Home
Get started
What we treat
Why online therapy
Solutions
How it works
How it works
Meet the therapists
Wellbeing blog
Log in
FacebookTwitterLinkedinYouTube

Privacy Notices for the creation of an online account with Ieso Digital Health


Effective date: 25/04/2023

We are committed to protecting your privacy and confidentiality.  

Introduction

Information we collect from you

The first step that you need to take to access our products and services is to create an ieso Account.  Creating an ieso Account helps you use and manage ieso products or services you are interested in. However, by simply registering for an ieso Account you are not making a commitment to buy any ieso product or service. These are the Privacy Notices that cover the creation and use of an online account with Ieso Digital Health.  

Here we explain what personal information we collect, how it is used, shared, secured, stored, and how you can exercise choices and manage your data. These Privacy Notices reflect legal requirements, regulations, and best practice. 

For the purposes of data protection legislation, we are a data controller registered with the Information Commissioner (registration number ZA239229). If you require further information or clarification on anything below, please contact our privacy team. Full details on how to contact us can be found in section 8 below.  

By creating an online account with us, and agreeing to the associated terms and conditions, you will have entered into a contract with us which, in the UK, forms the legal basis for the processing of your personal information in relation to the account creation. If you subsequently purchase or receive any products or services from ieso, we will need to process more personal, potentially sensitive, personal information, and you will be provided with separate terms and conditions and notices.

We will not sell your personal information. 

We reserve the right to change these Privacy Notices from time to time where we have the following valid reasons: to make them easier to read or understand, to reflect changes to the scope and function of your ieso Account, our products or services or the technology used to provide them or to reflect changes in law. You shall have accepted those changes if you continue to use your ieso Account after we have posted any changes to these Notices on our website.  Alternatively, we may notify you of changes to the Notices by sending a message to your email address connected with your ieso Account.  Please read these Privacy Notices from time to time so that you are aware of any changes we may have made.

1. Information we collect

We collect the following personal information about you in several ways:  

a) Information you provide to us when you set up an online account with ieso 

  1. Registration information: email address and password 

b) Information collected automatically from your use of your online account

Certain information is collected automatically from your computer or device about your online engagement with ieso.  

This includes:  

  • Session activity information - we collect information about you from your use of your account. (E.g. when you log on and your activity on the site)
  • Device information - this includes information about whether you are using the product on a mobile, tablet or computer. This helps us ensure optimisation for relevant different devices.  
  • Log information - we collect technical information such as your Internet Protocol (IP) address, (the unique address that identifies your device or computer on the internet), your browser type and when, how often and for how long you interact with your online ieso account.  

See here or read below for further information on cookies 

2. How we use collected information (includes sharing within ieso)

We use the personal and health information that we receive under our terms with you to:

  • Enable sign-in, verify access to your account and assist with any login issues.

We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation, or, for any other reason not set out in this policy unless we have an overriding legal duty to do so.  

We have appointed a Data Protection Officer to seek to ensure that our procedures for handling your information meets with our obligations.  

3. When we share your information

Information is only shared on a strictly ‘need to know’ basis. Anyone receiving information about you will be under an equal legal duty to keep it confidential. The confidentiality of all information shared between yourself and ieso is upheld to the highest level possible.  

The sharing of information about you without your consent is strictly controlled by law. In exceptional situations therefore we may need to share information without your permission if we are required to do so by law. In such circumstances, we would inform you wherever possible. 

Transferring data outside the UK. 

We seek where possible to prevent any transfers of your personal information to countries which have not been assessed as having adequate data protection standards. 

The European Commission makes the decisions on the adequacy of the protection of personal data in third countries, and have decided that personal data can flow safely between countries in the European Union, the European Economic Area (EEA), and 12 other territories without any further safeguards being necessary.  Post UK departure from the EU, the UK has been granted adequacy by the EU, and the UK has accepted the European Commission’s adequacy decisions for the UK too, and also included Gibraltar.

4. How we secure your personal data


We place great importance on the security of personal identifiable information. We have put controls in place to safeguard the personal information that you provide, applying physical, technical and procedural measures against the loss, misuse and alteration of personal information under our control. 

All information submitted by you is encrypted in transit using best-practice Transport Layer Security (TLS) with at least 128-bit encryption. All special category data is encrypted using the industry-standard AES-256 cipher.  

We have achieved the International Standard certification for information security (ISO 27001), and Cyber Essentials Plus certification. 

Remember also that you are responsible for keeping your password secret at all times when accessing your account.

5.How we store your information


These privacy notices merely cover the personal data required to set up an account with Ieso Digital Health online. For this purpose, we use Auth0, an SaaS (Software as a System), with whom there is a Data Processor Agreements in place. They store data in the EEA but also in the United States of America, where Standard Contractual Clauses are in place to uphold your legal data protection rights. 

The retention period for retaining your email address and password within Auth0 will depend on the products or services you subsequently obtain from ieso. If you only create an account, we retain your information for 6 years.

Our data retention practices are reviewed regularly in conjunction with industry standards and best practice.

6. Your access, rights and choices

You can access, update or amend your password and/ or email address directly through your account, or if you feel there is an error of fact in your personal held by us, you can contact us. 

Data protection law also includes the right to data portability and to make other requests to seek to erase, object to and restrict personal data processing where certain limited grounds apply. Note however that data processed for health, legal purposes, or where other legitimate grounds for the processing apply, are examples of circumstances where some of these rights can be restricted or not apply in practice.  

If you need assistance or have an enquiry about accessing, updating or amending your records, or where applicable, about receiving or transmitting a file of the data you have provided please write to: 

The Privacy Team, ieso, Jeffreys Building, Cowley Road, Cambridge, CB4 0DS 

Or by email to privacy@iesohealth.com  

If you remain unhappy with a response you receive, you can submit a complaint to complaints@iesohealth.com or also refer the matter to the Information Commissioner's Office

7. Cookies and tracking

In terms of merely registering an online account at ieso, we use third party auth0 cookies for reasons including: to store the state of the sign in process; to identify if the user is currently authenticated; and to monitor the fact that a user is logged in and interacting with features.

These typically include a unique reference code that relates to, or is accessed from, a user's device and that enables that device to be remembered when next logging on. 

Computers and mobile devices may automatically accept cookies, but you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of future products and services provided by ieso. 

Our therapy site and company website have their own cookie policies.

8. Your questions and how to contact us

If you have any questions or comments about these notices, please let us know: 

By email: privacy@iesohealth.com (or for technical support questions contact our technical support team: support@iesohealth.com)  

By telephone: on 0800 074 5560

Or by post to: 

ieso, Jeffreys Building, Cowley Road, Cambridge, CB4 0DS