Help Centre

Help Informations

What kind of help do you need?

Privacy Notice

Effective date: 15 March 2021

SilverCloud (“SilverCloud”, “we”, “our” or “us”) respects the privacy of all individuals who interact with us and/or use our services. This privacy notice is for people who use the SilverCloud platform and programmes as a client or supporter (each also referred to in this document as “you” and “your”).

In this privacy notice we will tell you how we process your personal data. We ask that you read this privacy notice carefully as it describes our practices regarding the information we may collect from you or to which we may have access when you interact with the SilverCloud platform. When we collect or use your data, SilverCloud is the “data controller”, which means we decide how and why your data is processed.

There is a separate privacy notice for people who use the SilverCloud company website and for people who we communicate with for marketing purposes.

Contact details for SilverCloud are listed at the bottom of this notice.

How we collect your personal data

Your data is collected by SilverCloud in a few ways:

  • Data you give directly
  • Data we collect automatically when you use SilverCloud

What personal data we collect and use

Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers, including what your service has asked SilverCloud to collect.

  • Contact details
  • Optional personal information
  • Health data
  • Data about your use of SilverCloud
  • Feedback data
  • Data about your background or demographic profile

Contact details

Information you provide to us when you contact us through the SilverCloud platform such as your name and email address (for notifications).

Optional personal information

Interests, likes/dislikes, profile image, etc.

Health data

Data about your health is considered ‘special category’ data.

Your SilverCloud programme; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries.

Data about your use of SilverCloud

Data relating to your use the SilverCloud platform and any programmes which is collected by means of tracking technologies such as cookies ("Usage Data"). Usage Data may consist of technical information and behavioral information, and may contain, among other things:

  • details of your invitation, when you first signed up to SilverCloud;
  • pages and sections viewed, other actions you take on SilverCloud;
  • emails sent to you via the platform;
  • server errors that affect you;
  • details of when you log in and log out;
  • your IP address, browser type and version;
  • time zone and language;
  • notification preferences;
  • your login details (username, encrypted password).

Although Usage Data does not identify you by name and we will not attempt to identify you by name or to use the information to make decisions about you, the information is associated with a unique identifier, such as a device ID or cookie ID; therefore, you, as the platform user, are indirectly identifiable and the information constitutes personal data. It is important for us to be able to distinguish different users by using this unique identifier so that we can provide the platform and programme functionality, such as sign-up, log-in, displaying progress, sending notifications, and also so that we can analyse how individual users use the platform and programmes. However, we only use the data after compiling it into aggregated and/or statistical reports. For further information on our use of cookies, please see our UK Cookie Declaration | SilverCloud Health.

Feedback data

Your direct feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud

Other personal data about yourself that you give voluntarily

The SilverCloud platform may allow you to volunteer data about yourself such as your Interests, likes/dislikes or providing a profile image.

Users of the SilverCloud Space from Covid-19 programme may complete a demographics questionnaire which will record data such as gender, age, race and ethnicity. This questionnaire is optional and data provided on a voluntary basis.

Demographic data is considered ‘special category’ personal data. SilverCloud takes extra care of such data.

Data we do not collect

Children's data

SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 18 years of age.

How and why we use your personal data

Legal grounds for processing your personal data

SilverCloud processes your data for specific purposes as described in this privacy notice and where there is a at least one of the following legal grounds:

  • When performing an agreement with you: Your information may be processed on the basis that such processing is necessary for the establishment and performance of our engagements with you, such as providing you with services or programmes.
  • Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we may process your information for the following legitimate interests:
    • in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our various terms of use or other agreements to which you are a party;
    • in order to understand the efficiency and effectiveness of our services, maintain the platform, programmes and any services offered via the platform and to identify any opportunities to personalize or improve the user experience;
    • in order to identify and understand trends relating to the use of the SilverCloud platform and programmes and provide statistical and market data to guide business development;
    • for the purpose of conducting research using de-identified personal data provided via the platform, use of programmes or the demographic questionnaire;
    • in order to provide technical support to you to enable your use of the platform and programmes;
    • detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our platform; and
    • enforcing and protecting against legal claims, including investigation of potential violations of this privacy notice.
  • With your consent: For certain purposes (set out below), we only process your personal data if you give us your explicit consent. In such cases you have no obligation to give us consent and you have the right to withdraw your consent at any time. Note that withdrawing consent does not affect the validity of processing carried out with your consent.

We only process demographical data for the purpose of obtaining responses to the demographics questionnaire and we only do so if you give us consent. You give us such consent by accessing the questionnaire and acknowledging our warning to you relating to the collection and processing of special category personal data.

Purpose for which we process personal data

The table below sets out in more detail the purposes for which we process personal data relating to each category of data subject and the legal basis on which we rely for such processing.

Provide SilverCloud platform and programmes

How and why we use your information

SilverCloud collects and processes your data in order to provide you with secure access to the SilverCloud platform and programmes.

This includes displaying programme pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notification, calculating scores from questionnaires, etc.

Legal Basis for processing

The legal basis for processing your personal data, including your health data, for this purpose is:

  • it is necessary for the performance of our engagements with you (GDPR Art.6(1)(b))

The exemption for processing special category personal data, including your health data is one or more of:

  • your explicit consent (Art.9(2)(a))

Technical support

How and why we use your information

SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.

Legal Basis for processing

The legal basis for such processing of your personal data is:

  • it is necessary for the performance of our engagements with you you(GDPR Art.6(1)(b))

Understanding usage and improving service

How and why we use your information

SilverCloud analyses personal data to understand usage and outcomes and to help us improve the service and for business intelligence purposes, for example calculating statistics / trends of response to a wellbeing questionnaire.

Most analysis uses anonymous aggregate data (for example, average length of time spent on the platform). Some analysis uses individual data, with additional safeguards in place such as anonymisation, use of pseudonyms (pseudonymisation) and limiting the set of individual data (data minimization). This analysis may include profiling, machine learning or other techniques.

Legal Basis for processing

Where SilverCloud is processing your data for these purposes it is necessary for our legitimate interests or those of a third party (such as our customers), as described in Legal grounds for processing your personal data.

Research

How and why we use your information

Silvercloud will process your personal data to conduct research and product development that is in the wider public interest.

Legal Basis for processing

Where we process your special category personal data for this purpose, the processing is necessary for scientific research purposes or statistical purposes (Art.9(2)(j)) and we ensure appropriate safeguards, mentioned above are in place. Where we use such special category personal data for this purpose, we will remove all personal identifiers and won't use this data to make decisions about you.

Your rights

You have rights regarding your personal data. If you have any questions please contact SilverCloud.

Your rights under data protection law

To be informed
A right to be informed about the personal data we hold about you and how we process that data. The aim of this privacy notice is to give you this information.

Of access
A right to access the personal data we hold about you. You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

To rectification
A right to require us to rectify any inaccurate personal data we hold about you.

To erasure

A right to ask us to delete the personal data we hold about you that it is not necessary for us to hold. This right will only apply where (for example):

  • we no longer need to use the personal data to achieve the purpose we collected it for;
  • where you withdraw your consent if we are using your personal data based on your consent; or
  • where you object to the way we process your data (in line with the right to restrict below).

To restrict processing
In certain circumstances, a right to restrict our processing of the personal data we hold about you.

To data portability
In certain circumstances, a right to receive the personal data you have given us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.

To object to processing
A right to object to our processing of the personal data we hold about you where processing could affect your rights, freedoms or interests.

In relation to automated decision making and profiling
A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.

To withdraw consent
A right to withdraw your consent, where we are relying on it to use your personal data.

Your right to lodge a complaint

We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your personal data. Please contact us at dataprotection@silvercloudhealth.com.

However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to lodge a complaint to our supervisory authority, which in the UK, is the Information Commissioner's Office. Their address is: First Contact Team, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Their other contact details are available at https://ico.org.uk/.

In Ireland, the supervisory authority is the Data Protection Commission. Their contact details are available at https://dataprotection.ie/.

Right to information about processing of your personal details

The aim of this privacy notice is to give you this information.

Right to access your personal data

You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

Right to change or remove your details

You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.

Right to object to processing

You can object to processing if it could affect your rights, freedoms or interests.

Right to data portability

We will provide your data in a portable format.

Right to lodge a complaint

Third parties

Data Sharing

SilverCloud may share your personal data with third parties (or otherwise allow them access to it) only in the following manners and instances:

Third Party Service Providers
We may partner with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own and are required for us to provide our services as contemplated hereunder.

These include any of the third parties providing hosting, database and cloud services, and our business, legal and financial advisors (collectively, “Third Party Service Providers”). A list of sub-contractors used to process personal data in accordance with this privacy notice are set out below (see Sub-Contractors).

Such Third Party Service Providers may receive or otherwise have access to your personal data, depending on each of their particular roles and purposes in facilitating and enhancing the SilverCloud services, and may only use such personal data for such purposes and in accordance with the specific purposes mentioned in How and why we use your personal data.

Such disclosure or access is strictly subject to the relevant Third Party Services Provider’s undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us to facilitate or enhance the services, unless you otherwise provide them directly with your express and separate consent. We remain responsible and liable for any personal data processing done by Third Party Service Providers on our behalf, except for events outside of their reasonable control.

Governmental/Law Enforcement Agencies and Legal Requests or Duties
We may disclose or otherwise allow access to your personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing or otherwise in legal procedures held between SilverCloud and you or anyone on your behalf.

Protecting Rights and Safety
We may share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of SilverCloud, its staff, any of our users or any member of the general public.

Subsidiaries and Affiliated Companies We may share personal data internally within our family of companies or for the purposes described in this privacy notice and in accordance with its terms, for which we remain responsible. In addition, should SilverCloud or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, your personal data may be shared with the parties involved in such event under the same protective terms. If we believe that such change in control might materially affect your personal data then stored with us, we will notify you of this event and the choices you may have via e-mail (if such is provided) and/or prominent notice within the platform.

For avoidance of doubt, SilverCloud may transfer and disclose or otherwise use non-personal data or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.

Understanding usage and improving service

We may share anonymous aggregate usage statistics or anonymous individual data for service evaluation and improvement purposes with consultants or research organisations that we work with from time to time. This anonymous data is not itself personal data, and we take care to ensure that individuals cannot be identified in the data.

Sub-Contractors

The list consists of a table containing the name of the vendor, the function/service/product provided and where the vendor processes data. For further information on each sub-contractor please see below link to their terms of service:

Amazon Web Services AWS Privacy Policy
We use Amazon Web Services to host the SilverCloud platform and database.
We use Amazon Web Services to store encrypted backups and send email notifications.
Location of processing Ireland and Germany

Zendesk International Limited Zendesk Privacy Policy
We use Zendesk to handle technical assistance communication.
Location of processing EEA and US (under EC SCCs and BCRs)

Armor Defense Ltd Armor Terms of Service (See "TERMS OF SERVICE AGREEMENT - EMEA & Asia Pacific")
Security monitoring (not personal data)

Links to other websites

You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.

Data security and storage

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial policies and procedures to safeguard and secure the information we process. All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud. SilverCloud maintains ISO 27001 certification.

Cookies and Other Technologies

When you use the SilverCloud platform, we collect information by using cookies. A cookie is a text file containing small amounts of information which a server may download to your computer, mobile or tablet when you visit a website or use an app.

There are different types of cookies which are used to do different things. These include letting you navigate between different pages on a website efficiently, remembering preferences you have given and helping us to identify ways to improve your overall site experience. To find out more about cookies visit aboutcookies.org or allaboutcookies.org.

Information collected via cookies and other technology

The cookies used on the SilverCloud platform do not collect directly identifiable personal information such as name, address, email address etc. However, certain cookies may collect information which relate to a unique ID or another identifier which, when combined with other information, could allow a profile to be created.

Cookies used on the SilverCloud platform

Please find below details of the cookies used on the SilverCloud platform and a brief description of the information they gather.

Necessary cookies

These cookies let you move around the SilverCloud platform and use essential features such as accessing secure areas of the SilverCloud platform and identifying you as being logged in. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the internet.

Cookie name Purpose & details Flags Category Expiry
sessionid Session authentication
This cookie is set when an end-user authenticates and contains a unique session ID that is linked to the session data on the server.
Secure: True
HttpOnly: True
Necessary
First-party
Session
csrftoken CSRF protection
This cookie is reset when an end-user authenticates. When a form is submitted the cookie value is compared with a hidden token value included in the form to protect against cross-site request forgery.
Secure: True
HttpOnly: False
Necessary
First-party
1 year
django_language Language preference
This cookie is set to store user language code (e.g. en-gb)
Secure: True
HttpOnly: True
Necessary
First-party
1 year

How can you control the use of cookies?

Cookies can be set and controlled by the operator of a website which the user is browsing such as SilverCloud for the SilverCloud platform (known as a ‘first party cookie’) or a third party (known as a ‘third party cookie’). Third party cookies are not used by SilverCloud on the SilverCloud platform.

You can use your browser settings to manage cookies including deleting cookies previously stored and blocking cookies from being set. If you delete or block cookies that are necessary for the SilverCloud platform you will not be able to log in to use the programmes or record information.

Retention of personal data

SilverCloud shall retain Personal Data in accordance with our Personal Data Retention Policy (Read an extract). In summary, we retain personal data on the platform while your account is open and for 3 months after account closure. We retain technical support queries for 5 years. SilverCloud intends to close accounts on this site after 12 months. Aggregate and anonymous data may be retained indefinitely by SilverCloud.

Privacy notice changes

We will revise this privacy notice when necessary and we encourage you to check back in future for changes.

  • 15 Mar 2021 Initial version for Space from Covid.

Contact

If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:

SilverCloud Health
One Stephen Street Upper
Dublin 8
Ireland

dataprotection@silvercloudhealth.com

SilverCloud's Data Protection Officer (DPO) is BH Consulting:

SilverCloud Health Data Protection Officer
BH Consulting
The LINC Center
Blanchardstown Road North
Dublin 15
Ireland

dataprotection@silvercloudhealth.com

For UK based queries or concerns please contact SilverCloud's appointed UK Data Protection Representative:
SilverCloud Health UK Limited
Suite 1350
Kemp House, 152 City Road
London
EC1V 2NX

dataprotection@silvercloudhealth.com