Privacy Policy

In Crisis?

Last updated February 2021

 

 

 

For end users located in Canada, the controller is Togetherall Limited and the Canadian Privacy Policy available at www.togetherall.com/en-ca/ will apply.

 

For end users located in the US, the controller is Togetherall Limited and the U.S Privacy Policy available at www.togetherall.com/en-us/ will apply.

 

 

Contents

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Definitions

 

 

‘Account’ means a Members’ Site personal account;

 

‘Bricks’ means a way for Members to express creatively through drawing or by uploading their own images and adding text on Our platform.

 

‘Courses’ means a place where a Member can enroll and take part in interactive group courses on a variety of topics to help them feel more in control of their emotional health.

 

‘House rules’ means the House Rules applicable to Members accessing the Site.

 

‘Journal’ means a place a Member can use to note down what they have been up to and what they have been going through.

 

‘Member’ means an individual that has registered as such on the Site and has had a Member Account set up on the Site and ‘membership’ shall be interpreted accordingly.

 

‘Member Terms’ means the Terms of Use which incorporate Our House Rules and Privacy policy detailed on the Site from time to time.

 

‘Site’ means our website located at www.togetherall.com.

 

‘Talkabouts’ means the areas of the Site where Members can share their thoughts with fellow Members to share and discuss what’s on their mind, gain support and advice.

 

‘We’, ‘Us’ and ‘Our’ means Togetherall Limited, a company registered in England and Wales under company number 06227377, with a registered office at 36-38 Whitefriars Street, London, EC4Y 8BQ.

 

“You”, “Your”, “Yourself”, “You’ve” means the: (i) Members and other individual end users that access Our Site, requests or receive any of Our services and/or interact with Us by any means (email, phone, etc.); and (ii) the staff of Our customers (“Customers”) that interact with Us for the purpose of managing the services We provide to the Customer (“Customer’s Users)”.

 

“The Wall” means the areas of the Site where Members can post and interact with other users, including professionals.

 

“Wall Guides” means professionals assigned by Togetherall to provide guidance to Members.

 

Back to the top

 

 

Who We are

 

 

For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”), the data controller is Togetherall Limited, a company registered in England and Wales under company number 06227377, with a registered office at 36-38 Whitefriars Street, London, EC4Y 8BQ.

 

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If You have any questions about this Privacy Policy, including any requests to exercise Your legal rights, please contact Our DPO using the details set out below.

 

Back to the top

 

 

How to contact Us

 

 

Email Our Privacy Officer at: theteam@togetherall.com

 

Call Us on +44(0)203 405 6196

 

Or write to Us at:

Togetherall

36 – 38 Whitefriars Street

London

EC4Y 8BQ

 

Back to the top

 

 

Purpose of this Privacy Policy

 

 

Here at Togetherall We take Your privacy rights very seriously and We seek to ensure the highest standards of compliance. We fully comply with all applicable data protection laws, including: (i) the General Data Protection Regulation (“GDPR”) and other applicable European Union data protection laws; (ii) the UK Data Protection Act 2018 (“DPA 2018”) and other applicable UK data protection law (“Data Protection Legislation”).

 

Our Privacy Policy explains how We collect, use, disclose and retain Your Personal Data and how You can protect Your privacy when You use the Site.

 

Our services are available to individuals who are 16+ years old and are not intended for children. We do not knowingly collect data relating to children.

 

It is important that You read this Privacy Policy together with any other privacy notice or fair processing notice We may provide on specific occasions (e.g. when We are collecting or processing Personal Data about You), so that You are fully aware of how and why We are using Your Personal Data. This Privacy Policy supplements other notices and is not intended to override them. Please also read or Privacy Policy in conjunction with Our Member Terms available on Our Site.

 

Back to the top

 

 

Changes to Our Privacy Policy

 

 

This is Our Privacy Policy and it supersedes any earlier version. Please note that We regularly review Our Privacy Policy and from time to time We will update and amend the policy accordingly.

 

We will always post any changes to Our Privacy Policy on this section of Our Site. If We make changes to the way that We use Your Personal Data, We will inform You via email or similar means.

 

If You have any queries or complaints in relation to this Privacy Policy, please contact Us using the “how to contact Us” section above, We will always value Your feedback. You can raise a complaint by following the procedure under the “complaints” section of this Privacy Policy.

 

Back to the top

 

 

Protecting Your privacy and identity

 

 

Our main aim in providing The Wall is to provide a safe place for Members to share their thoughts, feelings and discussions with others in a confidential environment, where Your anonymity is respected.

 

If You are engaged with Live Therapy, Your Personal Data will be confidentially collected as described in Our Live Therapy and ‘Risk or crisis situations’ sections below.

 

We use appropriate administrative, physical and technical safeguards to protect Your Personal Data from loss or theft, unauthorised access, use or disclosure, or modification or destruction. For example, We train Our personnel to protect Your privacy and require them to comply with Our policies and procedures that protect Your Personal Data. In addition, We limit access to Your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your Personal Data on Our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected Personal Data breach. We use computing systems in secure facilities to store Your Personal Data in an encrypted form.

 

Back to the top

 

 

Personal Data and Special Category Data

 

 

“Personal Data”, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

“Special Category Data” means Personal data that includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.

 

We may collect, use, store and transfer different types of Personal Data about You which We have grouped together as follows:

 

1. Registration Data: We process the following registration data;

 

  • date of birth

 

  • email address

 

  • postcode

 

  • telephone number

 

  • ethnicity (optional)

 

2. Customer’s Users Data: Personal Data collected and generated when a Customer’s User opens a user account, manages the services We provide to the Customer and interacts with us including:

 

  • date of birth

 

  • email address

 

  • username

 

3. Technical Data: We will collect and store Members time zone upon registration, then all relevant IP addresses to Members and other end users accessing the Site along with their login data, browser type and version, operating system and platform, and other technology on the devices they use to access Our Site.

 

4. Personal Information within Member Content:

 

  • Information posted whilst using Our Site for example within Bricks, Talkabouts, Journals or Courses (refer to Our definitions section at the start of this document) sessions, subject to Your privacy settings or when You interact with Us including by phone and email.

 

5. Membership Data: Personal Data You provide to us, when You request access to Our services through Your health insurance provider, Your university, college or employer or the organisation who referred You to Our service, to ensure eligibility.

 

6. Patient Data:

 

  • Discharge summary: A summary of the course of treatment received and any further recommendations regarding care.

 

  • Patient Experience Questionnaires: Feedback exploring member experience of using the service and the treatment received.

 

  • Referral Data: If You reach Our services through the route of being referred (this could be a prescription by Your healthcare professional or another suitable person) they may include Your full name, Your telephone number, or a reference number. Your referrer may also include a note on the prescription which may contain Personal Data or Special Category Data (e.g. health data).

 

  • Additional Patient Data/Treatment Data: Details relevant to Your safeguarding. For example, these may include other organisations / professionals involved in Your care or details of family members.

 

 

7. Live Therapy Data: Where You are prescribed or referred and participate in Our Live Therapy

 

  • We may collect the following Personal Data and Special Category Data during the sessions, which could include:

 

    •  Name

 

    • Date of birth

 

    • Address

 

    • Telephone number(s)

 

    • General Practitioner (GP) details

 

    • Racial or Ethnic Origin

 

    • Sexual Orientation

 

    • Long Term Condition status

 

    • Disability

 

Back to the top

 

 

If You fail to provide Personal Data

 

 

Where We need to collect Personal Data by law, or under the terms of a contract We have with You, and You fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter into with You (for example, to provide You with Our services). In this case, We may have to cancel a service You have with Us, but We will notify You if this is the case at the time.

 

Back to the top

 

 

How We collect Your Personal Data and why do We have it

 

 

We will only use Your Personal Data when the law allows Us to. Most commonly, We will use Your Personal Data in the following circumstances:

 

  • Where We need to perform the contract We are about to enter into or have entered into with You.

 

  • Where it is necessary for Our legitimate interests (or those of a third party) and Your interests and fundamental rights do not override those interests.

 

  • Where We need to comply with a legal obligation.

 

Generally, We do not rely on consent as a legal basis for processing Your Personal data although We will seek Your consent, or give you the chance to opt-out, before sending third party direct marketing communications to You via email or text message. You have the right to withdraw consent to marketing at any time by contacting Us.

 

Back to the top

 

 

How We collect Special Category Data and why do We have it

 

 

Support Network: During the registration process to access Our Platform We give You the option to provide Us with Your Ethnicity. When We do collect this special category data We do so to help ensure that We are meeting the needs of diverse population and serving Our populations appropriately, in line with Our charter to be inclusive for all.

 

Live Therapy: You may give Us Special Category Data such as biometric data for unique identification, health information and medical records, racial or ethnic origin, political orientation or beliefs, religious or philosophical beliefs, trade union membership, data concerning sex life or sexual orientation, genetic data.

 

Patient Data: We may also collect or receive Patient Data from You or from other parties (i.e. those who refer You) in the context of the health and care services We provide to you.

 

Any information provided by You during the course of Live Therapy sessions will be regarded as Special Category Data and treated as medically sensitive information and will only be used for the purposes of the therapist continuing to assist You under those sessions. Such information will not be disclosed to third parties without Your prior written consent in accordance with the provisions of the Access to Medical Reports Act, 1988 unless We need to do so to protection Your vital interests. See the Live Therapy section of Our Member Terms for more information on disclosure to protect You.

 

We will only use confidential information (including Special Category Data) about Your health and care, where this is allowed by law and there is a clear legal basis to use it. For instance, We process Special Category Data about You (e.g. patient records) when We provide a health or care service to You (such as You attending a Live Therapy session, to provide You with the care and treatment You need or request). Our overall aim is to help improve Your mental health, after all Our goal is to eradicate mental health globally.

 

We will generally request Your consent before We process Your confidential information relating to Your treatment or safeguarding and other Patient Data. However, In circumstances where We need to use this information to provide You with the care and treatment You need or request, or where We are concerned about Your safety or the safety of another person, We may process Your health related or safeguarding information using a legal basis, and a condition for processing,  other than consent. This may include, substantial public interests or the substantial public interests of another, a legal obligation We hold as an organisation or for a public task in the area of public health.

 

Please note that We will only rely on Vital Interests as a lawful basis and condition for processing Your Personal Data (under Art. 6 and 9 GDPR) in situations of risk where You are physically or otherwise incapable of giving consent or when We need to comply with a duty of care towards You pursuant to applicable laws.

 

Back to the top

 

 

Purposes for which We will use Your Personal Data

 

 

We have set out below, in a table format, a description of all the ways We plan to use Your Personal Data, and which of the legal bases We rely on to do so. We have also identified what Our legitimate interests are where appropriate.

 

Note that We may process Your Personal Data for more than one lawful ground depending on the specific purpose for which We are using Your data. Please contact Us if You need details about the specific legal ground We are relying on to process Your Personal Data where more than one ground has been set out in the table below.

 

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest and conditions for processing Special Category Data
To register You as a new Member or Customer’s User and maintain Your registration (a) Registration Data

 

(b) Membership Data

 

(c) Customer User’s Data

(a) Performance of a contract with You

 

(b) Necessary for Our legitimate interests

 

We collect Members’ date of birth and email address to register the new Members and other information necessary to create the Member account. More particularly, We use Your date of birth to confirm Your eligibility for Membership. If You have registered using Your postal code, We will also collect this information to confirm Your eligibility for Membership.

 

(c) Consent: in relation to the optional “ethnicity” field included in the Members’ registration form, the lawful basis for processing, and Condition for processing under Art. 9 GDPR are consent.

Administer the Site and Your Membership (a) Registration Data

 

(b) Membership Data

 

(c)Technical Data

 

(d) Member Content

 

(e) Customer User’s Data

(a) Performance of a contract with You

 

(b) Necessary for Our legitimate interests

 

We use Your Personal data to present it to You in ‘My Account’. We may also use Your Personal Data to:

 

  • Investigate any suspected breaches of, and enforce Our House Rules and Terms, e.g., to help Us determine if a Member has registered more than once.

 

  • Process and deal with any complaints made by or about You.

 

  • Investigate usage of the Site that may be inappropriate.

 

  • Comply with any legal obligation.

 

  • Seek compensation from You or take other action including legal action as set out in the Member Terms.
To manage Our relationship with You which will include:

 

(a) Notifying You about changes to Our terms or Privacy Policy

 

(b) to Communicate with You: for instance, messages about the Site and Your Membership, and notifications about new content and activity on the Site pertinent to You

 

For further detail see below: How We collect Member Content and why do We have it

(a) Registration Data

 

(b) Technical Data

 

(d) Customer User’s Data

a) Performance of a contract with You

 

(b) Necessary to comply with a legal obligation

 

(c) Necessary for Our legitimate interests (to keep Our records updated and to study how customers use Our products/services)

To provide You with the care and treatment You need or request (as applicable) and Keep You or another person safe

 

(for further detail see below: (i) Live Therapy; (ii) Risk and Crisis situations; and (iii) How We collect Special Category Data and why do We have it)

(a) Registration Data

 

(b) Patient Data

 

(c) Member Content

(a) consent, substantial public interests

 

(b) Necessary to comply with a legal obligation, substantial public interests, vital interests

 

(c) protection of vital interests: In circumstances where We are concerned about Your safety or the safety of another person, and You are physically or legally incapable of giving consent (or if applicable, We need to comply with a legal duty of care), We may process Your Personal Data to keep You or another person safe, for more information regarding this please view Our ‘Risk or crisis situations’ section.

 

Conditions for processing under Art. 9 GDPR: Consent, Vital Interests or health care (also pursuant to condition 2 of UK DPA 2018)

To contact You & To improve Our services

 

(a) including whether You’d be interested in participating in any research projects. You may also turn these emails off in Your ‘Account Settings’ section

 

(b) to ask You to partake / complete surveys: We may present a research survey to You and collect Personal Data from You if You agree to participate. We will inform You about why We wish to collect Your Personal Data and ask You for Your consent before collecting it.

(a) Member Content

 

(b) Survey

(a) Necessary for Our legitimate interests (To improve Our services or for medical or scientific research)

(b) Consent

To administer and protect Our business and Our Site:

including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Registration Data

 

(b) Technical Data

(a) Necessary for Our legitimate interests (for running Our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

 

(b) Necessary to comply with a legal obligation

To use data analytics to improve Our Site, products/services, marketing, customer relationships and experiences (a) Technical Data

 

(b) Member Content

 

(c) Customer User’s Data

Necessary for Our legitimate interests (to define types of services, to keep Our Site updated and relevant, to develop Our business and to inform Our marketing strategy)

 

Back to the top

 

 

Anonymised Data

 

 

We may use Your Personal Data to create data sets and reports that contain anonymised data that cannot be used to identify You.  Anonymised data could be derived from Your Personal Data but is not considered Personal Data (as You cannot be identified from this data). We use such reports and data, and may disclose them to external parties, such as funding sources, for: statistical, analytical and reporting purposes; research; and for evaluating and enhancing the Site or improving the service. For example, We may aggregate part of Your Site usage data to calculate the percentage of users accessing a specific Site feature. We may produce reports that identify how many Members live in different geographical areas by using Your postal code along with that of other Members.

 

Back to the top

 

 

Live Therapy

 

 

Therapists will keep short narrative factual record of each therapy session. These notes will be stored online on a secure server, for more information on this please view Our ‘Where We store Your data’ section. The notes will be stored in pseudonymised form using an identifier.

 

  • For NHS client Members only, this can be linked back to the patient’s identity and patient reference number which may include the NHS number.

 

The purpose of the record is to act as an aide memoire of the key points of the session and to assist the preparation of update reports to referrers (for NHS client Members). It will not be a narrative account of the full session.

 

Members will have the opportunity to add their own comments to the session record but not to request a change of the therapist’s record. However any factual errors in the therapist’s record can be noted by the Member in the record they make. This does not affect Your rights to have Your Personal Data updated, corrected or erased. See the ‘Your data protection rights’ section below. The therapist will have been informed by Togetherall of their obligations under the Data Protection Legislation, the Access to Medical Reports Act 1988 and any other applicable legislation.

 

The record of the session will be stored online on a secure server.

 

Back to the top

 

 

Risk or crisis situations

 

 

Support Network

 

In the rare situation where We feel that You or someone else is at risk We may use Your Personal Data to escalate risk to the appropriate external support mechanisms. We have a duty of care to ensure that We provide a safe space to support You, if We cannot achieve Our mission and We believe there is a significant risk, Our legal obligation means We may have to escalate externally. Here Your Personal Data will be required to provide You with the appropriate support. Of course, this decision will always be made with a considered approach by Our team of qualified Senior Clinicians.

 

The external support mechanism will need Your Personal Data to provide You with the appropriate support. External support mechanisms may include; the appropriate representative from Your commissioning body (such as Your university, college or employer), the organisation who referred You to Our service(s), Your GP and/or the emergency services.

 

Live Therapy

 

Therapists assess risk in all assessment sessions and all follow up sessions with Togetherall Live Therapy Members. If the therapist identifies in the course of a therapy session that the Member or another person is identified (in the therapist’s opinion) as being at risk of harm then the therapist will take steps that they believe to be reasonable to reduce the risk of harm. Due to the remote nature of the service We will:

 

  • Gain personal details (name, date of birth, address, telephone number) from the Member so that contact with local emergency services can be made for assistance in case of risk.

 

  • Ask a Member if there is another adult in the location or an emergency contact where they are who could be summoned for support.

 

  • Request GP details so that continuity of care can be facilitated.

 

  • In life and death situations, there may be recourse to call the police or other emergency services for assistance.

 

  • Assistance will be limited to what can reasonably be offered from a remote connection and whilst a therapist will operate in good faith to do what they can to improve the situation, neither they nor Togetherall can accept any responsibility for any harm that may follow.

 

Back to the top

 

 

How We may disclose Your Personal Data

 

 

We require all third parties We share Personal data with, to respect the security of Your Personal Data and to treat it in accordance with the law.

Often We may need to share Your Personal Data with other service providers in order to facilitate the running of the Site. For example, third parties associated with hosting server co-locations. When this happens, We implement strict contractual agreements with such third parties. We do not allow Our third-party service providers to use Your Personal Data for their own purposes and only permit them to process Your Personal Data for specified purposes and in accordance with Our instructions. We will only disclose your health data to third parties as specified above (see “How We collect Special Category Data and why do We have it”, “Live Therapy” and “Risk or crisis situations”).

 

Details of third parties that We share Your Personal Data with are set out in Our linked Page of Third Party sub-contractors.

 

We may disclose Your data to Our employees, and agents to administer Your membership and the services provided by Us now or in the future.

 

We may also disclose Your Personal Data to third parties:

 

  • when this is necessary for the purpose of the services We provide to You (e.g. We may share information about the Therapy sessions You receive with the person that prescribed the sessions or referred You to Us;

 

  • if We are required to do so by law or to comply with any legal obligation;

 

  • in order to enforce or apply Our Terms and other agreements; or

 

  • to protect the rights, property, or safety of Togethall Limited, Our customers, or others.

 

This includes exchanging information with other companies and organisations such as the police, regulatory bodies or legal advisers for the purposes of security, risk reduction and fraud protection. For example, We may disclose Your Personal Data to the police in connection with any alleged criminal offence.

 

We may disclose Your Personal Data to any member of Our group, which means Our subsidiaries, Our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

 

We may disclose Your Personal Data to third parties to whom We may choose to sell, transfer or merge parts of Our business or Our assets, but this will always be on a “need to know basis” and in compliance with Data Protection Legislation. Alternatively, We may seek to acquire other businesses or merge with them. If a change happens to Our business, then the new owners may use Your Personal Data in the same way as set out in this Privacy Policy.

 

Back to the top

 

 

Marketing

 

 

We may also use Your Personal Data to send You and keep You updated with information by e-mail or message through the Site about existing and new services from Us and to send You information by e-mail or message through the Site about related products or services of selected third parties that may be of interest to You. To opt-out of receiving these messages, You can use the facility contained in any such communication or change Your ‘Account settings’ through Your Togetherall profile on the Site. You may also contact Us to opt out using the information under the ‘Contacting Us’ section above: please state Your member name, and from whom You do not wish to receive further communications. Also see the ‘Your Rights’ section below, for information about how to withdraw Your consent to receive these messages.

 

Back to the top

 

 

Retention and destruction of Personal Data

 

 

We only keep Your Personal Data for so long as it is necessary to fulfil the purpose for which it was collected and to comply with guidelines for the retention of health records and also for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, We consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Your Personal Data, the purposes for which We process Your Personal Data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. We will keep Your Personal Data for a period of 8 years after You or We have closed Your Member Account, or if You have not logged into Your Member Account for more than 8 years. After that 8-year period We will delete all of Your information securely in accordance with Our data destruction policies unless You contact Us to reactivate Your Member Account in that period. We may retain Your Personal Data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation in respect to Our relationship with You.

 

We may retain some information in anonymised form, for example for statistical analysis and research purposes, but We do not retain any Personal Data after the expiry of the 8-year period from the date of closure or expiry of Your Member Account.

 

Back to the top

 

 

Where We store Your Personal Data

 

 

If You are located in the EEA or in the UK, all Personal Data, including Member Content, You provide to Us is stored and processed on Our secure servers located in the UK or the European Economic Area (“EEA”). We may transfer Personal Data outside of the EEA or the UK (as applicable) to: (i) provide 24/7 care in urgent or risk situations; or (ii) seek specialist support and advice from specialist consultants located outside the EEA or the UK, but We will implement adequate safeguarding controls where this is the case. We may store locally Personal Data of Members located outside the UK or the EEA.

 

Back to the top

 

 

Accessing Your Personal Data

 

 

When Your Member Account is still active (i.e. You have logged-in within the previous 8 years, You may login to Your Member Account on the Site at any time to view Your Personal Data. If Your Member Account has expired, You may reactivate it by contacting Us using the contact form or +44(0)203 405 6196. We will generally be able to reactivate Your account for a period of two weeks in order for You to access and copy Your Personal Data and Member Content. You may update Your email address at any time by logging in and accessing ‘Account Settings’.

 

Tip: You may click on Your My Profile picture and see all the Member Content You have posted in one place. You may also see all Your Bricks, Talkabouts and Course content by visiting those sections of the Site.

 

You have other rights to access, correct and erase Your Personal Data under Data Protection Legislation. See the ‘Your Rights’ section below.

 

Back to the top

 

 

Cookies

 

 

You can set Your browser to refuse all or some browser cookies, or to alert You when websites set or access cookies. If You disable or refuse cookies, please note that some parts of this Site may become inaccessible or not function properly.

 

For more information on Cookies that We use and on the Third Parties Cookies click here.

 

Back to the top

 

 

Privacy policies of other websites

 

 

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. Please note Our Privacy Notice only applies to Our Site, if You click on a link to an external website You should read their privacy statements. We do not accept any responsibility or liability from the actions or omissions of any third-party websites which You may access.

 

Such third-party websites are not investigated, monitored or checked for accuracy, appropriateness, or completeness by Us, and We are not responsible for any websites You may access via a recommendation or suggestion on the Site. Inclusion of, linking to or permitting the use or installation of any third-party website or any third-party applications, software or content does not imply approval or endorsement by Us. If You decide to leave the Site and access a third-party website or to use or install any third-party applications, software or content, You do so at Your own risk.

 

We are not responsible for the policies, content or security of these linked websites, including how they protect Your privacy and collect, use and disclose Personal Data. We strongly encourage You to review the privacy policies applicable to any linked websites You visit.

 

We do not have any control over the use to which third parties may put Your data where You choose to purchase products or services or otherwise to contact them via the Site and We take no responsibility or liability for such use by third parties. Please check any policies on such websites before You submit any Personal Data to them.

 

Back to the top

 

 

Your data protection rights

 

 

If You wish to make a data subject request, please contact Us by any of the means specified in the How to Contact Us section above.

 

Your right of access – You have the right to request copies of Your Personal Data which We hold, this is known as a subject access request. You can also view the latest Personal Data We hold on Your Member Account by logging into Our platform and viewing the “Account Settings” section.

 

Your right to rectification – This enables You to have any incomplete or inaccurate Personal Data We hold about You corrected, though We may need to verify the accuracy of the new Personal Data You provide to Us. If You would like to do this, please contact Us and let Us know the information that is incorrect and the information You want it replaced.

 

Your right to restriction of processing – This enables You to ask Us to suspend the processing of Your Personal Data in the following scenarios: (a) If You want Us to establish the Personal Data’s accuracy; (b) Where Our use of the data is unlawful but You do not want Us to erase it; (c) Where You need Us to hold the data even if We no longer require it as You need it to establish, exercise or defend legal claims; and  (d) You have objected to Our use of Your Personal Data but We need to verify whether We have overriding legitimate grounds to use it.

 

Your right to object to processing – You may object to Our processing of Your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something about Your situation which makes You want to object to processing on this ground as You feel it impacts on Your fundamental rights and freedoms. You also have the right to object where We are processing Your Personal Data for direct marketing purposes. In some cases, We may demonstrate that We have compelling legitimate grounds to process Your information which override Your rights and freedoms. Exercising this right may also result in closure of Your Member Account as We will not be able to continue to provide access if We cannot process Your Personal Data for the purpose of administering Your Member Account and providing You access to it and the log-in areas of the Site.

 

Your right to erasure – You request for Us to erase all Your Personal Data (also known as the “right to be forgotten”) in the following circumstances:

 

  • It is no longer necessary for Us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;

 

  • Consent is the lawful basis for Togetherall holding Your data and You withdraw Your consent;

 

  • You object to Us holding and processing Your Personal Data (and there is no overriding legitimate interest to allow Us to continue doing so);

 

  • We are processing Your Personal Data for direct marketing purposes and You object to Us processing for marking purposes;

 

  • The Personal Data has been processed unlawfully; or

 

  • The Personal data needs to be erased in order for Us to comply with a particular legal obligation.

 

Erasure of Your Personal Data may result in automatic closure of Your Member Account and access to the log-in areas of Our Site.

 

Right to data portability – We will provide to You, or a third party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You. You can get a copy of Your Member Account information and Your Member Content by logging into Your Member Account. You can also request a copy of Your information which We hold (this is known as a subject access request). You can transfer this to other organisations if You wish.

 

No Fee Usually Required

 

You will not have to pay a fee to access Your Personal Data (or to exercise any of the other rights). However, We may charge a reasonable fee if Your request is clearly unfounded, repetitive or excessive. Alternatively, We could refuse to comply with Your request in these circumstances. We will notify You if this is the case at the time

 

Time Limit to Respond  

 

We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if Your request is particularly complex or You have made several requests. In this case, We will notify You and keep You updated.

 

Exceptions

 

It may not be possible for Us to delete Your Personal Data if We are required to keep it by law or if We hold it in connection with a contract with You. Similarly, access to Your Personal Data may be refused if making the information available would reveal Personal Data about another person or if We are legally prevented from such disclosure.

 

Back to the top

 

 

Complaints

 

 

If You have any complaints about the way in which We have used Your Personal Data and these have not been addressed by contacting Us first, You can contact the relevant supervisory authority which in the United Kingdom is, the UK Information Commissioner’s Office. We would, however, appreciate the chance to deal with Your concerns before You approach the ICO so please contact Us in the first instance.

 

https://ico.org.uk/concerns/

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: +44(0)303 123 1113

 

Back to the top

This site is not intended for individuals in an emergency. If you are in a life-threatening situation in the UK, please immediately dial 999 or go to your nearest Accident and Emergency department (A&E). If you are in a life-threatening situation in New Zealand, please immediately dial 111 or go to your nearest hospital emergency department (ED). Further crisis help can be found here.

Our Website has detected that you are using an outdated browser that will prevent you from accessing our service. We recommended that you update your browser to use Togetherall.