INSIDEOUT APP PRIVACY AND COOKIE POLICY

Publication Date: 12th February 2019

At InsideOut, we take the privacy and safety of our users very seriously. We have written this Privacy Policy to tell you about your rights in relation to the data you give to InsideOut when you use our App.


Who are we? We are InsideOut25 Limited, a company registered in England. Our address is: 164 Walkden Road, Worsley, Manchester, M28 7DP. If you have any questions about your privacy, data or this policy, please contact us at: privacy@insideout25.com


What Data Do We Collect? When you register with InsideOut, you, or your employer (who offers InsideOut as an employee benefit to you) give(s) us some personal details. This is so we can provide you with the services that you need or ask for.


We will inform you about our data collection by referring to this Privacy Policy and we will ask you for your consent to share data where necessary. Please note that without your consent, we cannot provide all of our services, so if you do not want to consent (and that's totally up to you), we are unable to offer you the full range of services.


In many cases, your mobile device will provide tools to allow you to control when your device collects or shares personal data or tracking information.  For example, your mobile device may offer tools to allow you to manage cookie usage or location sharing.  We encourage you to familiarise yourself with and use the tools available on your devices.


The personal details we collect include:



  • Account Data: Login and account information, including screen name, password and unique user ID; and your use of the service.
  • Contact Data: Contact details including your name, office details, role and work email
  • Health Data: Data about your health, in particular your mental health, including: our counsellor's observations, details from video sessions, details from messaging chats and safeguarding status
  • Preferences Data: Personal preferences including your marketing and cookie preferences
  • Technical Data: When interacting with our App, data is automatically collected and shared with the InsideOut25 technology platforms.  More information about these practices is included below.  This data includes: device IDs, call state, network access, storage information and battery information, cookies, IP addresses, referrer headers, data identifying your phone and version, and web beacons and tags


To provide the App and offer the App services to you We use your personal information to provide the service you want and expect from us. The legal grounds for this is the performance of the arrangement we have with you to provide the services you've asked for.
To keep you (and others) safe Whilst our service to you is confidential, there may be a time when our counsellors are so worried about you, they share your personal information without your consent. This is only if absolutely necessary such as your life is in danger or if you are unable to give consent.

If our counsellors think that you are at risk or danger, we will talk to you about the need for somebody outside the InsideOut team to know what has happened or what is happening to you.

We would only do this if: your life is at risk because of something you are doing; or you are at risk from somebody else; or you are a risk to somebody else.

In these cases, your counsellor will use your contact details so that they can refer you to the appropriate services or get the help you need.

The legal ground for this is compliance with law and regulation.
To maintain and improve our services and run our business We may use the data you provide to improve our service. For example, we evaluate Technical Data to make sure our service is working well or whether we need to make improvements to the video conferencing tech or the App design.

We may also use Technical Data to understand more about how your use the App and your preferences.

We may also need to share data with our professional advisors. For example, to get legal advice, enforce our App Terms or to obtain insurance for our business. We also need to comply with any legal proceedings and applicable law.

If you've expressly agreed, we'll use your contact data to keep you updated about new events and services.

This type of sharing is allowed because it is in our legitimate business interests.
Using your Health Data Your Health Data is sensitive personal data. We treat it as such. We keep it secure and only use it to provide the App and the services to you, including counselling.

When you first use the App and open an account, you are required to fill in a questionnaire, which asks for Health Data. You consent to our collection and use of your Health Data information. You understand that we may share your Health Data with our counsellors, with third parties such as health professionals, emergency services, next of kin or friends where we believe that your life is at risk because of something you are doing or because you are at risk from somebody else or you are a risk to somebody else. Please note that you can withdraw your consent at any time, but if you do so, you will not be able to book any further sessions with a counsellor.

Please note that we never share your Health Data with your employer. The only thing we may share with your employer is if you have missed three or more sessions that you've booked with a counsellor.

You can ask us to update or delete your Health Data by emailing us. See the “Your Rights” and “How to Contact Us” sections at the end of our Policy.

The legal grounds we have to use your Health Data is your consent.


Who Do We Share Your Data With?InsideOut shares your personal data as follows:



  • When you select a counsellor within the App, we share your questionnaire data (including your Health Data) with them prior to your first session.
  • To our third party service providers, who process data on our behalf to provide services to you. For example, we use Amazon Web Services (AWS) to host our App within the EU. We trust AWS to keep data safe and encrypted. This is to protect it from cyber attack or hacking. AWS are GDPR compliant. This means that they meet all the required standards of the new data privacy rules. AWS do not read or access any of your data. Twilio Inc. provide our video- conferencing functionality within the App on our behalf. Twilio are based in California and have certified that they fully comply with the EU's high standard of data privacy. You can read Twilio's privacy policy here: https://www.twilio.com/legal/privacy
  • As explained above in the “Why Do We Collection Your Personal Details” section, we may share your Personal Data and Health Data with third party health care professionals, emergency services, your next of kin or friends where we believe that your life is at risk because of something you are doing or you are at risk from somebody else or you are a risk to somebody else.
  • Other third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) prevent illegal uses of our App or breaches of our Apps’ Terms and our policies; (iii) defend ourselves against third party claims; and (iv) assist in fraud prevention or investigation.
  • In the event we ever sell or transfer a portion of our business or its assets, we may transfer your data to the acquiring party.


Please note that we DO NOT share your Health Data with your employer. However, we do share service usage on an aggregated basis so that we can administer our business, which is an employee benefit. This is on an anonymous basis.

Who Do You Share Your Data With? During your sessions with your counsellor, you will be sharing your personal data, including Health Data with them. Counsellors also have to take part in ongoing training and development so they can be best placed and trained to support you. Counsellors will never identify you in any of their training or support.

How Do We Protect Your Data? Encryption & Security: We use a variety of security measures, including encryption to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems for the purposes of providing, maintaining and supporting the services which we provide to you.

How Long Do We Keep Your Data For? We retain your personal data for as long as necessary to fulfil the purposes for which we collect it, and as required by law and regulation. You have the right to request that we delete your personal data at any time. This may result in us no longer being able to provide the services to you. Please see “Your Rights” below.

Your Rights. This is a summary of your rights under data protection law. Some of these rights are very complex so we have just summarised them. You may obtain guidance from the ICO for a more detailed explanation.



  • Access: To know whether or not we process your personal data and have access to that data. Providing the rights of others are not affected, we will supply you a copy of your personal data free of charge. Additional copies may be subject to a reasonable fee.
  • Rectification: You have the right to have any inaccurate data personal data about you rectified and have any incomplete personal data about you completed. When you communicate with us, we will check the data we have stored and rectify any errors when proof is provided.
  • Erasure: You have the right to erasure of your personal data when: Personal data are no longer necessary in relation to the purpose for which it was originally collected. You withdraw consent to consent-based processing. You object to the processing under applicable law. The personal data has been unlawfully processed. We will erase the data as requested on validation of the claims, however data cannot be erased if processing is necessary for exercising the freedom of expression; for compliance; for legal obligation or to establish, exercise or defence against legal claims.
  • Restrict Processing: You have the right to restrict processing of your personal data in the same circumstances as described under ‘right to erasure’ where you oppose erasure or have objected to processing and the decision is pending. Where processing is restricted, we will continue to store your personal data, but will only process it for legal claims, for the protection of another person’s rights or for reasons of public interest.
  • Object to Processing: You have the right to object to processing of your personal data for direct marketing purposes. You can also object if the processing of your personal data is for reason of public interest, or for the legitimate interests pursued by us or a third party, or if we exercise any official authority vested in us. If you make an objection we will cease to process your data. If you object, we will cease to process your personal data unless we can demonstrate compelling reasons for that processing, which would include establishing, exercising or defending legal claims.
  • You have the legal right to lodge a complaint to a supervisory authority responsible for your data protection. We will be bound by the decision of the supervisory authority.
  • Withdraw Consent: You can withdraw consent at any time from processing of your Health Data. However, this will mean you can no longer use all the features of the App, as we are not an anonymous service.


Email us at privacy@insideout25.com to exercise any of your rights in relation to personal data.

Please note that we will attempt to reply within 14 days but during busy periods, it may take up to 30 days.

We may ask for proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill) in order to verify your identity before carrying out your requests.

Complaints If you have a concern about how InsideOut is using your data, please contact us at privacy@insideout25.com and we will strive to put your mind at rest. If you’re unhappy with our response or if you need any advice you can contact the Information Commissioner’s Office (ICO). Telephone: 0303 123 1113 or via the website www.ico.org.uk

Cookies: We do not use cookies or any other tracking devices on the App.

Changes to this Policy If we decide to change our Privacy and Cookies Policy to reflect changes in the App or the law, we will post the changes on our App and, where appropriate, notify you via the App. We strongly encourage you to read our Policy and regularly check for any changes. The date this Policy was last changed is in the heading at the top of the page.