The Censeo Digital platform is used to assess mental health related symptoms and concerns and identify possible mental health conditions.
The Censeo Digital platform is not intended for children, and we do not knowingly collect data relating to children.
Who are we?
We are Psyomics Limited, a company registered in England and Wales with company number 09470381. If you are an individual using Censeo, we are the data controller and responsible for your personal data. If you are an NHS user, we are the data processor and the NHS provider is responsible for your personal data.
Have a question about something in this policy?
Data Protection Officer
Address: Psyomics Ltd. Beech House, 4a Newmarket Road, Cambridge CB5 8DT
We’re registered with the UK data protection authority (the Information Commissioner’s Office or ICO under number ZA 217939).
The information we hold about you, and how we use it
We may collect, use, store and transfer different kinds of personal data about you as a result of your interaction with the Censeo Digital platform. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We collect such personal information as follows;
Information that you provide to us when you use the Censeo Digital platform
- When you register for a Censeo account. You provide ‘identity data’ such as your name, date of birth, email address and registered GP practice, so we can set up an account for you and provide the Services. It is not possible to access our Services unless all necessary data is provided, such as answering all question sessions in the Censeo assessment.
- When you complete the Censeo assessment: You provide ‘sensitive personal data’ when you respond to the health-related and lifestyle questions in the assessment. We collect this information to provide the Services i.e. to provide an indication of potential mental health conditions. Please note that if you fail to provide information when requested in the assessment, we may not be able to perform the Services.
- Feedback survey data: Feedback survey data are your responses to any feedback survey, if you choose to complete this survey. This survey is entirely optional, and you will still receive your mental health report. The feedback survey is used to improve patient experience and improve the provision of Services.
The information which you provide to us is processed on the basis that we are performing a contract with you (by providing the Services) and you have consented to this. We may also process your information for our legitimate interests (e.g. to understand how our services are used and to further develop them) or to comply with a legal obligation.
We process your ‘personal data’ and ‘sensitive personal data’ on the basis of your explicit consent only where there is no other legal basis available.
NHS users of Censeo:
The information you share will be sent to the assessment team at your NHS provider and they will add this to your health record. Unless something is factually incorrect, we won't be able to destroy this information. Censeo will keep a copy of your answers, but we will take off any information that could identify you.
Where do we store or send your personal data?
1. Companies that provide services to us. Here we mean companies that help us to provide the services you use and that need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name). These companies include;
- Amazon Web Services: Our Platform is hosted on the secure cloud storage providers Amazon web services. Your data is fully secure and encrypted. This information is only processed in a way which does not identify anyone. We do not allow or instruct AWS to make any attempts to find out the identities of those using the Censeo Digital platform.
- Mailchimp: We use Mailchimp to send you emails. Mailchimp uses the email address you provide at registration
- Google Analytics: We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns, such as the pages you visit on our website. This information is only processed in a way which does not identify anyone. We do not make or allow Google analytics any attempts to find out the identities of those visiting the Censeo website.
2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
3. Your information may be transferred outside the European Economic Area (EEA), for example, due to storage on Amazon Web Services. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it as in the EEA by putting in place appropriate safeguards.
Disclosure of your personal data/who we share your data with
- Your medical information will be kept strictly confidential and will not be shared with anyone without your prior consent.
- If you are using Censeo as a private user, your information will never be shared with anyone.
- If you have been referred to Censeo by your healthcare provider, your information will be shared securely with them, through secure systems.
Keeping your data safe
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality and, where they are the data processor, will only process your personal data on our instructions.
How long do we keep your information?
We will only keep your personal data for as long as reasonably necessary, such as for the performance of the Services. When deciding the appropriate retention periods, we will take into account:
- The amount, nature and sensitivity of the personal data, risk of potential harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means;
- The purposes for which you are accessing the Censeo Digital platform;
- The duration for which your personal data is required for the performance of the Services and the purpose for which it was collected; and
- Any legal and regulatory obligations under applicable law, contract or with regard to any statutory obligations.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
- Your right to withdraw consent – You have the right to withdraw consent at any time where we are relying on consent to process your personal data.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, but occasionally it could take us longer if your request is complicated or you have made a number of requests. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
Please contact the DPO using the details set out below if you wish to make a request.
Changes to this policy