menu
close_24px

Privacy Policy.

Overview  

Protecting your privacy and personal data is very important to Psyomics Limited (‘us’, ‘our’ or ‘we’). This privacy policy provides information about how we collect and process your personal data when you use the Censeo platform. The Censeo platform is used to assess mental health related symptoms and concerns and identify possible mental health conditions. The Censeo Digital platform is not intended for children, and we do not knowingly collect data relating to children.   

Who are we?   

We are Psyomics Limited, a company registered in England and Wales with company number 09470381. 

Referred through a Healthcare Provider? 

If you have been referred to us through a healthcare provider, we provide this service to you on behalf of the healthcare provider. Your referring healthcare provider is therefore the Data Controller for any personal data processed and you should ask your referring healthcare provider for more details about how your personal data is used and how to exercise your rights.  

Where you are referred by a healthcare provider, Psyomics only use your personal data to deliver that service to you on behalf of the healthcare provider. The information you share will be sent to the assessment team at your healthcare provider and they will add this to your health record. Psyomics will delete all personal data and identifiers at the end of each contract and retain anonymous data only. 

If you have any questions about this privacy policy, or how we process your data, please use the contact details below for our Data Protection Officer: 

Email: DPO@psyomics.com 

Address: Psyomics Ltd. Beech House, 4a Newmarket Road, Cambridge CB5 8DT  

We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO under number ZA 217939).  

Whilst not directly applicable, the rest of this privacy notice describes further how we use personal data when providing services directly to users (not through the NHS). 

Direct users 

The information we hold about you, and how we use it  

We may collect, use, store and transfer different kinds of personal data about you as a result of your interaction with the Censeo Digital platform. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We collect such personal information as follows;  

Information that you provide to us when you use the Censeo Digital platform  

 

Purpose 

Detail 

Lawful Basis 

When you register for a Censeo account 

You provide ‘identity data’ such as your name, date of birth, email address and registered GP practice, so we can set up an account for you and provide the Services. It is not possible to access our Services unless all necessary data is provided, such as answering all question sessions in the Censeo assessment.   

Article 6(1)(b)-  processed on the basis that we are performing a contract with you (by providing the Services)  

When you complete the Censeo assessment 

You provide ‘special category data’ when you respond to the health-related and lifestyle questions in the assessment. We collect this information to provide the Services i.e. to provide an indication of potential mental health conditions. Please note that if you fail to provide information when requested in the assessment, we may not be able to perform the Services.   

Article 9(2)(a) – your provide consent for Censeo to process your health data 

Feedback survey data 

Feedback survey data are your responses to any feedback survey, if you choose to complete this survey. This survey is entirely optional, and you will still receive your mental health report. The feedback survey is used to improve patient experience and improve the provision of Services.  

Article 6(1)(a) – you provide your consent 

To meet legal obligations 

We may be required to process personal data in limited and specific circumstances to meet any legal obligations 

Article 6(1)(c) – legal obligation 

Service management and development  

Usage data on how our products are used. This will not include any identifiable special category data (such as health data)  

Article 6(1)(f) – in our legitimate interest to ensure we continue to understand how our services are used and how we can improve 

 

Where do we store or send your personal data?  

  1. Companies that provide services to us. Here we mean companies that help us to provide the services you use and that need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name). These companies include;
  • Amazon Web Services: Our Platform is hosted on the secure cloud storage providers Amazon web services. Your data is fully secure and encrypted. We do not allow or instruct AWS to make any attempts to find out the identities of those using the Censeo Digital platform.  
  • Novu: We use Novu to send you text messages. Novu uses the phone number provided in the referral information. 
  • Mixpanel: We use Mixpanel to collect standard internet log information and details of visitor behaviour patterns, such as the pages you visit on our website. This information is only processed in a way which does not identify anyone. We do not make or allow Mixpanel to find out the identities of those visiting the Censeo website.   
  • Sentry: We utilize Sentry to monitor application errors and performance issues, including how users interact with our software. The data collected through Sentry is processed in a manner that preserves anonymity, ensuring individual users cannot be identified.  
  • Pendo: We employ Pendo to gather insights into how users engage with our platform, tracking interactions such as page views and feature usage. 
  • Hotjar: Hotjar is used to capture a understanding of user interactions on our website, including heatmaps, click data, and navigation paths. 
  • Grafana: We deploy Grafana to monitor and visualize metrics related to our system's performance and user activities. 

2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions under contract.  

3. Your information may be transferred outside the UK or European Economic Area (EEA), for example, due to storage on Amazon Web Services. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it as in the UK/EEA by putting in place appropriate safeguards such as Standard Contractual Clauses, approved by the UK data protection authority to act as a safeguard for such transfers.  

Disclosure of your personal data/who we share your data with  

  • Your medical information will be kept strictly confidential and will not be shared without your prior consent or unless required to do so by law. Unless strictly prohibited by law, we will inform you of any proposed disclosure.  

Keeping your data safe  

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality and, where they are the data processor, will only process your personal data on our instructions.  

How long do we keep your information?  

We will only keep your personal data for as long as reasonably necessary, such as for the performance of the Services. When deciding the appropriate retention periods, we will take into account: 

  • The amount, nature and sensitivity of the personal data, risk of potential harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means;  
  • The purposes for which you are accessing the Censeo Digital platform;  
  • The duration for which your personal data is required for the performance of the Services and the purpose for which it was collected; and  
  • Any legal and regulatory obligations under applicable law, contract or with regard to any statutory obligations.  

In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.  

Your data protection rights  

Under data protection law, you have rights including:  

  • Your right of access - You have the right to ask us for copies of your personal information.   
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.   
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.   
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.   
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.  
  • Your right to withdraw consent – You have the right to withdraw consent at any time where we are relying on consent to process your personal data.   

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, but occasionally it could take us longer if your request is complicated or you have made a number of requests. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).   

Contact 

If you have any questions about this privacy policy, wish to exercise your rights, or require more information on how we process your data, please use the contact details below for our Data Protection Officer: 

Email: DPO@psyomics.com 

Address: Psyomics Ltd. Beech House, 4a Newmarket Road, Cambridge CB5 8DT  

We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO under number ZA 217939). You have the right to make a complaint to the Information Commissioner about the use of your personal data by Psyomics by contacting casework@ico.org.uk.. 

Changes to this policy  

We may update our privacy policy from time to time. Any changes we make will be updated on the Censeo website.