Personalised Mental Health Privacy Policy


Please read this privacy policy carefully before logging into the Personalised Mental Health App.

Scope of policy

For the purpose of this document, the Data Protection Legislation shall mean any data protection legislation from time to time in force in the UK including the Data Protection Act 1998 or 2018 or any successor legislation and (for so long as and to the extent that the law of the European Union has legal effect in the UK) the General Data Protection Regulation (EU) 2016/679) and any other directly applicable European Union regulation relating to privacy.

Who we are

MindLife is a company registered in the UK that develops cutting edge solutions combining digital applications with advanced mental-health science. MindLife provides the Personalised Mental Health website, services and digital app which allows therapists to enter anonymised data about the obstacles patients encounter during therapy and the strategies to overcome them.  The purpose of this is for a collaborative research project carried out by the University of Sheffield and IAPT services with the support of MindLife, for improving therapeutic outcomes.

The University of Sheffield is the “data controller” and MindLife is the “data processor” for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”).

The data we collect

MindLife is committed to safeguarding the privacy and security of all our users.

For the purpose of this service and its use by therapists MindLife only process personal information limited to the therapist’s name and email address. The Personalised Mental Health platform should not be used by therapists to enter any identifiable information provided by patients.

How we collect and store your information

We collect personal information from you through the Personalised Mental Health website and therapist registration process. Records are stored in a secure electronic environment. All MindLife staff and their contractors have a legal and contractual responsibility to respect the confidentiality of information and access to that confidential information is restricted to only those who have a reasonable need to access it. MindLife staff and their contractors all undergo regular training in how to manage and keep data safe and secure.

Purpose of processing your information and the legal basis for the processing

Legitimate interest is the legal reason why we process your personal information. Taking into account your interests, rights and freedoms, we use legitimate interests to allow us to process your personal information. These interests include:

  • Providing services for you directly
  • Keeping our records up to date for your benefit

Recipients of your personal data

Your relevant data will not be shared with any third parties. We use your information to provide secure access to the website and do not use this information for any other purposes such as sales and marketing.

Details of transfers and safeguards

Your data will remain within the European economic area or countries that are accepted by the European Commission of having adequate arrangements in place and will be held in secure data centres. MindLife are registered with the ICO under the data protection act and our registration number is ZA527795.

Retention period

In line with the University of Sheffield, we will retain anonymised data you provide for a maximum period of ten years after the end of this study. Identifiable personal data, including the key which links you to the data you provide, will be destroyed once it is clear that this will not affect the research purpose.

Your rights

Your rights under GDPR are as follows

  • a right of access to a copy of the information comprised in your personal data
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to prevent processing for direct marketing;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
  • a right to claim compensation for damages caused by a breach of the Act


Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally identifiable information possible.

You have a right to apply for access to your personal data of which you are subject, a right to a description of the data, the purpose of the processing and if the information is to be shared, who it will be shared with. This information or any actions arising from the request will be carried out within one month of the request being made.

The data protection officer responsible for dealing with individual rights requests and can be contacted using the email address: dataprotectionofficer@mindlife.net

Links to other websites and services

Our websites, services, products and solutions may contain links to other websites, products or services. Once you have used these links to navigate away from our site, you should note that we do not have any control over that other site. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the sites in question before entering any personal information on those sites.

How we use cookies

Cookie‘ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website. They let websites recognise your device so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

We use three categories of cookies defined by the International Chamber of Commerce:

  • Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account.
  • Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
  • Functionality cookies collect anonymous information that remembers choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.


Should you have any concerns about how your information is managed by MindLife, please contact the MindLife Data Protection Officer by email: dataprotectionofficer@mindlife.net. If you are still unhappy following our review, you can then complain to the Information Commissioners Office (ICO) via their website https://ico.org.uk/.