What kind of help do you need?
Effective date: 8 April 2020
This privacy notice is for people who use the SilverCloud platform and programs on this site as a client or coach.
SilverCloud Health provides its platform to the Health Service Executive (HSE). In this notice we will tell you how we process your personal data on behalf of the HSE. The HSE is the ‘data controller’, which means they decide how and why your data is processed, and SilverCloud is the ‘data processor’, which means we follow their instructions. We also refer to the HSE as ‘your service’ in this privacy notice. The HSE may also have a privacy notice that is relevant to you.
SilverCloud also uses some of your data to understand how the SilverCloud platform is used and could be improved. When we collect or use your data on our own behalf, SilverCloud is the ‘data controller’.
Contact details for SilverCloud are listed at the bottom of this notice.
How we collect your personal data
Your data is collected by SilverCloud in a few ways:
- Data you give directly
- Data given about you (by a client or coach)
- Data we collect automatically when you use SilverCloud
What personal data we collect and use
Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers, including what your service has asked SilverCloud to collect.
- Contact details
- Optional personal information
- Health data
- Data about your use of SilverCloud
- Feedback data
Your name, email address (for notifications), etc.
Optional personal information
Interests, likes/dislikes, profile image, etc.
Data about your health is considered ‘special category’ data.
Your SilverCloud program; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries; messages between clients and coaches; etc.
Data about your use of SilverCloud
Your invitation, when you first signed up, pages and sections viewed, other actions you take on SilverCloud, emails sent to you, server errors that affect you, etc.
When you log in and log out, your IP address, browser type and version, time zone and language, notification preferences
Your login details (username, encrypted password)
Your feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud.
Data we do not collect
SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.
How and why we use your personal data
SilverCloud processes your data for specific purposes and where there is a legal basis.
- Provide SilverCloud platform and programs
- Technical support
- Understanding usage and improving service
Provide SilverCloud platform and programs
SilverCloud collects and processes your data under a contract with the HSE in order to provide you with secure access the SilverCloud platform and programs.
This includes displaying program pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notification, etc.
It also includes inviting and managing clients and coaches, coaches reviewing client progress and results, and, if your service requires, working with their health record systems.
Your service is responsible for determining the purpose and legal basis under which they use your data and have SilverCloud process it.
SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.
Understanding usage and improving service
SilverCloud analyzes personal data to understand usage and to help us improve the platform and programs.
SilverCloud processes data for this purpose on behalf of your service and also on our own behalf.
Most analysis uses anonymous aggregate data (for example, average length of time spent on the platform). Some analysis uses individual data, with additional safeguards in place such as anonymisation, use of pseudonyms (pseudonymisation) and limiting the set of individual data (data minimization). This analysis may include profiling, machine learning or other techniques.
Where SilverCloud is processing your data for these purposes on its own behalf it is necessary for our legitimate interests or those of a third party (such as our customers):
- understand efficiency and effectiveness of SilverCloud’s services
- identify opportunities for improving services, components or tools
- provide customers with an understanding of how their use of the service might be improved
- provide statistical and market data to guide business development
- identify and understand trends in interactions with the SilverCloud platform
We also believe that this processing does not undermine your fundamental rights and freedoms.
Where we process your special category personal data for this purpose, the processing is necessary for scientific research purposes or statistical purposes (GDPR Art.9(2)(j)), and we ensure appropriate safeguards, mentioned above, are in place.
You have rights regarding your personal data. If you have any questions please contact the HSE or SilverCloud.
Right to information about processing of your personal details
The aim of this privacy notice is to give you this information.
Right to access your personal data
You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.
Right to change or remove your details
You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.
Right to object to processing
You can object to processing if it could affect your rights, freedoms or interests.
Right to data portability
We will provide your data in a portable format.
Right to lodge a complaint
You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact your service first.
Contact details for the Data Protection Commission can be found at https://www.dataprotection.ie/.
We use third party sub-processors to host the SilverCloud platform and communicate with you.
Armor Defense Ltd, 268 Bath Road, Slough, Berkshire, SL14DX, United Kingdom
We use Armor Defense to host the SilverCloud platform and database.
Location of processing: EU
Armor Terms of Service (See "TERMS OF SERVICE AGREEMENT - EMEA & Asia Pacific")
Amazon Web Services
Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg
We use Amazon Web Services to host the SilverCloud platform and database, to store encrypted backups and send email notifications.
Location of processing: Germany and Ireland
Zendesk International Limited, One Grand Parade, Dublin 6, D06 R9X8, Ireland
We use Zendesk to handle technical assistance communication.
Location of processing: EEA and US (under EC SCCs and BCRs)
Links to other websites
You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.
Data security and storage
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud.
SilverCloud maintains ISO 27001:2013 certification.
Retention of personal data
SilverCloud shall retain Personal Data in accordance with our Personal Data Retention Policy (Read an extract).
In summary, we retain personal data on the platform while your account is open and for 3 months after account closure. We retain technical support queries for 5 years.
SilverCloud intends to close accounts on this site after 12 months.
Aggregate and anonymous data may be retained indefinitely by SilverCloud.
Privacy notice changes
We will revise this privacy notice when necessary and we encourage you to check back in future for changes.
- 8 April 2020
- We added detail on data retention and removed text that is not applicable to the services provided on this site.
If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:
One Stephen Street Upper
SilverCloud's Data Protection Officer (DPO) is BH Consulting:
SilverCloud Health Data Protection Officer
The LINC Centre
Blanchardstown Road North