My Possible Self Limited (“MPS“, “we“, “us” or “our“) values the personal information which you provide to us in connection with your use of our app and website and wants to ensure that the way we deal with your personal information is in line with your expectations.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting www.mypossibleself.com or www.my-possible-self.com and related pages, you are accepting and consenting to the practices described in this policy.
MPS respects personal privacy, is committed to protecting personal data and fully complying with its legal obligations under the GDPR and the Data Protection Act 2018.
MPS is a company which was incorporated on 18 February 2009 in England and Wales under No.06823416 and whose registered office is at Cardale House Cardale Court, Beckwith Head Road, Harrogate, North Yorkshire, HG3 1RY.
The business of MPS is to make available educational self-help materials to improve the mental health and well-being of its customers and users.
MPS is registered with the Information Commissioners Office (ICO) under registration No.ZA315531.
You can contact MPS by writing to us at the above address, or by emailing us at email@example.com.
Personal data means any information about an individual (a data subject) from which that person can be identified. It does not include data from which the identity of an individual cannot be identified (anonymous data).
When you register to use and then use our app or website, we may collect personal data about you including the following types of data (User Personal Data):
In relation to User Personal Data MPS is the data controller. A data controller is a natural or legal person, public authority, agency or other body which makes decisions about how and why we process your personal data. As the data controller in relation to your personal data, we are responsible for ensuring that it is used in accordance with data protection laws.
All location data used by the “risky places” feature within the Drinking and Gambling Safely Guided Series is processed locally only within the app. We do not receive, send or share any location data.
We collect User Personal Data as a result of your registering to use and using our app or website and when you contact us with a query that you may have about using our services.
We will only process personal data when the law allows us to.
Most commonly, we use User Personal Data in the following ways:
The law on data protection provides a number of different grounds that a company such as MPS can rely on to make its processing of personal data lawful.
MPS relies on the following four legal grounds to process User Personal Data:
We can collect and process your personal data with your consent.
We may process User Personal Data to comply with and perform our obligations and exercise our rights under our contract with you. We also rely on this basis when ascertaining whether or not you are complying with our Terms of Service [link] and enforcing those terms.
The law states that in specific situations, MPS can process User Personal Data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact the rights, freedoms or interests of our customers. We rely on this basis to use your Contact Data to send you communications and information about other services we offer. We also rely on this basis to process your Usage Data to generate the anonymised data.
We may process your User Personal Data to comply with any applicable legal obligation, law, regulation, legal process or enforceable governmental request or to detect, prevent or otherwise address fraud or crime prevention.
We may store your Technical Data and Usage Data on external log storage and with analysis providers. This allows us to improve the service we offer our customers.
MPS may share User Personal Data with any member of our group, for the purposes of data and trend analysis. Group in this context means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose or share User Personal Data in order to comply with any legal obligation on us or to protect the rights, property, or safety of MPS or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection or the prevention of criminal conduct.
We may disclose User Personal Data to a purchaser of MPS or substantially all of its assets, in which case User Personal Data held by MPS will be one of the transferred assets.
We won’t share User Personal Data with any third party for the purpose of marketing unless you have given your consent to us doing that. If you do consent to receive information about third party products or services, we will provide you with relevant details of the third party (including who they are, where they are based and how they may be contacted) and will explain what User Personal Data will be shared with them.
We work hard to protect User Personal Data from unauthorised access, misuse, alteration, disclosure or destruction. We have put in place appropriate security measures to prevent User Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In particular the steps we take to protect User Personal Data include:
In the unlikely event that there were to be any unauthorised access to (or an event occurs that creates a real risk of any unauthorised access to) any User Personal Data which MPS holds, then MPS will, if it considers that the such events give rise to a high risk of affected individuals being adversely impacted, notify the affected individuals (and the Information Commissioner) as soon as reasonably practicable.
To determine the appropriate retention period for any particular type of User Personal Data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of such personal data, the purposes for which we process such personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
We retain User Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Generally these periods are as follows:
At the end of the retention period, personal data will be deleted completely.
In some circumstances data subjects can ask us to delete their personal data.
We may also use your Contact Data to send you emails containing information about products and services we offer or to conduct surveys but we won’t do that if you opted not to receive such emails when you registered with us. Any email of this type that we send you will contain an opt out option, which you can use to tell us that you no longer wish to receive this kind of email.
We won’t otherwise share your User Personal Data with any third party for marketing purposes without first obtaining your express opt-in consent.
You can ask us or any approved third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
We will only process User Personal Data within the UK or the EEA. The EEA includes all 27 EU Member countries as well as Iceland, Liechtenstein and Norway.
We would only ever use a cloud based server, located outside the UK or the EEA, to store User Personal Data if our contractual relationship with the cloud services provider ensured sufficient protection of personal data.
You have a number of legal rights in relation to the User Personal Data we hold about you including the right to request:
If you wish to exercise any of the rights set out above, then you should contact our Data Protection Officer, whose details are set out in paragraphs 2 and 3 above.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with such a request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Typically we will require at least two valid types of data, being the email address that you used to sign up to our network services with and details of the devices you used to access our service (for example MAC Address).
We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if the request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
If you ask us to, we will, subject to compliance with any overriding legal obligations we owe to third parties, remove, delete or stop using your User Personal Data information. If you want us to do this then please contact us at firstname.lastname@example.org. We will need to verify your identity as set out in section 16 above.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
|_ga||This cookie is used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.|
|Hubspot||hubspotutk||This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when de-duplicating contacts. It contains an opaque GUID to represent the current visitor. It expires in 13 months.|
|Hubspot||__hstc||The main cookie for visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). It expires in 13 months.|
|Hubspot||_hssc||This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. It expires in 30 minutes.|
|Hubspot||_hssrc||Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value “1” when present. It expires at the end of the session.
|Hubspot||__cfduid||This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. It may be placed devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features. It is a session cookie that lasts a maximum of 30 days.|
|Hubspot||__cfriud||This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session.|
|Hotjar||__hjid||This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.|
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority in relation to data protection issues (www.ico.org.uk). If you feel that your data has not been handled correctly, or are unhappy with our response to any requests you have made to us regarding our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would, however, appreciate the chance to deal with any such concerns before you approach the ICO so please contact us in the first instance.
If you are based outside the UK, you have the right to lodge a complaint with the relevant data protection regulator in your country of residence.