Help Centre

Help Informations

What kind of help do you need?

Privacy Notice

Effective date: 11 May 2020

This privacy notice is for people who use the SilverCloud platform and programmes on this site as a client or supporter.

SilverCloud Health provides its platform to many healthcare services and other organisations. In this notice we will tell you how we process your personal data on behalf of your service (that is, the healthcare team that has given you access to SilverCloud). Your service is the ‘data controller’, which means they decide how and why your data is processed, and SilverCloud is the ‘data processor’, which means we follow their instructions. Your service may also have a privacy notice that is relevant to you.

SilverCloud also uses some of your data to understand how the SilverCloud platform is used and could be improved. When we collect or use your data on our own behalf, SilverCloud is the ‘data controller’.

Supported service

We have marked sections that only apply to you if you are working with a supporter with Supported service. These sections do not apply if you are using SilverCloud as a self-help tool.

There is a separate privacy notice for people who use the SilverCloud company website and for people who we communicate with for marketing purposes.

Contact details for SilverCloud are listed at the bottom of this notice.

  • How we collect your personal data

    Your data is collected by SilverCloud in a few ways:

    • Data you give directly
    • Data we collect automatically when you use SilverCloud

    Supported service

    • Data given about you (by a client, a supporter or a referring professional)
  • What personal data we collect and use

    Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers.

    • Contact details
    • Health data
    • Data about your use of SilverCloud
    • Feedback data
    • Other personal data about yourself that you give voluntarily

    Contact details

    Your name, email address (for notifications)

    Other personal data about yourself that you give voluntarily

    Interests, likes/dislikes, profile image

    Health data

    Data about your health is considered ‘special category’ data.

    Your SilverCloud programme; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries.

    Supported service

    Messages between clients and supporters

    For adverse event reporting, we will collect details about adverse events (“side-effects”) including health symptoms.

    Data about your use of SilverCloud

    Your invitation, when you first signed up, pages and sections viewed, other actions you take on SilverCloud, emails sent to you, server errors that affect you

    When you log in and log out, your IP address, browser type and version, time zone and language, notification preferences

    Your login details (username, encrypted password)

    Feedback data

    Your feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud

    Data we do not collect

    Children's data

    SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.

  • How and why we use your personal data

    SilverCloud processes your data for specific purposes and where there is a legal basis.

    • Provide SilverCloud platform and programmes
    • Technical support
    • Understanding usage and improving service

    Supported service

    • Support
    • Risk management

    Provide SilverCloud platform and programmes

    SilverCloud collects and processes your data under a contract with your service in order to provide you with secure access the SilverCloud platform and programmes.

    This includes displaying programme pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notifications.

    Supported service

    This activity also includes inviting and managing clients and supporters, and supporters reviewing client progress and results.

    Your service is responsible for determining the purpose and legal basis under which they use your data and have SilverCloud process it.

    Supported service

    Support

    SilverCloud will process your personal data to provide support or coaching during your use of SilverCloud.

    Legal basis

    The legal basis for such processing of your personal data, including your health data, for this purpose is one or more of:

    • Your explicit consent (GDPR Art.6(1)(a))

    The exemption for processing special category personal data, including your health data is one or more of:

    • Your explicit consent (Art.9(2)(a))
    • Provision of health or social care (Art.9(2)(h))

    Risk management

    SilverCloud may process your personal data to manage clinical risks that present themselves during your use of SilverCloud. This would include reporting a risk to yourself or others, or adverse events (“side effects”) associated with medication to relevant support services, emergency services or authorities.

    Legal basis

    The legal basis for such processing of your personal data, including your health data, is one or more of:

    • Your explicit consent (GDPR Art.6(1)(a))
    • Your vital interests or those of another person (GDPR Art.6(1)(d))
    • Compliance with a legal obligation (GDPR Art.6(1)(c))

    The exemption for processing special category personal data, including your health data, is one or more of:

    • Your explicit consent (Art.9(2)(a))
    • Your vital interests or those of another person (Art.9(2)(c))
    • For reasons of public health (Art.9(2)(i))

    Technical support

    SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.

    Legal basis

    The legal basis for such processing of your personal data is:

    • Your explicit consent (GDPR Art.6(1)(a))

    Understanding usage and improving service

    SilverCloud analyses personal data to understand usage and to help us improve the platform and programmes.

    SilverCloud processes data for this purpose on behalf of your service and also on our own behalf.

    Most analysis uses anonymous aggregate data (for example, average length of time spent on the platform). Some analysis uses individual data, with additional safeguards in place such as anonymisation, use of pseudonyms (pseudonymisation) and limiting the set of individual data (data minimization). This analysis may include profiling, machine learning or other techniques.

    Update usage analytics settings

    Legal basis

    Where SilverCloud is processing your data for these purposes on its own behalf it is necessary for our legitimate interests or those of a third party (such as our customers):

    • understand efficiency and effectiveness of SilverCloud’s services
    • identify opportunities for improving services, components or tools
    • provide customers with an understanding of how their use of the service might be improved
    • provide statistical and market data to guide business development
    • identify and understand trends in interactions with the SilverCloud platform

    We also believe that this processing does not undermine your fundamental rights and freedoms.

    Where we process your special category personal data for this purpose, the processing is necessary for scientific research purposes or statistical purposes (GDPR Art.9(2)(j)), and we ensure appropriate safeguards, mentioned above, are in place.

  • Your rights

    You have rights regarding your personal data. If you have any questions please contact your service or SilverCloud.

    Right to information about processing of your personal details

    The aim of this privacy notice is to give you this information.

    Right to access your personal data

    You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

    Right to change or remove your details

    You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.

    Right to object to processing

    You can object to processing if it could affect your rights, freedoms or interests.

    Right to data portability

    We will provide your data in a portable format.

    Right to lodge a complaint

    You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact your service first.

    Contact details for the Information Commissioner's Office can be found at https://ico.org.uk/.

    Contact details for the Data Protection Commission (Ireland) can be found at https://www.dataprotection.ie/.

  • Third parties

    We use third party sub-processors to host the SilverCloud platform and communicate with you.

    Armor

    Armor Defense Ltd, 268 Bath Road, Slough, Berkshire, SL14DX, United Kingdom

    We use Armor Defense to host the SilverCloud platform and database.

    Location of processing: UK

    Armor Terms of Service (See "TERMS OF SERVICE AGREEMENT - EMEA & Asia Pacific")

    Amazon Web Services

    Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg

    We use Amazon Web Services to store encrypted backups and send email notifications.

    Location of processing: UK and Ireland

    AWS Privacy Policy

    Zendesk

    Zendesk International Limited, One Grand Parade, Dublin 6, D06 R9X8, Ireland

    We use Zendesk to handle technical assistance communication.

    Location of processing: EEA and US (under EC SCCs and BCRs)

    Zendesk Privacy Policy

    Links to other websites

    You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.

    Data sharing

    Personal data will not be shared with any third party, unless there is a legal or regulatory obligation to do so, except for the sharing of personal data with third parties listed above, or otherwise deemed necessary, to host the SilverCloud platform and communicate with you.

    For the specific purposes mentioned in How and why we use your personal data we may share your data with third parties as follows:

    Understanding usage and improving service

    We may share anonymous aggregate usage statistics or anonymous individual data for service evaluation and improvement purposes with consultants or research organisations that we work with from time to time. This anonymous data is not itself personal data, and we take care to ensure that individuals cannot be identified in the data.

    Supported service

    Risk management

    We may share information indicating a risk to yourself or others with a referring professional, emergency services or other relevant authorities.

    We may share adverse event reports associated with medication with the medicine’s marketing authorisation holder or the relevant national regulatory authority.

  • Data security and storage

    We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

    All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud.

    SilverCloud maintains ISO 27001:2013 certification.

  • Retention of personal data

    SilverCloud shall retain Personal Data in accordance with our Personal Data Retention Policy (Read an extract).

    In summary, we retain personal data on the platform while your account is open and for 3 months after account closure. We retain technical support queries for 5 years.

    Aggregate and anonymous data may be retained indefinitely by SilverCloud.

  • Privacy notice changes

    We will revise this privacy notice when necessary and we encourage you to check back in future for changes.

    11 May 2020
    We marked sections that apply only to the supported service and added detail on data retention.
    24 February 2023
    Update to SMS service provider

Contact

If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:

SilverCloud Health
One Stephen Street Upper
Dublin 8
Ireland

dataprotection@silvercloudhealth.com

SilverCloud's Data Protection Officer (DPO) is BH Consulting:

SilverCloud Health Data Protection Officer
BH Consulting
The LINC Centre
Blanchardstown Road North
Dublin 15
Ireland

dataprotection@silvercloudhealth.com