This notice tells you what to expect when Moodbeam Ltd uses your personal data.
It does not provide exhaustive detail of all aspects of our collection and use of personal data, but we are happy to provide any additional information or explanation needed.
Any requests for this should be sent to firstname.lastname@example.org.
This privacy notice applies to information we collect about:
- • Users of our application and connected devices;
- • People with whom our users choose to share data collected by our device and application.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 6th November 2019.
Who is Moodbeam Ltd?
Moodbeam Ltd (Moodbeam) is a limited company registered in England & Wales No 10349738 and our registered address is:
Centre For Digital Innovation, C4di At The Dock, 31-38 Queen Street, Hull, England, HU1 1UU, UK.
Moodbeam is committed to protecting and respecting your privacy and our use of personal data is aimed at helping us achieve these aims and to provide our users with the best, most insightful application experience we can.
If you have any questions or concerns about our personal data policies or practices, please contact us at the address above or:
Moodbeam as a Data Controller
When using your personal data, Moodbeam is a "Data Controller". This means that we are responsible for deciding how we hold and use your personal data.
You may also authorise us to share your information with other organisations e.g. with your employer when you choose to participate in an employee assistance program or with a healthcare provider as part of your treatment under them.
In these cases, those organisations are Data Controllers in their own right and their use of your information will be governed by their privacy policies.
If you are not sure, you have the right to ask us – at any time – who we may be sharing your personal data with. You can also revoke your consent to share with other Data Controllers by contacting us at email@example.com.
The European Union’s General Data Protection Regulation provides you with certain rights. A good explanation of them (in English) is available on the website of our national privacy regulator, the Information Commissioner’s Office.
In the UK you have rights as an individual under the Data Protection Act 2018 which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
A right to information and access
You have the right to know whether Moodbeam is processing your personal data and to have access to the personal data we may have about you.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who we might have shared the data with; what the source of the information was (if you didn’t provide it directly to us); and how long it will be stored for.
Reasonable access to your personal data will be provided at no cost upon request made to firstname.lastname@example.org.
To make sure we do not disclose your information to someone else, we may ask you to provide information to confirm your identity. This may include asking you to provide identification documents.
If access cannot be provided within 30 days, we will provide you with a date when the information will be provided.
If for some reason access is denied, we will provide an explanation as to why access has been denied.
A right to correct
You have a right to correct the information we hold about you if it is inaccurate. Where we need to investigate the accuracy of the data, you have the right to request we restrict our use of that data.
A right to erasure
You may request that we erase the data we hold about you; but this is not an absolute right and is subject to exceptions. Where we have a lawful reason to retain your data even when you request we delete it, you have the right to restrict our use of your data to that reason only.
You can delete your account by:
• contacting us by email to email@example.com
If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information e.g. the data stored in our backup systems.
If you have taken steps to share your data with other Moodbeam users, you also have the option to remove access to the information other users hold about you on their app by removing their name from your shared contacts list. Once you have removed a user from your shared contacts list that user will no longer be able to see or access any Moodbeam data linked to your profile.
Be mindful that if you only delete our application from your device without submitting a request for your personal data to be deleted, your account and associated information will still be stored in our servers.
A right to not be subject to automated decision making
You have the right to object to a decision which has been made solely by automated reasons. Essentially, this right allows you to request that the decision is reviewed by a human. We do not carry out any automated decision making but please contact us if you require any more information on how this right may apply to you.
A right to data portability
When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller in a commonly used, machine readable format e.g. csv.
A right to complain
You have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we use your personal data. In the UK this is the Information Commissioner’s Office – www.ico.org.uk/concerns.
The reasons we can lawfully use your data
We only use your personal data when we have a lawful basis to do so.
Data Protection legislation sets out a number of these, but the ones we most commonly use are:
In most situations, we collect and use your personal data with your consent e.g. when you use button presses to record how you feel or when you ask us to share your information with another user.
Performance of a Contract
In some cases, we need to use your personal data in order to provide the goods and services you have asked us for (or to allow others to do so on our behalf).
i.e. to provide you with the ability to track your mood, record journal events and make that information available to the people you choose to share it with.
If the law requires us to, we may need to collect and process your data.
We may use your personal data to pursue our legitimate businesses interests in a way which might reasonably be expected as part of running our business as long as it does not materially impact your interests, rights and freedoms.
These legitimate business interests can include:
• enhancing, modifying, personalising or otherwise improving our application and related communications for the benefit of our users;
• understanding how people interact with and use our application.
This can also apply to uses which are in your interests and those of others such as those which
• identify and prevent fraud or other illegal activity;
• enhance the security of our network and information systems.
You have the right to object to our processing of your personal data for our Legitimate Interests at any time. Please contact us if you have any further questions about our use of your data in our legitimate interests.
Where is your data stored?
Moodbeam uses Amazon AWS and Google Cloud services to securely store and manage personal and MOODDATA for our users. You can find out more about the services provided by Amazon AWS and Google Cloud via their own websites. To find out more about Amazon AWS please visit their knowledge base (https://aws.amazon.com/premiumsupport/knowledge-center). To find out more about Google Cloud services please visit their website (https://cloud.google.com/security/).
When do we collect your personal data?
• When you create an account;
• When you register a device to that account;
• When you use the device to record your MOODDATA;
• When you add journal or other information to your account using the app;
• When someone chooses to share their MOODDATA with you.
What personal data do we collect?
The amount of information we collect about you depends to a great extent on how you use your Moodbeam device and make use of additional functionality within the app e.g. by recording journal notes next to your MOODDATA entries.
The table below sets out the main categories of personal data we collect although this may not be an exhaustive list.
• Your name and email address.
• Date of birth.
• Gender (you are able to select ‘Rather Not Say’).
• Username and password
Device & Usage Data
• includes the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting.
• includes details of your use of any of our Apps or your visits to any of our sites including, but not limited to, traffic data and other communication data and the resources that you access.
Depending on how you use the Moodbeam device and application, we may gather information about your habits and activities.
This is information you log in your journal which may include details of your activities and other life events.
Special Categories Data
While not medical data, the information you provide about how you feel provides insight into your mental health and could be used in conjunction with a professional as an informal record to aid any counselling or other treatment you are receiving.
This includes aspects of the information about your sleep and activity patterns which are collected by the Moodbeam device while you are wearing it.
It also includes some types of information you log in your journal which may include details of your lifestyle, information about smoking and drinking habits, medication.
This information is collected when you choose to provide it – by using a button press to indicate how you feel or making a journal entry.
How do we use it and why?
|Purpose (How)||Categories of Data Used||Lawful Basis (Why)|
• To install the app and register you as a new App user.
Performance of our contract with you.
• To take reasonable steps to identify those users for who we may need additional sign up steps or protective measures as required by law e.g. to identify users under the age of 13 for whom we need to obtain parental consent.
Compliance with a Legal Obligation.
• To provide you with access to a log and a visual representation of the factors which affect how you feel.
• To administer our business and this App including troubleshooting, data analysis and system testing.
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
The data of children
The Moodbeam story began with our founder needing a way to help her daughter deal with a tough situation at school and log how she felt so they could talk about it when their day allowed.
Unless the app and device are being used in the context of preventive or counselling services offered directly to a child, parents or guardians must consent to the use of the personal data of a child under the age of 13.
If we learn we have collected the personal information of a child under the age of 13 without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at firstname.lastname@example.org.
Using your data for research and measurement purposes
We want to give you the best possible experience and provide you with real insight into how you feel.
One way to achieve that is to get the richest picture we can of our users as a whole and by groups.
We then use this picture to offer you additional insights such as how you compare with our users as a whole or with others like you based on indicators such as your age range or gender.
We also combine this with external information such as news events or weather patterns to provide insight into how these affect the mood of our users as a whole.
e.g. We may use aggregated information about our users to provide insight into how the Christmas holidays affected the general mood of our users.
When we use your information in this way, we only do so in a de-identified, consolidated format in which information identifying you as an individual has been removed. We only conduct analysis and research on this separate dataset and never on your individual account.
How we protect your personal data
We take the privacy of our customers and the security of their data seriously. With this in mind we maintain physical, technical and administrative safeguards.
We secure access to our application using SSL encryption meaning that any information you give us through the application remains private and secure.
We restrict access to your general account information to those employees who need that information to perform their role and help provide services to you.
Only certain employees are able to see the information you record using the device and app and their access to this information is closely monitored and allowed only in response to a direct request from you for technical support.
We provide training to all our employees about the importance of maintaining the confidentiality and security of your information.
Please contact us if you have any questions about the security measures we have in place.
How long will we keep your personal data?
We’ll only keep your personal data for as long as is necessary for the purpose for which it was collected and to comply with applicable law or resolve disputes. This means we set retention periods for all the personal data we collect.
When that retention period has passed, your data will either be completely deleted in a secure manner or anonymised e.g. by aggregation with other data in a non-identifiable way for statistical analysis and service planning purposes.
How long we will keep your data for depends on the nature of the relationship we have with you. Please contact us if you would like more details, but some examples of data retention periods are:
We retain this information for as long as you have an account with us and choose not to delete it because we use this data to provide you with your personal dashboard and other aspects of our services.
Who do we share your personal data with?
We do not reveal your personal data to third-parties unless:
• you request or authorise it e.g. if you use the app to share your MOODDATA with your family members or friends; or
• the information is provided to comply with the law (for example, to comply with a court order); or
• to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes exchanging information with law enforcement organisations for the purposes of the detection or prevention of crime; or
• the information is provided to protect your health, safety or other vital interests or the health, safety or other vital interests of another; or
• the information is provided to our sub-contractors, agents, vendors or service providers who perform functions on our behalf; or
• to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Examples of the kind of third parties we work with
IT, software and SaaS companies who support our application and other business systems.
These include Amazon Web Services and Google who provide the infrastructure on which our application is built.
These companies are data processors for Moodbeam Ltd which means they only use your data in order to provide the technical services we ask them to.
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example:
We may, from time to time, expand, reduce or sell Moodbeam Ltd and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice. Where your personal data may be processed
As part of our commitment to your Privacy, we usually opt to have your data stored in the UK or EU where possible.
Our application servers are all in data centres located in the EU and our application does not transfer your data outside the EU for any reason.