1. Our Commitment to Privacy
When you use our mobile application, Between Us (“App”), access our website at www.tavistockrelationships.org, www.tavistockrelationships.ac.uk, www.citywellbeingcentre.org, www.internationalonlinetherapy.com and www.betweenus-app.com (“Website”), or interact and communicate with us via our online or social media channels, this Policy will apply to you. For this policy, we will refer to all these platforms as our services (“Services”).
When there are significant updates to the Policy we will notify you. This Policy was last updated on 12th February 2021.
2. Who is collecting your data?
Tavistock Relationships is a charitable company registered in England and Wales (“we”, “our”, “us”) and are the data controller. Tavistock Relationships decides what personal data is collected from you when you access our services and how this data will be used.
Our Services may contain links to other platforms. Platforms such as Facebook, Twitter and Instagram have their own privacy policies, which you should read carefully before providing any of your personal data to them, as we do not control and therefore cannot accept any responsibility or liability for the actions of these platforms.
3. How we collect and use your personal data
When you use the App, we collect: your name - which you can elect to provide as an alias, and an email address.
When you use the App, we collect your responses to the exercise questions so that we may share these answers and your progress with you, and your partner where you have chosen to share your answers.
We never read or see any of the answers you provide to questions or partner notes that you input into any text fields, these are only ever seen by you or your partner where you chosen to share your responses.
We do not collect any demographic information.
Only after we have anonymised your activity information (so it can never be used to identify you or anyone else), we may use it to analyse how our users are engaging with the App.
When you use the Services, we may collect: information about the time you spend and the pages you visit within the App in order to better understand user needs and preferences and to enable us to improve the user experience and your email address so that we may communicate with you about things you have agreed to when creating your account.
When you use the Services, we collect: your email address when you contact us for support so that we are able to respond to you; we may also ask for your device information so that we can understand and fix technical issues that may occur with our platforms, and other personal data you provide about yourself anytime you contact us for support or general queries.
When you register for an account on the App, we collect information associated with setting up your account which includes a user name, email address and password. We use your registration information to set up your account.
Marketing & Communication Information
When you use the Services, we collect your email address so that we can deliver (where we have your consent) information, offers and promotions that may be of interest to you.
We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve the Website and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.
4. Our lawful bases for the use of your personal data
Our references to “lawful bases” are explained below, and we set out the lawful bases for each category of information that we collect from you.
In addition to the lawful bases explained, when we need to process your sensitive personal data to provide our Services, such as information about your gender identity, race or sexual orientation, we will seek your consent. You will always be able to withdraw your consent at any time and we will promptly stop using any personal data that requires your consent.
Performance of a Contract with you
When we refer to performance of a contract with you as a legal basis, we refer to those circumstances where we need to use your personal data to comply with our contractual obligations to deliver the services you have engaged us to provide.
Legitimate interest refers to those interests we have in running our business, developing our products and services, delivering and improving our products and services, and ensuring an excellent customer experience in a way which may reasonably be expected and doesn’t infringe on your rights and freedoms.
Consent in relation to data about your gender identify, race or sexual orientation
(a) Performance of a contract with you where you have paid for certain services and/or signed up for an account
(b) Legitimate interest
5. Information sharing you control
When your data is shared with your partner
We do not share your personal data with your partner but provide you with the ability to initiate this sharing. When you choose to share your exercise responses with your partner on the App, you are able to choose to stop sharing this information at any time.
6. Sharing personal data with Service Providers and other Organisations
We never disclose your personal data to advertisers or other third parties for any compensation. However, we share the personal data we collect about you in order to provide our services in the ways described below.
We work with Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with network and technology services, payment processing, appointment booking platforms, storing data, analysing data, managing mailing campaigns, running our support desk, and managing subscriptions. We only share personal data that enable our Service Providers to provide their services.
7.Sharing personal data with other Organisations
We may share personal data with other organisations in the following circumstances:
-- if the law or a public authority says we must share the personal data;
-- if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to our professional advisors); or
-- to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us.
8. Sharing with our data analysts/researchers
To analyse information about the effectiveness of our services, we generate anonymised information (so you or anyone else can never be identified) from your use of the Services. We analyse and sometimes publish the data on how our Services impact relationships.
9. How we Protect Your Information and Where we Store it
Tavistock Relationships has physical, electronic, and procedural safeguards that comply with regulations to protect personal information about you. We also ensure that all of our Service Providers have in place industry recognised safeguards. However, data transmissions over the internet cannot be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of information you over the internet to us.
The personal data we collect may be stored and processed on computers situated outside the United Kingdom or the European Economic Area ("EEA"). If such a transfer or storage outside of the UK or EEA
was to happen, this would only be done subject to the implementation of adequate contractual safeguards (e.g., the EU’s Standard Contractual Clauses).
Tavistock Relationship limits access to personal information about you to employees who we reasonable believe need to come into contact with that information, to provide products or the Service to you, or in order to do their jobs.
10. How long we use personal data for?
Your personal data won’t be kept longer than necessary, giving due regard to: initial purpose of collection; age of data; any legal/regulatory reason for us to keep it; and whether needed to protect you or us. If requested, we will readily make information available about our data retention policy.
11. Your Data Protection Rights
Below, we set out the rights you have under the GDPR in relation to your personal data. Should you wish to exercise any of these rights, please write to us using the information provided under the “How to contact us” section of this Policy.
Subject Access Rights -- You have a right to see the personal data we hold about you and the circumstances of our processing activities.
Right to have inaccurate information corrected -- if you believe we hold inaccurate or missing information, please let us know and we will correct it.
Right to object to our use of your personal data -- We will consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it or delete it.
Right to object to direct marketing – where we engage in direct marketing activities (after getting your consent), if you make such an objection or ask us to stop, we will stop using your personal data for direct marketing purposes.
Right to restrict our use of your personal data -- you can restrict our use of your personal data, if you have successfully made a general objection, you are challenging the accuracy of the personal data we hold, or we have used your personal data unlawfully -- but you do not want us to delete it.
Right to have your personal data deleted -- you can have us delete your personal data when: we no longer need to keep your personal data; you have successfully made a general objection; you have withdrawn your consent to us using your personal data (where we have relied on consent as the lawful basis for doing so); or we have unlawfully processed your personal data
Right to complain to the data protection regulator -- We’d like the chance to resolve any complaints you have, however you also have the right to complain to the data protection regulator in the UK or EEA country where you receive our product about our use of your personal data. In the UK, the data protection regulator is the ICO and their website is at https://ico.org.uk.
12. Children’s data
Tavistock Relationships does not knowingly collect Personal Data from children. Should we become aware that we are processing the personal data of any children, we will delete such personal data as soon as possible.
13. International Privacy Laws
This Policy complements and does not replace national data protection laws. Any applicable national data protection law will supersede this Policy where such law imposes stronger requirements and this policy shall apply where there are no national data protection laws.
14. How to contact us
If you have any questions about how we collect, store and use personal data or to exercise any of your rights set out above, please email firstname.lastname@example.org.