My Possible Self Limited (“MPS“, “we“, “us” or “our“) values the personal information which you provide to us in connection with your use of our app and website and wants to ensure that the way we deal with your personal information is in line with your expectations.
This Privacy Policy (together with our contract terms at www.my-possible-self.com/terms, and any other documents referred to in it) sets out the basis upon which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting www.mypossibleself.com or www.my-possible-self.com and related pages, you are accepting and consenting to the practices described in this policy.
This privacy policy:
MPS respects personal privacy, is committed to protecting personal data and fully complying with its legal obligations under the GDPR and the Data Protection Act 2018.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products, or sites, that you may access via our app or website, or other sites linked to our services.
MPS is a company which was incorporated on 18 February 2009 in England and Wales under No.06823416 and whose registered office is at Cardale House Cardale Court, Beckwith Head Road, Harrogate, North Yorkshire, HG3 1RY.
The business of MPS is to make available educational self-help materials to improve the mental health and well-being of its customers and users.
MPS is registered with the Information Commissioners Office (ICO) under registration No.ZA315531.
You can contact MPS by writing to us at the above address, or by emailing us at hello@mypossibleself.com.
We have appointed Simon Miller as our data protection officer. Simon is responsible for the management of data protection at MPS for dealing with any questions you may have in relation to this privacy policy. He can be contacted using the contact details given in sections 2. and 3. above.
Personal data means any information about an individual (a data subject) from which that person can be identified. It does not include data from which the identity of an individual cannot be identified (anonymous data).
When you register to use and then use our app or website, we may collect personal data about you including the following types of data (User Personal Data):
In relation to User Personal Data MPS is the data controller. A data controller is a natural or legal person, public authority, agency or other body which makes decisions about how and why we process your personal data. As the data controller in relation to your personal data, we are responsible for ensuring that it is used in accordance with data protection laws.
All location data used by the “risky places” feature within the Drinking and Gambling Safely Guided Series is processed locally only within the app. We do not receive, send or share any location data.
We collect User Personal Data as a result of your registering to use and using our app or website and when you contact us with a query that you may have about using our services.
We will only process personal data when the law allows us to.
Most commonly, we use User Personal Data in the following ways:
The law on data protection provides a number of different grounds that a company such as MPS can rely on to make its processing of personal data lawful.
MPS relies on the following four legal grounds to process User Personal Data:
We can collect and process your personal data with your consent.
We may process User Personal Data to comply with and perform our obligations and exercise our rights under our contract with you. We also rely on this basis when ascertaining whether or not you are complying with our Terms of Service [link] and enforcing those terms.
The law states that in specific situations, MPS can process User Personal Data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact the rights, freedoms or interests of our customers. We rely on this basis to use your Contact Data to send you communications and information about other services we offer. We also rely on this basis to process your Usage Data to generate the anonymised data.
We may process your User Personal Data to comply with any applicable legal obligation, law, regulation, legal process or enforceable governmental request or to detect, prevent or otherwise address fraud or crime prevention.
We may store your Technical Data and Usage Data on external log storage and with analysis providers. This allows us to improve the service we offer our customers.
MPS may share User Personal Data with any member of our group, for the purposes of data and trend analysis. Group in this context means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose or share User Personal Data in order to comply with any legal obligation on us or to protect the rights, property, or safety of MPS or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection or the prevention of criminal conduct.
We may disclose User Personal Data to a purchaser of MPS or substantially all of its assets, in which case User Personal Data held by MPS will be one of the transferred assets.
We won’t share User Personal Data with any third party for the purpose of marketing unless you have given your consent to us doing that. If you do consent to receive information about third party products or services, we will provide you with relevant details of the third party (including who they are, where they are based and how they may be contacted) and will explain what User Personal Data will be shared with them.
We work hard to protect User Personal Data from unauthorised access, misuse, alteration, disclosure or destruction. We have put in place appropriate security measures to prevent User Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In particular the steps we take to protect User Personal Data include:
In the unlikely event that there were to be any unauthorised access to (or an event occurs that creates a real risk of any unauthorised access to) any User Personal Data which MPS holds, then MPS will, if it considers that the such events give rise to a high risk of affected individuals being adversely impacted, notify the affected individuals (and the Information Commissioner) as soon as reasonably practicable.
To determine the appropriate retention period for any particular type of User Personal Data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of such personal data, the purposes for which we process such personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
We retain User Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Generally these periods are as follows:
At the end of the retention period, personal data will be deleted completely.
In some circumstances data subjects can ask us to delete their personal data.
We may use your Contact Data to inform you about our services – for example we may send you emails or electronic notifications letting you know about upcoming service changes, technical issues, improvements or changes to our terms of use.
We may also use your Contact Data to send you emails containing information about products and services we offer or to conduct surveys but we won’t do that if you opted not to receive such emails when you registered with us. Any email of this type that we send you will contain an opt out option, which you can use to tell us that you no longer wish to receive this kind of email.
We won’t otherwise share your User Personal Data with any third party for marketing purposes without first obtaining your express opt-in consent.
You can ask us or any approved third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
We will only process User Personal Data within the UK or the EEA. The EEA includes all 27 EU Member countries as well as Iceland, Liechtenstein and Norway.
We would only ever use a cloud based server, located outside the UK or the EEA, to store User Personal Data if our contractual relationship with the cloud services provider ensured sufficient protection of personal data.
You have a number of legal rights in relation to the User Personal Data we hold about you including the right to request:
If you wish to exercise any of the rights set out above, then you should contact our Data Protection Officer, whose details are set out in paragraphs 2 and 3 above.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with such a request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Typically we will require at least two valid types of data, being the email address that you used to sign up to our network services with and details of the devices you used to access our service (for example MAC Address).
We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if the request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
If you ask us to, we will, subject to compliance with any overriding legal obligations we owe to third parties, remove, delete or stop using your User Personal Data information. If you want us to do this then please contact us at dpo@mypossibleself.com. We will need to verify your identity as set out in section 16 above.
We keep our privacy policy under regular review. This version was last updated 16 April 2020. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
In general, we use cookies and our records of the pages users have visited to gather information about all of our users collectively, such as what areas users visit most frequently and what services are accessed most. We only use such data in the aggregate. This information helps us determine what is most beneficial for our users, and how we can continually create a better overall experience for our users and improve our website in order to tailor it to customer needs. We use the following cookies for MPS:
| Company | Name | Purpose |
|---|---|---|
| _ga | This cookie is used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. | |
| Hubspot | hubspotutk | This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when de-duplicating contacts. It contains an opaque GUID to represent the current visitor. It expires in 13 months. |
| Hubspot | __hstc | The main cookie for visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). It expires in 13 months. |
| Hubspot | _hssc | This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. It expires in 30 minutes. |
| Hubspot | _hssrc | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value “1” when present. It expires at the end of the session. |
| Hubspot | __cfduid | This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. It may be placed devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features. It is a session cookie that lasts a maximum of 30 days. |
| Hubspot | __cfriud | This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. |
| Hotjar | __hjid | This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID. |
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority in relation to data protection issues (www.ico.org.uk). If you feel that your data has not been handled correctly, or are unhappy with our response to any requests you have made to us regarding our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would, however, appreciate the chance to deal with any such concerns before you approach the ICO so please contact us in the first instance.
The ICO can be contacted by calling 0303 123 1113 or by going online at www.ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge a complaint with the relevant data protection regulator in your country of residence.
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dpo@mypossibleself.com.