Last updated: 15 May 2018
Who are we
For the purpose of the General Data Protection Regulation and the Data Protection Act 1998, the data controller is BigWhiteWall Limited, a company registered in England and Wales under company number 06227377, with a registered office at Evergreen House, Grafton Place, Kings Cross. London NW1 2DX (‘We’, ‘Us’, ‘Big White Wall’ or ‘BWW’)
Our privacy commitment
We take Your privacy rights very seriously and seek to ensure the highest standards of compliance with the General Data Protection Regulation and the Data Protection Act 1998 and applicable European Union data protection laws and regulations. Our main aim is to provide a safe place for you to share your thoughts, feelings and discussions with others in a confidential environment, where your anonymity is respected.
If You have any questions, concerns or suggestions about Our privacy practices, please email Our Privacy Officer at firstname.lastname@example.org. Please remember to protect Your privacy if You contact Us, e.g., do not include information about Your health or Your Member Name or other information from any Member Content that you provide anonymously. Regular email is never a secure method of communication.
Protecting your privacy and identity
We use appropriate administrative, physical and technical safeguards to protect Your Personal Information from loss or theft, unauthorized access, use or disclosure, or modification or destruction. For example, We train Our personnel to protect Your privacy and require them to comply with Our policies and procedures that protect Your Personal Information. We use computing systems in secure facilities to store Your Personal Information in an encrypted form. Where we process your data for archiving purposes in the public interest, and for scientific or historical research purposes or statistical purposes we pseudonymise or anonymise your Personal Information.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your Personal Information, We cannot guarantee the security of Your Personal Information transmitted to the Site; any transmission is at Your own risk.
As a member you will be given your own profile page which will grow and develop the more you use the Site. To protect Your and other Members’ anonymity, read and apply House Rules. You also play an important role in protecting Your Personal Information and Member Content. For example:
You must keep Your password for the Site confidential. We ask You not to share Your password with anyone.
Use an email account to which only You have access to receive emails and notifications from Us.
If You access the Site from a shared device, remember to log out.
Please be aware there is a risk that Members could identify You from information You post on the Site. To protect Yourself:
You must choose a Member Name that is not related in any way to Your real name or nickname. Other Members will see Your Member Name.
Do not post on the Wall details such as Your real name, names of family members or friends, place information, e.g., where you live, where You receive healthcare or places You like to visit, Your phone number or Your e-mail address.
Privacy Settings.The Site has privacy settings that You may use to protect Your identity. For example:
Bricks When creating a brick, You may choose which privacy level to attach to that brick, either public or private. Should You choose private, Your brick is visible to all Members but Your Member Name is not displayed with it. A public setting allows every Member to see that the brick was created by Your Member Name. You may change these settings at any time in the My Bricks area of the Site. Changes will appear immediately on the Site, but please be aware that some Member Content may still appear in archived or cached pages.
Guided Support Courses You may choose whether to participate in Guided Support Courses. In the ‘Privacy Settings’ section of guided support courses, You can control which information to share with other Members participating in a course.
Talkabouts (TAs) You may choose whether to participate in Community TAs. You may also invite other members to join Group Talkabouts (GTAs) or Personal Talkabouts (PTAs). Only other Members whom You’ve invited to participate may see Your Member Content in GTAs and PTAs. We may also access GTAs and PTAs.
LiveTherapy You can choose how to interact with your therapist (audio/video/instant messaging).
If you do not use Our privacy settings, other Members will see the Member Content You post with Your Member Name beside it.
How we collect and use personal information
We collect and use Your postal code, date of birth and email address (which is Personal Information) to:
Register You: We collect Your date of birth and email address to register You and create Your Member account. More particularly, We use Your date of birth to confirm Your eligibility for Membership. If You have registered using your postal code, we will also collect this information to confirm Your eligibility for Membership. If You have registered using a paid Membership, we will also collect (but not keep) Your cardholder name, home address and postal code in order to forward you to our secure payment partner Sage Pay and make payment.
Administer the Site and Your Membership: If You enter Your email address when You login, We will use it to authenticate You. We use Your Personal Information to present it to You in ‘My Account’. We may also use Your Personal Information to:
Investigate any suspected breaches of, and enforce Our House Rules and Terms, e.g., to help Us determine if a Member has registered more than once.
Process and deal with any complaints made by or about You.
Investigate usage of the Site that may be inappropriate.
Comply with any legal obligation.
Seek compensation from you or take other action including legal action as set out in the Terms.
Communicate with You: We email you messages about the Site and Your Membership, and notifications about new content and activity on the Site pertinent to You, e.g., that You have received a private message. If You do not wish to receive notifications, You may turn them off in the ‘My Account’ section of the Site.
Respond to You: If you email Us, We will collect and use any Personal Information You provide to Us to process and respond to Your message. If You request a password reset or other support, We will email You instructions and information to help resolve Your request.
From time to time, We may collect additional Personal Information from You when You provide it. For example, We may present a research survey to You within the Site and collect Personal Information from You if You agree to participate. We will always inform You about why We wish to collect Your Personal Information and ask You for Your consent before collecting it. We limit Our collection of Personal Information to what is necessary for the purposes for which We wish to collect, use or disclose it.
We may use Your Personal Information to create reports and data that contain information that cannot be used to identify You. We use such reports and data, and may disclose them to external parties, such as funding sources, for: statistical, analytical and reporting purposes; research; and for evaluating and enhancing the Site or improving the service. For example, We may produce reports that identify how many Members live in different geographical areas by using Your postal code along with that of other Members.
How we collect and use member content
Please be aware that Member Content will constitute Personal Information if it can be used to identify you; We may delete Member Content if We believe that it is Personal Information.
We use and disclose Member Content to:
Present the Member Content to You when You visit the Site.
Customize content that We present to You on the Site, or in emails and notifications that We send to You and other Members. For example, We may include Your Member Name when We notify another Member that You have sent them a private message.
Monitor, develop and improve the Site, and optimize Your experience of them.
As described above, create reports and data for: statistical, analytical and reporting purposes; research; and for evaluating and enhancing the Site. We may disclose such reports and data to external parties, including funders. For example, We collect and use the information that You enter to activate Your Account to create aggregate, anonymous information or reports about Membership and usage of the Site.
Other Members have no access to the Member Content You provide when You activate Your account, or enter into Your Account Settings or Profile. Other Members may view Your Member Name and the Member Content You provide in bricks, Talkabouts and Guided Support sessions, subject to Your privacy settings. (Please see the section above ‘Privacy Settings’ on how to set and change Your privacy settings.) Our Wall Guides may view the Member Content You provide in any brick, Talkabout and Guided Support session, along with Your Member Name. Our Wall Guides do not have access to Your Personal Information, including Your email address.
Comply with any legal obligation.
Special category information
You may give us special category or sensitive Personal Information such as biometric data for unique identification, health information and medical records, racial or ethnic origin, political orientation or beliefs, religious or philosophical beliefs, trade union membership, data concerning sex life or sexual orientation, genetic data.
Information about other individuals
If You give Us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that You can:
give consent on his/her behalf to the processing of his/her Personal Information;
receive on his/her behalf any data protection notices; and
This information is particularly relevant to referring organisations such as the NHS that may refer You to Us for LiveTherapy.
Information that the site automatically collects
We use information automatically captured by Our web servers that is not Personal Information to see how the Site is being used and customize it for Your benefit.
How we may disclose your personal information
Often we may need to share your data with other service providers in order to facilitate the running of the Site. For example, third parties associated with hosting server co-locations or payment processing for our paid Membership only. When this happens, we implement strict contractual agreements with such third parties limiting the use of your data to activities specific to the Site.
Details of the third parties that we share your data with are set out in our linked Page of Third Party sub-contractors.
We may disclose your data to our employees and agents to administer your membership and the services provided by us now or in the future.
We may also disclose Your Personal Information to third parties:
if We are required to do so by law or to comply with any legal obligation; in order to enforce or apply Our Terms and other agreements; or
to protect the rights, property, or safety of BigWhiteWall Limited, Our customers, or others.
This includes exchanging information with other companies and organizations such as the police, regulatory bodies or legal advisers for the purposes of security, risk reduction and fraud protection. For example, We may disclose Your Personal Information to the police in connection with any alleged criminal offence.
We may disclose Your Personal Information to any member of Our group, which means Our subsidiaries, Our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties: if BigWhiteWall Limited or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets. Should the assets of the company be sold, Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data;
When (and only when) requested by You, and only to the extent requested by You, we will also use Your data to send You and keep You updated with information by e-mail or message through the Site about existing and new services and special offers from Us and to send you information by e-mail or message through the Site about related products or services of selected third parties that may be of interest to You. To opt-out of receiving these messages, You can use the facility contained in any such communication or change your ‘Account settings’ through your Big White Wall profile on the website. You may also contact Us to opt out using the information under the ‘Contacting Us’ section above: please state your member name, and from whom you do not wish to receive further communications. Also see the ‘Your Rights’ section below.
Retention and destruction of personal information
We only keep your information for so long as it is necessary to fulfil the purpose for which it was collected and to comply with guidelines for the retention of health records. We will keep your information for a period of 8 years after You or We have closed your Member Account, or if you have not logged into Your Member Account for more than 8 years. After that 8 year period we will delete all of Your information securely in accordance with Our data destruction policies, unless You contact Us to reactivate Your Member Account in that period. We may retain some information in anonymised form, for example for statistical analysis and research purposes, but We do no retain any personally identifiable information after the expiry of the 8 year period from the date of closure of Your Member Account.
Accessing your personal information
When Your Member Account is still active (i.e. you have logged-in within the previous 8 years, You may login to Your Member Account on the Site at any time to view Your Personal Information. If Your Member Account has expired, You may reactivate it by contacting Us at email@example.com . We will generally be able to reactivate Your account for a period of two weeks in order for You to access and copy Your Personal Information and Member Content. You may update Your email address at any time by logging in and accessing ‘Account Settings’.
Tip: You may click on Your profile picture and see all the Member Content You have posted in one place. You may also see all Your bricks, TAs and guided support content by visiting those sections of the Site.
Under the General Data Protection Regulation and the Data Protection Act 1998 and applicable European data protection laws and regulations You have other rights to access, correct and erase Your Personal Information. See the ‘Your Rights’ section below.
Third party cookies
For more information on Cookies that We use and on the Third Parties Cookies click here.
Our Site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Please be aware that the Site may link to other websites that may be accessed by You through the Site. Such third party websites are not investigated, monitored or checked for accuracy, appropriateness, or completeness by Us, and We are not responsible for any websites You may access via a recommendation or suggestion on the Site. Inclusion of, linking to or permitting the use or installation of any third party website or any third party applications, software or content does not imply approval or endorsement by Us. If You decide to leave the Site and access a third party website or to use or install any third party applications, software or content, You do so at Your own risk.
We are not responsible for the policies, content or security of these linked websites, including how they protect Your privacy and collect, use and disclose Personal Information. We strongly encourage You to review the privacy policies applicable to any linked websites You visit.
We do not have any control over the use to which third parties may put Your data where you choose to purchase products or services or otherwise to contact them via the Site and we take no responsibility or liability for such use by third parties. Please check any policies on such websites before you submit any Personal Data to them.
Where we store your data
All Personal Information and Member Content you provide to us is stored and processed on our secure servers located in the UK and the European Economic Area (EEA). However, your anonymised Member Content may also be processed by staff operating outside the EEA who work for Us or for one of Our suppliers. This includes staff engaged in, among other things, the administration of Your Member Account, and the provision of support services. For more information about the processing of Your data outside of the EEA please see the Contact section above.
Right to ask us to stop contacting you with direct marketing. Even if You have accepted the processing of Your Personal Information for marketing purposes (by ticking the relevant box), You have the right to ask us to stop processing Your Personal Information for such purposes. Let us know what method of contact You are not happy with if You are unhappy with certain ways of contacting You only (for example, You may be happy for us to contact You by alerts on the Site but not by email).
Right to request a copy of your information. You can get a copy of your Member Account information and Your Member Content by logging into your Member Account. You can also request a copy of Your information which we hold (this is known as a subject access request). If you would like a copy of some or all of it, please contact us and let us know the information you want a copy of, including any account or reference numbers, if You have them. A subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you.
Right to correct any mistakes in your information. You can correct any mistakes in Your Member Account information by contacting Us at firstname.lastname@example.org. You can also require Us to correct any mistakes in your information which We hold, free of charge. If You would like to do this, please contact Us and let us know the information that is incorrect and the information You want it replaced with.
Right to request we cease processing your information. You may request that We cease processing your Personal Information. If You make such a request, We shall retain only the amount of Personal Information pertaining to You that is necessary to ensure that no further processing of Your Personal Information takes place unless we need to continue processing it for archiving purposes in the public interest, or for scientific or historical research purposes or statistical purposes. Where that is the case we take steps to ensure compliance with the applicable data protection regulations including anonymization or pseudonymisation of the Personal Information and keeping the processing to a minimum. Exercising this right will most likely also result in closure of your Member Account as We will not be able to continue to provide access if We cannot process Your Personal Information for the purpose of administering Your Member Account and providing You access to it and the log-in areas of the Site.
Right to request deletion of your information. You can ask Us to erase all Your Personal Information (also known as the “right to be forgotten”) in the following circumstances:
it is no longer necessary for Us to hold that Personal Information with respect to the purpose for which it was originally collected or processed;
You wish to withdraw Your consent to Us holding and processing Your Personal Information;
You object to Us holding and processing Your Personal Information (and there is no overriding legitimate interest to allow Us to continue doing so);
the Personal Information has been processed unlawfully; or
the Personal Information needs to be erased in order for Us to comply with a particular legal obligation.
Unless We have reasonable grounds to refuse to erase Your Personal Information, all requests for erasure shall be complied with. For example, we may refuse to erase your Personal Information where we need to continue processing it for archiving purposes in the public interest, or for scientific or historical research purposes or statistical purposes. Where that is the case we take steps to ensure compliance with the applicable data protection regulations including anonymization or pseudonymisation of the Personal Information and keeping the processing to a minimum to achieve the forementioned purposes. Although we do not process Personal Information for research or statistical purposes for the purpose of taking measures or making decisions about individuals, we will nevertheless carefully consider the effects on you of this and will not continue the processing if we consider that it would cause significant distress to you.
Erasure of Your Personal Information will result in automatic closure of your Member Account and access to the log-in areas of Our Site.
If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns/.