supported service
This activity also includes inviting and managing clients and supporters, and supporters reviewing client progress and results.
Your service is responsible for determining the purpose and legal basis under which they use your data and have SilverCloud process it.
Supported service
Support
SilverCloud will process your personal data to provide support or coaching during your use of SilverCloud.
Legal basis
The legal basis for such processing of your personal data, including your health data, for this purpose is one or more of:
- Your explicit consent (GDPR Art.6(1)(a))
The exemption for processing special category personal data, including your health data is one or more of:
- Your explicit consent (Art.9(2)(a))
- Provision of health or social care (Art.9(2)(h))
Risk management
SilverCloud may process your personal data to manage clinical risks that present themselves during your use of SilverCloud. This would include reporting a risk to yourself or others, or adverse events (“side effects”) associated with medication to relevant support services, emergency services or authorities.
Legal basis
The legal basis for such processing of your personal data, including your health data, is one or more of:
- Your explicit consent (GDPR Art.6(1)(a))
- Your vital interests or those of another person (GDPR Art.6(1)(d))
- Compliance with a legal obligation (GDPR Art.6(1)(c))
The exemption for processing special category personal data, including your health data, is one or more of:
- Your explicit consent (Art.9(2)(a))
- Your vital interests or those of another person (Art.9(2)(c))
- For reasons of public health (Art.9(2)(i))
Technical support
SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.
Legal basis
The legal basis for such processing of your personal data is:
- Your explicit consent (GDPR Art.6(1)(a))
Understanding usage and improving service
SilverCloud analyses personal data to understand usage and to help us improve the platform and programmes.
SilverCloud processes data for this purpose on behalf of your service and also on our own behalf.
Most analysis uses anonymous aggregate data (for example, average length of time spent on the platform). Some analysis uses individual data, with additional safeguards in place such as anonymisation, use of pseudonyms (pseudonymisation) and limiting the set of individual data (data minimization). This analysis may include profiling, machine learning or other techniques.
Update usage analytics settings
Legal basis
Where SilverCloud is processing your data for these purposes on its own behalf it is necessary for our legitimate interests or those of a third party (such as our customers):
- understand efficiency and effectiveness of SilverCloud’s services
- identify opportunities for improving services, components or tools
- provide customers with an understanding of how their use of the service might be improved
- provide statistical and market data to guide business development
- identify and understand trends in interactions with the SilverCloud platform
We also believe that this processing does not undermine your fundamental rights and freedoms.
Where we process your special category personal data for this purpose, the processing is necessary for scientific research purposes or statistical purposes (GDPR Art.9(2)(j)), and we ensure appropriate safeguards, mentioned above, are in place.
-
Your rights
You have rights regarding your personal data. If you have any questions please contact your service or SilverCloud.
Right to information about processing of your personal details
The aim of this privacy notice is to give you this information.
Right to access your personal data
You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.
Right to change or remove your details
You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.
Right to object to processing
You can object to processing if it could affect your rights, freedoms or interests.
Right to data portability
We will provide your data in a portable format.
Right to lodge a complaint
You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact your service first.
Contact details for the Information Commissioner's Office can be found at https://ico.org.uk/.
Contact details for the Data Protection Commission (Ireland) can be found at https://www.dataprotection.ie/.
-
Third parties
We use third party sub-processors to host the SilverCloud platform and communicate with you.
Amazon Web Services
Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg
We use Amazon Web Services to host the SilverCloud platform and database, store encrypted backups and send email/sms notifications.
Location of processing: UK
Zendesk
Zendesk International Limited, One Grand Parade, Dublin 6, D06 R9X8, Ireland
We use Zendesk to handle technical assistance communication.
Location of processing: EEA and US (under EC SCCs and BCRs)
Links to other websites
You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.
Data sharing
Personal data will not be shared with any third party, unless there is a legal or regulatory obligation to do so, except for the sharing of personal data with third parties listed above, or otherwise deemed necessary, to host the SilverCloud platform and communicate with you.
For the specific purposes mentioned in How and why we use your personal data we may share your data with third parties as follows:
Understanding usage and improving service
We may share anonymous aggregate usage statistics or anonymous individual data for service evaluation and improvement purposes with consultants or research organisations that we work with from time to time. This anonymous data is not itself personal data, and we take care to ensure that individuals cannot be identified in the data.
Supported service
Risk management
We may share information indicating a risk to yourself or others with a referring professional, emergency services or other relevant authorities.
We may share adverse event reports associated with medication with the medicine’s marketing authorisation holder or the relevant national regulatory authority.
-
Data security and storage
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud.
SilverCloud maintains ISO 27001:2013 certification.
-
Retention of personal data
SilverCloud shall retain Personal Data in accordance with our Personal Data Retention Policy (Read an extract).
In summary, we retain personal data on the platform while your account is open and for 3 months after account closure. We retain technical support queries for 5 years.
Aggregate and anonymous data may be retained indefinitely by SilverCloud.
-
Privacy notice changes
We will revise this privacy notice when necessary and we encourage you to check back in future for changes.
- 11 May 2020
- We marked sections that apply only to the supported service and added detail on data retention.
- 24 February 2023
- Update to SMS service provider
Contact
If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:
SilverCloud Health
One Stephen Street Upper
Dublin 8
Ireland
dataprotection@silvercloudhealth.com
SilverCloud's Data Protection Officer (DPO) is BH Consulting:
SilverCloud Health Data Protection Officer
BH Consulting
The LINC Centre
Blanchardstown Road North
Dublin 15
Ireland
dataprotection@silvercloudhealth.com