The Censeo Digital platform is used to assess mental health related symptoms and concerns and identify possible mental health conditions.
The Censeo Digital platform is not intended for children, and we do not knowingly collect data relating to children.
Who we are
We are Psyomics Limited, a company registered in England and Wales with company number 09470381. We are the data controller and responsible for your personal data.
Have a question about something in this policy?
Data Protection Officer
Address: Psyomics Ltd. Beech House, 4a Newmarket Road, Cambridge CB5 8DT
We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO under number ZA 217939).
The information we hold about you, and how we use it
We may collect, use, store and transfer different kinds of personal data about you as a result of your interaction with the Censeo Digital platform. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We collect such personal information as follows;
Information that you provide to us when you use the Censeo Digital platform
- When you register for a Censeo account. You provide ‘identity data’ such as your name, date of birth, email address and registered GP practice, so we can set up an account for you and provide the Services. It is not possible to access our Services unless all necessary data is provided, such as answering all question sessions in the Censeo assessment.
- When you complete the Censeo assessment: You provide ‘sensitive personal data’ when you respond to the health-related and lifestyle questions in the assessment. We collect this information to provide the Services i.e. to provide an indication of potential mental health conditions. Please note that if you fail to provide information when requested in the assessment, we may not be able to perform the Services.
- Feedback survey data: Feedback survey data are your responses to any feedback survey, if you choose to complete this survey. This survey is entirely optional, and you will still receive your mental health report. The feedback survey is used to improve patient experience and improve the provision of Services.
Information which you provide to us is processed on the basis that we are performing a contract with you (by providing the Services) and you have consented to this. We may also process your information for our legitimate interests (e.g. to understand how our services are used and to further develop them) or to comply with a legal obligation.
We process your ‘personal data’ and ‘sensitive personal data’ on the basis of your explicit consent only where there is no other legal basis available.
Information that we collect when you visit the Censeo website and complete the assessment
Although we will not use it to identify you, we collect the following types of data when you visit the Censeo website and complete the assessment. We collect and process this information to provide the Services in a safe and lawful way, and to keep improving them. This includes:
- Device data: Technical information about the device you are using and the software you’ve used to access the Services.
- Analytics data: Operating system and browser type. Details of your visit to the Censeo Digital platform such as page interaction information and length of visits to certain pages.
We do this by using cookies, which are small files of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device's hard drive.
We use the following cookies on our Censeo website:
- Strictly necessary cookies. These are cookies that are required for the operation of our platform. They include, for example, cookies that enable you to log into secure areas of our platform.
- Analytical or performance cookies. These allow us to recognise and count the number of visitors to our website and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Session token||This is used to remember that you are currently logged in or have used the app before.||Essential|
|Sign up token||This is used to remember and track where in the sign-up flow you have reached||Essential|
|Cookie settings||This is used to remember your cookie preferences, to avoid asking on every visit||Essential|
|Google analytics cookie||This is used to understand how our users access, use and return to the landing page||Optional|
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website or other parts of the Censeo Digital platform. You can control the use of analytics cookies on the Censeo website by navigating to Cookie settings [here]. Except for essential cookies, all cookies will expire after 2 years.
Where do we store or send your personal data?
1.1 Companies that provide services to us. Here we mean companies that help us to provide the services you use and that need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name). These companies include;
- Google Cloud Platform: Our Platform is hosted on the secure cloud storage providers Google Cloud Platform. Your data is fully secure and encrypted. This information is only processed in a way which does not identify anyone. We do not allow or instruct Google Cloud to make any attempts to find out the identities of those using the Censeo Digital platform.
- Mandrill: We use Mandrill to send you automated emails. Mandrill uses the email address you provide at registration and your full name. Mandrill will only send ‘sensitive data’ such as your diagnostic report, if you request that your report is sent via email.
- Google analytics: We use Google analytics to collect standard internet log information and details of visitor behaviour patterns, such as the pages you visit on our website. This information is only processed in a way which does not identify anyone. We do not make or allow Google analytics any attempts to find out the identities of those visiting the Censeo website.
(a) We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
(b) Your information may be transferred outside the European Economic Area (EEA), for example due to storage on the Google Cloud Platform. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it as in the EEA by putting in place appropriate safeguards.
Disclosure of your personal data/who we share your data with
- Your medical information will be kept strictly confidential and will not be shared with anyone without your prior consent.
- If you are using Censeo as a private user, your information will never be shared with anyone.
- If you have been referred to Censeo by your healthcare provider, your information will be shared securely with them, through secure systems.
Keeping your data safe
(c) We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality and, where they are the data processor, will only process your personal data on our instructions.
(d) How long do we keep your information?
1.2 We will only keep your personal data for as long as reasonably necessary, such as for the performance of the Services. When deciding the appropriate retention periods, we will take into account:
- The amount, nature and sensitivity of the personal data, risk of potential harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means;
- The purposes for which you are accessing the Censeo Digital platform;
- The duration for which your personal data is required for the performance of the Services and the purpose for which it was collected; and
- Any legal and regulatory obligations under applicable law, contract or with regard to any statutory obligations.
(a) In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your data protection rights
1.3 Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
- Your right to withdraw consent – You have the right to withdraw consent at any time where we are relying on consent to process your personal data.
1.4 You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, but occasionally it could take us longer if your request is complicated or you have made a number of requests. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
1.5 Please contact the DPO using the details set out below if you wish to make a request.
Changes to this policy