Last Updated: 28 March 2023
1. About Tacklit
Tacklit’s purpose is to leverage the power of technology and data to help deliver better mental health outcomes. We provide tools and services to practitioners and their clients to engage and support through recovery.
For parts of our Service, through connecting Practitioners and Clients, we act in the role of the Data Processor while you are the Data Controller. We collect, store, and use your data on our servers to provide you with the ability to better maintain and improve your Services, and lawfully fulfil our contractual obligations to you. We may also use data in an aggregated and de-identified form for our own purposes where we have explicitly gained informed consent.
2. What do we collect?
We collect such information regarding our users and their interactions with our Services. We will collect relevant and necessary information depending on the nature of your relationship with our Services.
For parts of our Service, through connecting Practitioners and Clients, we act in the role of the Data Processor while you are the Data Controller. Where any data is requested from a Client by a Practitioner via a tool, survey, assessment or another other request via our Services you are responsible for making sure that your Clients’ / Patients’ privacy and associated rights are respected. As your Data Processor, we will take care to protect the privacy of your clients and will process their Personal Data in accordance with the terms of our agreement with you, and under your lawful instruction.
Personal information is information or an opinion about an individual who is identified or reasonably identifiable. The types of personal information we may collect and hold includes;
images of you, for example for a practitioner profile page
your contact details, including email address, mailing address, street address and/or telephone number;
your age and/or date of birth;
your credit card details, for example for subscription fee processing
your professional registrations
your preferences and/or opinions;
information you provide to us through customer surveys;
details of products and services we have provided to you and/or that you have enquired about, and our response to you;
your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
information about individuals who apply for a job with us, such as their name, contact details, experience, qualifications and training, academic results and current salary; and
information about individuals who are suppliers to us, or are employed or engaged by a supplier to us.
additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
any other personal information requested by us and/or provided by you or a third party.
There are some elements of your Personal information that are deemed sensitive in line with the Data Protection Act. Sensitive information is a subset of personal information that is given a higher level of protection under the Data Protection Act. This includes information relating to recording a person’s physical or psychological health for the purposes of assessing, maintaining, improving or managing the person’s health. The type of necessary health information we may collect and hold due to the nature of our Service includes;
Details of presenting symptoms as reported by a practitioner and/or a client;
Details of any referral from another healthcare provider;
Details of recovery progress as reported by a practitioner and/or a client;
Details of prior or current prescription medications;
Outcome measurement data through completion of clinical assessments;
3. How do we collect information?
We only collect information that is absolutely necessary for the delivery of our Services.
There are two primary ways we collect information;
We collect information through your use of our Services. When you visit or use our Services, including when you browse the Sites or Apps, register a User Account, and use the Platform, we will usually gather and collect such uses, sessions and related information, either independently or with the help of third-party services (as detailed below), including through the use of “cookies” and other tracking technologies.
We collect information provided by you voluntarily. For example, we collect the Personal Information you provide us when you register to our Services; when you submit or upload such Personal Information as you use any of our Services; and/or when you contact us directly by any communication channel, for example reaching our Customer Support team to help you resolve a query.
We may also obtain information about you from other sources and combine that information with information we collect from you directly, for example information from your practice manager or your business website. In addition, we may collect information about you when you post content to our pages and/or feeds on third party social media platforms.
Cookies and Web Beacons
We may use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
4. How we use your information
We process your information in line with the principles of GDPR and the Data Protection Act. We process your personal data on a lawful basis by asking your explicit consent to do so, or inline with our contractual obligation to you. Where the legal basis for us processing your personal data is that you have provided your consent, you may withdraw your consent at any time. You will not suffer any detriment for withdrawing your consent. If you withdraw your consent, this will not make processing which we undertook before you withdrew your consent unlawful.
You can withdraw your consent by contacting the us at email@example.com
By using our Service you consent that we may use your information in the following ways:
Provide you the Services and fulfil your requests: We may use your information to register you, administer your account, and provide you the information, products and services that you request. For example, we respond to your questions when you contact us, assist with any problems you report about our Services.
Enhance your experience: We use your information to personalise and enhance your experience when you use the Services, for example remembering preferences or showing you applicable recommendations.
Communicate with you: We may contact you via email, phone, SMS, push notification or other applicable messaging services as part of our overall product experience in sharing relevant information with you. We may also share information and materials that we think might be of interest to you, including information about products and services that promote health and wellness. You may unsubscribe from receiving communications about these products and services by using the unsubscribe and notifications settings in your profile, through the unsubscribe link in an email, or contacting us at firstname.lastname@example.org
Improve our Services: Your information helps us improve the content and functionality of our Services. For example, we may conduct measurement activities and analyze trends, usage and activities in connection with the Services to create new features and content to aid our Users.
Protect Tacklit and our Users: We may use information about you to detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Tacklit and others.
Creation of De-Identified Information: We may use your Personal Information to create data that is de-identified in accordance with Australian Privacy Principles. This de-identified information is not Personal Information, because it cannot be used to identify you, and may be used by us for any lawful purpose.
In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection.
5. Disclosure of personal information
We may disclose personal information to;
Practitioners (if you are a Client): Including medical groups or healthcare professionals who provide physician or other clinical services to you through our Services in line with our Client End User Agreement.
Other Service Providers: Including payment system operators; and third-party hosting and information security providers that provide computer, storage and information security resources to Tacklit.
Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred.
Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.
In addition, where it relates to sensitive health information, in line with the permitted health situations detailed in the Data Protection Act we reserve the right to use or disclose such information where we reasonably believe it is necessary to prevent a serious threat to life, health or safety. Any such disclosure will be done in accordance with the Data Protection Act.
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside the UK and acknowledge that we are not required to ensure that those third parties comply with UK privacy laws.
We never sell personal data and we carry out all processing operations in compliance with the EU General Data Protection Regulation (“GDPR”).
We may share de-identified information and other de-identified non-personal Information in all legally permissible ways.
Links to other websites
6. Storage and Security
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
7. How long we keep your personal data
We will retain your personal data for a period of twelve months after our relationship with you has ended. After this period, your personal data will be anonymised or deleted. For Practitioners, you are solely responsible as Data Controller for retaining any required information or records in line with statutory requirements relating to retaining medical records for minimum terms (current advice can be reviewed here - https://www.bma.org.uk/advice-and-support/ethics/confidentiality-and-health-records/retention-of-health-records )
8. Your Rights and controlling your personal information
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you. An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the Data Protection Act 2018, we may refuse to provide you with personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Right to object to processing: You have the right to object to processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
Erasure: To the extent permitted by applicable data protection laws, you have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
Request to restriction of processing: This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
Portability: You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.
Complaints: If you believe that we have breached the Data Protection Act and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication or via your user profile.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Platform, you will no longer be able to use the Platform following the date on which we action your request. This does not include your right to object to direct marketing which can be exercised at any time without restriction. Please allow at least 5 working days for your request to be actioned.
Save as set out above, your rights detailed above can be exercised free of charge in accordance with applicable data protection laws.
For any questions or notices, please contact our Privacy Officer at:
Tacklit UK Ltd (Company Number 12700473)
Last update: 28 March 2023