Skip to main content

Privacy Policy

Last updated 7th March 2023.

At Togetherall We recognise the importance of protecting Your privacy. If You are a user located in New Zealand, this Privacy Policy outlines how We collect, use and disclose Your Personal Data.

For end users located in the United Kingdom, the controller is Togetherall Limited and the UK Privacy Policy available here will apply.

For end users located in Canada, the controller is Togetherall Limited and the Canadian Privacy Policy available here will apply.

For end users located in the US, the controller is Togetherall Limited and the U.S Privacy Policy available here will apply.

For end users located in the EU, the controller is Togetherall Limited and the UK Privacy Policy available here will apply.

By accessing Our website, using Our services, or otherwise providing Us with Personal Data, You authorise Us to collect, use and disclose Your Personal Data in accordance with this Privacy Policy. This Privacy Policy applies in addition to and does not limit Our rights and obligations under the Privacy Act 2020.





  • ‘Account’ means a Members’ Site personal account;
  • ‘Bricks’ means a way for Members to express creatively through drawing or by uploading their own images and adding text on Our platform.
  • ‘Courses’ means a place where a Member can enrol and take part in interactive group courses on a variety of topics to help them feel more in control of their emotional health.
  • ‘House rules’ means the House Rules applicable to Members accessing the Site.
  • ‘Journal’ means a place a Member can use to note down what they have been up to and what they have been going through.
  • ‘Member’ means an individual that has registered as such on the Site and has had a Member Account set up on the Site and ‘membership’ shall be interpreted accordingly.
  • ‘Member Terms’ means the Terms of Use which incorporate Our House Rules and Privacy policy detailed on the Site from time to time.
  • ‘Site’ means our website located at
  • ‘Talkabouts’ means the areas of the Site where Members can share their thoughts with fellow Members to share and discuss what’s on their mind, gain support and advice.
  • ‘We’, ‘Us’ and ‘Our’ means Togetherall NZ Limited, a company registered in New Zealand under company number 3693795, with a registered office at 511 Rosebank Road, Avondale, Auckland, 1026.
  • “You”, “Your”, “Yourself”, “You’ve” means the: (i) Members and other individual end users that access Our Site, requests or receive any of Our services and/or interact with Us by any means (email, phone, etc.); and (ii) the staff of Our customers (“Customers”) that interact with Us for the purpose of managing the services We provide to the Customer (“Customer’s Users)”.
  • “The Wall” means the areas of the Site where Members can post and interact with other users, including professionals.
  • “Wall Guides” means professionals assigned by Togetherall to provide guidance to Members.


Who we are

For the purpose of the Privacy Act 2020 (“Privacy Act”), the agency collecting and storing Your Personal Data is Togetherall NZ Limited.


How to contact Us

Please refer to the “Contact” section of the Togetherall website.


Purpose of this Privacy Policy

Here at Togetherall We take Your privacy rights very seriously and We seek to ensure the highest standards of compliance. We fully comply with all applicable data protection laws, including: (i) the Privacy Act and other applicable privacy law (“Data Protection Legislation”).
Our Privacy Policy explains how We collect, use, disclose and retain Your Personal Data and how You can protect Your privacy when You use the Site.
Our services are available to individuals who are 16+ years old and are not intended for children. We do not knowingly collect data relating to children. You can report any knowledge of a child accessing Togetherall and providing Personal Data by using the ‘Report’ or ‘Ask a Wall Guide’ buttons.
It is important that You read this Privacy Policy together with any other privacy notice or fair processing notice We may provide on specific occasions (e.g. when We are collecting or processing Personal Data about You), so that You are fully aware of how and why We are using Your Personal Data. This Privacy Policy supplements other notices and is not intended to override them. Please also read our Privacy Policy in conjunction with Our Member Terms available on Our Site.


Changes to Our Privacy Policy

This is Our Privacy Policy and it supersedes any earlier version. Please note that We regularly review Our Privacy Policy and from time to time We will update and amend the policy accordingly.
We will always post any changes to Our Privacy Policy on this section of Our Site. If We make changes to the way that We use Your Personal Data, We will inform You via email or similar means.
If You have any queries or complaints in relation to this Privacy Policy, please contact Us using the “how to contact Us” section above, We will always value Your feedback. You can raise a complaint by following the procedure under the “complaints” section of this Privacy Policy


Protecting Your privacy and identity

Our main aim in providing The Wall is to provide a safe place for Members to share their thoughts, feelings and discussions with others in a confidential environment, where Your anonymity is respected.

We use appropriate administrative, physical and technical safeguards to protect Your Personal Data from loss or theft, unauthorised access, use or disclosure, or modification or destruction. For example, We train Our personnel to protect Your privacy and require them to comply with Our policies and procedures that protect Your Personal Data. In addition, We limit access to Your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your Personal Data on Our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach. We use computing systems in secure facilities to store Your Personal Data in an encrypted form. Data between our servers and a client browser is transferred via HTTPS/TLS. This means that Your Personal Data is encrypted between the device and Our external host storage.
We use best practice in the development of Togetherall to ensure that information privacy principles are met. We only collect Personal Data We actually need for Our specified purposes. We ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We have controls and processes in place to challenge, assess and review current and proposed changes to data processing.


Personal Data, Special Category Data and non Personal Data

“Personal Data”, has the meaning given to “personal information” under the Privacy Act 2020.
“Special Category Data” means Personal data that includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.

We may collect, use, store and transfer different types of Personal Data and non-Personal Data about You which We have grouped together as follows:

a. Registration Data: We process the following registration data;

  • date of birth
  • email address
  • postcode
  • telephone number
  • ethnicity (optional)
  • health and wellbeing information (optional)
  • gender (optional)
  • employment / work status (optional)
  • lifestyle / family / marital status (optional)
  • information about other sources of support (optional)
  • information about where you heard about Togetherall

b. Customer’s Users Data: Personal Data collected and generated when a Customer’s User opens a user account, manages the services We provide to the Customer and interacts with us including:

  • date of birth
  • email address
  • username

c. Technical and Location Data: We will collect and store Members time zone and country upon registration, then all relevant IP addresses to Members and other end users accessing the Site along with their login data, browser type and version, operating system and platform, and other technology on the devices they use to access Our Site.

d. Personal Information within Member Content:
Information posted whilst using Our Site for example within Bricks, Talkabouts, Journals or Courses (refer to Our definitions section at the start of this document) sessions, subject to Your privacy settings or when You interact with Us including by phone and email.

e. Membership Data: Personal Data You provide to us, when You request access to Our services through Your insurance provider, Your university, college or employer or the organisation who referred You to Our service, to ensure eligibility.

f. If You fail to provide Personal Data
Where We need to collect Personal Data by law, or under the terms of a contract We have with You, and You fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter into with You (for example, to provide You with Our services). In this case, We may have to cancel a service You have with Us, but We will notify You if this is the case at the time.


How We collect Your Personal Data and why do We have it

We will only use Your Personal Data when Data Protection Legislation allows Us to. Most commonly, We will use Your Personal Data in the following circumstances:

  • Where We need to perform the contract We are about to enter into or have entered into with You.
  • Where it is necessary for Our legitimate interests (or those of a third party) and Your interests and fundamental rights do not override those interests.
  • Where We need to comply with a legal obligation.

Generally, We do not rely on consent as a legal basis for processing Your Personal Data although We will seek Your consent, or give you the chance to opt-out in light of our latest communication, before sending third party direct marketing communications to You via email or text message. You have the right to withdraw consent to marketing at any time by contacting Us.


How We collect Special Category Data and why do We have it

Support Network: During the registration process to access Our Platform We give You the option to provide Us with Your Ethnicity. When We do collect this special category data We do so to help ensure that We are meeting the needs of diverse population and serving Our populations appropriately, in line with Our charter to be inclusive for all.
We will only use confidential information (including Special Category Data) about Your health and care, where this is allowed by law and there is a clear legal basis to use it. Our overall aim is to help improve Your mental health, after all Our goal is to eradicate mental health globally.

We will generally request Your consent before We process Your confidential information relating to Your treatment or safeguarding and other Patient Data. However, in circumstances where We need to use this information to provide You with the care and treatment You need or request, or where We are concerned about Your safety or the safety of another person, We may process Your health related or safeguarding information using a legal basis, and a condition for processing, other than consent. This may include substantial public interests or the substantial public interests of another, a legal obligation We hold as an organisation or for a public task in the area of public health.

Please note that We will only rely on Vital Interests as a lawful basis and condition for processing Your Personal Data in situations of risk where You are physically or otherwise incapable of giving consent or when We need to comply with a duty of care towards You pursuant to applicable laws.


Purposes for which We will use Your Personal Data

We have set out below, in a table format, a description of all the ways We plan to use Your Personal Data, and which of the legal bases We rely on to do so. We have also identified what Our legitimate interests are where appropriate. Should the purpose for which We will use Your Personal Data change, and consent is Our lawful basis for processing, You will be informed and consent re-obtained.

Note that We may process Your Personal Data for more than one lawful ground depending on the specific purpose for which We are using Your data. Please contact Us if You need details about the specific legal ground We are relying on to process Your Personal Data where more than one ground has been set out in the table below.
If You would like to opt out of any or all of the processing activities mentioned below please get in touch with Us using the information under the ‘Contacting Us’ section above. It may not be possible for opt out of a processing activity if We are required to keep it by law or if We hold it in connection with a contract with You.


Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest and conditions for processing Special Category Data
To register You as a new Member or Customer’s User and maintain Your registration

(a) Registration Data

(b) Membership Data

(c) Customer User’s Data

(a) Performance of a contract with You

(b) Necessary for Our legitimate interests

We collect Members’ date of birth and email address to register the new Members and other information necessary to create the Member account. More particularly, We use Your date of birth to confirm Your eligibility for Membership. If You have registered using Your postal code, We will also collect this information to confirm Your eligibility for Membership. If You have registered via Your insurance provider, We use Your membership data to verify Your eligibility through said provider.

(c) Consent: in relation to the optional “ethnicity” field included in the Members’ registration form, the lawful basis for processing, and Condition for processing are consent.

Administer the Site and Your Membership

(a) Registration Data

(b) Membership Data

(c)Technical Data

(d) Member Content

(e) Customer User’s Data

(a) Performance of a contract with You

(b) Necessary for Our legitimate interests

We use Your Personal Data to present it to You in ‘My Account’. We may also use Your Personal Data to:

  • Investigate any suspected breaches of, and enforce Our House Rules and Terms, e.g., to help Us determine if a Member has registered more than once.
  • Process and deal with any complaints made by or about You.
  • Investigate usage of the Site that may be inappropriate.
  • Comply with any legal obligation.
  • Seek compensation from You or take other action including legal action as set out in the Member Terms.

To manage Our relationship with You which will include:

(a) Notifying You about changes to Our terms or Privacy Policy

(b) to Communicate with You: for instance, messages about the Site and Your Membership, and notifications about new content and activity on the Site pertinent to You

For further detail see below: How We collect Member Content and why do We have it

(a) Registration Data

(b) Technical Data

(c) Customer User’s Data

a) Performance of a contract with You

(b) Necessary to comply with a legal obligation

(c) Necessary for Our legitimate interests (to keep Our records updated and to study how customers use Our products/services)

To provide You with the care and support You need or request (as applicable) and Keep You or another person safe

(for further detail see below: (i) Risk and Crisis situations (Risk Management) and (ii) How We collect Special Category Data and why do We have it)

(a) Registration Data

(b) Member Data

(c) Member Content

(a) consent, substantial public interests

(b) Necessary to comply with a legal obligation, substantial public interests, vital interests

(c) protection of vital interests: In circumstances where We are concerned about Your safety or the safety of another person, and You are physically or legally incapable of giving consent (or if applicable, We need to comply with a legal duty of care), We may process Your Personal Data to keep You or another person safe, for more information regarding this please view Our ‘Risk or crisis situations (Risk Management)’ section.

To contact You & To improve Our services

(a) including whether You’d be interested in participating in any research projects. You may also turn these emails off in Your ‘Account Settings’ section

(b) to ask You to partake / complete surveys: We may present a research survey to You and collect Personal Data from You if You agree to participate. We will inform You about why We wish to collect Your Personal Data and ask You for Your consent before collecting it.

(a) Member Content

(b) Survey

(a) Necessary for Our legitimate interests (To improve Our services or for medical or scientific research)

(b) Consent

To administer and protect Our business and Our Site:

including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Registration Data

(b) Technical Data

(a) Necessary for Our legitimate interests (for running Our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To use data analytics to improve Our Site, products/services, marketing, customer relationships and experiences

(a) Technical Data

(b) Member Content

(c) Customer User’s Data

Necessary for Our legitimate interests (to define types of services, to keep Our Site updated and relevant, to develop Our business and to inform Our marketing strategy)



Anonymised Data

We may use Your Personal Data to create data sets and reports that contain anonymised data that cannot be used to identify You. Anonymised data could be derived from Your Personal Data but is not considered Personal Data (as You cannot be identified from this data). We use such reports and data, and may disclose them to external parties, such as funding sources, for: statistical, analytical and reporting purposes; research; and for evaluating and enhancing the Site or improving the service. For example, We may aggregate part of Your Site usage data to calculate the percentage of users accessing a specific Site feature. We may produce reports that identify how many Members live in different geographical areas by using Your postal code along with that of other Members.


Risk or crisis situations (Risk Management)

In the rare situation where We feel that You or someone else is at risk We may use Your Personal Data to escalate risk to the appropriate external support mechanisms. We have a duty of care to ensure that We provide a safe space to support You, if We cannot achieve Our mission and We believe there is a significant risk, Our legal obligation means We may have to escalate externally. Here Your Personal Data will be required to provide You with the appropriate support. Of course, this decision will always be made with a considered approach by Our team of qualified Senior Clinicians.

The external support mechanism will need Your Personal Data to provide You with the appropriate support. External support mechanisms may include; the appropriate representative from Your commissioning body (such as Your university, college or employer), the organisation who referred You to Our service(s), Your GP and/or the emergency services.


How We may disclose Your Personal Data

We require all third parties We share Personal Data with, to respect the security of Your Personal Data and to treat it in accordance with Data Protection Legislation.
Often We may need to share Your Personal Data with other service providers in order to facilitate the running of the Site. For example, third parties associated with hosting server co-locations. When this happens, We implement strict contractual agreements with such third parties. We do not allow Our third-party service providers to use Your Personal Data for their own purposes and only permit them to process Your Personal Data for specified purposes and in accordance with Our instructions. We will only disclose your health data to third parties as specified above (see “How We collect Special Category Data and why do We have it” and “Risk or crisis situations (Risk Management)”).
We may disclose Your data to Our employees, and agents to administer Your membership and the services provided by Us now or in the future.

We may also disclose Your Personal Data to third parties:

  • when this is necessary for the purpose of the services We provide to You (e.g. We may share information about the Therapy sessions You receive with the person that prescribed the sessions or referred You to Us, or with Your insurance provider to confirm Your eligibility where You request access to Our services through said provider;
  • if We are required to do so by law or to comply with any legal obligation;
  • in order to enforce or apply Our Terms and other agreements; or
  • to protect the rights, property, or safety of Togetherall Limited, Our customers, or others.

This includes exchanging information with other companies and organisations such as the police, regulatory bodies or legal advisers for the purposes of security, risk reduction and fraud protection. For example, We may disclose Your Personal Data to the police in connection with any alleged criminal offence.

We may disclose Your Personal Data to any member of Our group, which means Our subsidiaries, Our ultimate holding company and its subsidiaries.

We may disclose Your Personal Data to third parties to whom We may choose to sell, transfer or merge parts of Our business or Our assets, but this will always be on a “need to know basis” and in compliance with Data Protection Legislation. Alternatively, We may seek to acquire other businesses or merge with them. If a change happens to Our business, then the new owners may use Your Personal Data in the same way as set out in this Privacy Policy.



Business Customers

This section does not apply to Members and only applies to the representatives of our business customers.
We may also use Your Personal Data to send You and keep You updated with information by e-mail or message through the Site about existing and new services from Us and to send You information by e-mail or message through the Site about related products or services of selected third parties that may be of interest to You.
If at any time you wish to no longer receive our marketing emails, or no longer consent to our use of the tracking pixel, an unsubscribe link is found at the bottom of every email where you can opt out.

You have the right at any time to stop Togetherall from contacting you. If you no longer wish to be contacted for marketing purposes, please email


This section applies to Members of the Togetherall platform.

To opt-out of receiving these messages as a Member or as an Account holder, You can also use the facility contained in any such communication or change Your ‘Account settings’ through Your Togetherall profile on the Site. You may also contact Us to opt out using the information under the ‘Contacting Us’ section above: please state Your member name, and from whom You do not wish to receive further communications.

Also see the ‘Your Rights’ section below, for information about how to withdraw Your consent to receive these messages.


Retention and destruction of Personal Data

We only keep Your Personal Data for so long as it is necessary to fulfil the purpose for which it was collected and to comply with guidelines for the retention of health records and also for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, We consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Your Personal Data, the purposes for which We process Your Personal Data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. We will keep Your Personal Data for a period of 8 years after You or We have closed Your Member Account, or if You have not logged into Your Member Account for more than 8 years. After that 8-year period We will delete all of Your information securely in accordance with Our data destruction policies unless You contact Us to reactivate Your Member Account in that period.

We may retain Your Personal Data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation in respect to Our relationship with You.

We may retain some information in anonymised form, for example for statistical analysis and research purposes, but We do not retain any Personal Data after the expiry of the 8-year period from the date of closure or expiry of Your Member Account.


Where We store Your Personal Data

If You are located in New Zealand, all Personal Data, including Member Content, You provide to Us is stored and processed on Our secure servers located in the UK or the European Economic Area (“EEA”). This data may be processed by our staff internationally, but only on a “need to know” basis, and always under a duty of confidentiality. We may transfer Personal Data outside of the EEA, the UK or New Zealand (as applicable) to: (i) provide 24/7 care in urgent or risk situations; or (ii) seek specialist support and advice from specialist consultants located outside the EEA, the UK or Zealand, but We will implement adequate safeguarding controls where this is the case.


Accessing Your Personal Data

When Your Member Account is still active (i.e. You have logged-in within the previous 8 years, You may login to Your Member Account on the Site at any time to view Your Personal Data. If Your Member Account has expired, You may reactivate it by contacting Us using the contact form or +44(0)203 405 6196. We will generally be able to reactivate Your account for a period of two weeks in order for You to access and copy Your Personal Data and Member Content. You may update Your email address at any time by logging in and accessing ‘Account Settings’.

Tip: You may click on Your My Profile picture and see all the Member Content You have posted in one place. You may also see all Your Bricks, Talkabouts and Course content by visiting those sections of the Site.

You have other rights to access and correct Your Personal Data under Data Protection Legislation. See the ‘Your Rights’ section below.



If you opt-in to receiving our emails, you are consenting to our use of a tracking pixel.

A tracking pixel operates in a similar way as cookies are used in web browsers. A tracking pixel is usually part of electronic mail marketing. We use the tracking pixel to gather data on how our email activity is received such as, but not limited to, device, IP address, open time, link activity and website activity if a user clicks through to our website from our marketing emails. We use this information to create a better site experience for you and our customers, help personalise emails and tailor the site experience for all who opt in to hear from us.

Our Sites use certain cookies, pixels, beacons, log files and other technologies. Please see our Cookies Policy to learn about the cookies we use and how to manage your preferences.


Privacy policies of other websites

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. Please note Our Privacy Notice only applies to Our Site, if You click on a link to an external website You should read their privacy statements. We do not accept any responsibility or liability from the actions or omissions of any third-party websites which You may access.

Such third-party websites are not investigated, monitored or checked for accuracy, appropriateness, or completeness by Us, and We are not responsible for any websites You may access via a recommendation or suggestion on the Site. Inclusion of, linking to or permitting the use or installation of any third-party website or any third-party applications, software or content does not imply approval or endorsement by Us. If You decide to leave the Site and access a third-party website or to use or install any third-party applications, software or content, You do so at Your own risk.

We are not responsible for the policies, content or security of these linked websites, including how they protect Your privacy and collect, use and disclose Personal Data. We strongly encourage You to review the privacy policies applicable to any linked websites You visit.

We do not have any control over the use to which third parties may put Your data where You choose to purchase products or services or otherwise to contact them via the Site and We take no responsibility or liability for such use by third parties. Please check any policies on such websites before You submit any Personal Data to them.


Your data protection rights

If You wish to make a data subject request, please contact Us by any of the means specified in the How to Contact Us section above.


Your right of access

You have the right to request copies of Your Personal Data which We hold, this is known as a subject access request. You can also view the latest Personal Data We hold on Your Member Account by logging into Our platform and viewing the “Account Settings” section.


Your right to rectification

This enables You to have any incomplete or inaccurate Personal Data We hold about You corrected, though We may need to verify the accuracy of the new Personal Data You provide to Us. If You would like to do this, please contact Us and let Us know the information that is incorrect and the information You want it replaced.



We will not usually charge a fee although we may exercise the right to charge a reasonable fee to access or correct Your Personal Data.


Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if Your request is particularly complex or You have made several requests. In this case, We will notify You and keep You updated.



Access to Your Personal Data may be refused in accordance with the Privacy Act 2020. For example, if making the information available would reveal Personal Data about another person or if We are legally prevented from such disclosure.



If You have any complaints about the way in which We have used Your Personal Data and these have not been addressed by contacting Us first, You can contact the relevant supervisory authority which in New Zealand is the Office of The Privacy Commissioner (“OPC”). We would, however, appreciate the chance to deal with Your concerns before You approach the OPC so please contact Us in the first instance (see “How to contact Us” section above).