Privacy policy
Introduction
HeadClear Limited (HeadClear) is committed to processing any personal information about its clients, staff, guests and visitors in ways that comply with its legal and regulatory obligations, and to being clear about what it does with their personal information.
In compliance with data protection law, including the UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR), this privacy policy explains the types of personal information we collect on the site, how we use the information, with whom we share it and the choices available to users of our site regarding our use of the personal information. We also describe the measures we take to protect the security of the personal information and how users can contact us about our privacy practices.
Data collection
HeadClear is a global provider of mental health and wellbeing measurement and management software.
HeadClear do not collect any special category data for its own purposes but may collect personal information which we receive when:
you enquire or make use of our services or systems;
as a potential new client who wishes to use or consider our services or systems;
you submit a CV or an application when seeking employment with us;
you engage with our social media accounts, including LinkedIn and Twitter;
someone is recommended by a friend, a former employer, a former colleague or even a present employer;
Or you make an enquiry on our website.
Information we collect
For our systems we may process the following types of personal information of, or from you:
your name, address, email address, telephone number(s) and other contact details;
your company's name, your position in the company; your company's address, company's email address and telephone number;
details of employee names, and ID numbers from our client's businesses;
your payment information such as credit or debit card details and bank account details;
information obtained through electronic means such as IP address or cookies;
information about your use of our information and communications systems.
Information we share and third parties
We do not, and will never, sell, share or otherwise disclose your personal information, except as described in this privacy policy. Access to your personal information is only allowed when required by law or is required as part of HeadClear fulfilling our service obligations. We will only share your information in this manner and for the purposes described below:
within HeadClear, where such disclosure is necessary to provide you with our services or to manage our business;
with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers;
In addition, we may disclose information about you
if we are required to do so by law or legal process;
to law enforcement authorities or other government entities; and
when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual espionage, cybersecurity or security events or other fraudulent or illegal activity.
We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation).
We are a cloud-based service provider and data processor. We have servers throughout the European Union and the United Kingdom.
To receive information on the recipients of your data, please contact us at [email protected]
How do we use the data we collect?
We are a data controller of personal data for our staff; visitors to our website; guests at our offices and personal contacts from our business and corporate clients. This information is used for legitimate interests or to fulfil our services as an employer or supplier of mental health and wellbeing measurement and management software.
We are a data processor of data for our clients who sign up to use our services or systems. Any data we use as part of these services and systems is under the data control of the client.
for the processing activities we undertake we collect your personal information for the following purposes:
for internal record keeping and administration in our relationship with you;
for the performance of a contract to provide you with services or products that you may request from us;
send you promotional materials or other communications; communicate with you about, and administer your participation in, special events, programs, offers, surveys and market research;
to fulfil our obligations to our clients, prospective clients and staff;
evaluate potential suppliers and manage our relationships with them;
provide and administer human resources services for HeadClear employees to meet our legal and regulatory obligations;
for financial payments and administration;
operate, evaluate and improve our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analysing our products, services and communications; and performing accounting, auditing and other internal functions);
to interact with users on social media platforms including LinkedIn, YouTube, Facebook and Twitter.
We may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required, or permitted by law.
How do we collect this information?
We collect personal information:
directly from clients: e.g. when you make an enquiry or purchase our services;
from staff: through our recruitment process and contract of employment;
from our clients and their employees;
from publicly available sources: g. networking, social media, internet services such as LinkedIn, direct referrals, other Corporate bodies;
from our website https://www.headclear.com
from our iOS and Android app from our web app https://app.headclear.com
We are committed to keeping your information up to date as far as is reasonably possible. However, if you believe that we have made an error, then please contact us at [email protected] and we will use reasonable endeavours to correct.
The legal basis for using your personal data
We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
you have provided your consent to us using the personal data;
our use of your personal data is in our legitimate interest as a commercial organization (for example our legitimate interests in communicating with you – in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the “Your rights and choices” section below);
our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (for example where you are one of our consultants, customers or vendors); and/or
our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have for example fulfilment of a court order.
If you would like to find out more about the legal basis for which we process personal data please contact us at [email protected]
Keeping your information safe and secure
HeadClear is committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
HeadClear takes reasonable steps to protect your personal information from unauthorised access, use, disclosure or loss, as follows:
We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality;
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so;
We dispose of your data in adherence with industry approved processes and timescales;
The website has security measures (including on-line and off-line physical, electronic and managerial safeguards) in place to protect against the loss, misuse, and alteration of the information under our control. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information online.
If you have any questions on the security of our website, you can request information from [email protected]
How long do we keep personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for other aspects of your personal information are available in our Retention Policy which is available on request at [email protected]
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of HeadClear we will retain and securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations.
Links to other websites
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
Website cookies
HeadClear make use of cookies; cookies are small files that a site or its service provider transfers to your computer's hard drive through your web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We use cookies to:
help identify your computer; this helps us compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf;
understand and save user's preferences for future visits.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.
If you turn off cookies, some features will be disabled. It won't affect the experience that makes our site more efficient but some of our services will not function properly, however, you can still place orders.
Your Rights and Choices
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at [email protected]. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal data
You have a right to request that we provide you with a copy of your personal data that we hold, and you have the right to be informed of:
the source of your personal data;
the purposes, legal basis and methods of processing;
the data controller's identity;
and the entities or categories of entities to whom your personal data may be transferred.
Right to rectify or erase personal data
You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it. You can also request that we erase your personal data in limited circumstances where:
it is no longer needed for the purposes for which it was collected; or
you have withdrawn your consent (where the data processing was based on consent), and where there is no other legal ground for the processing; or
following a successful right to object (see right to object); or
it has been processed unlawfully; or
to comply with a legal obligation to which HeadClear is subject.
We are not required to comply with your request to erase personal data if the processing of your personal data is necessary:
for compliance with a legal obligation; or
for the establishment, exercise or defence of legal claims; or
for performance of a contract.
Right to object to the processing of your personal data
You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to restrict the processing of your personal data
You can ask us to restrict your personal data, but only where:
its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
we have your consent; or
to establish, exercise or defend legal claims; or
to protect the rights of another natural or legal person.
Right to transfer your personal data
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
the processing is based on your consent or on the performance of a contract with you; and
the processing is carried out by automated means.
Right to object to how we use your personal data for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
How to contact us
If you have any queries relating to this privacy policy, please feel contact HeadClear at [email protected]
Changes to our Privacy Policy
We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was last updated in May 2022.