End User Licence Agreement
PLEASE READ THESE LICENCE TERMS CAREFULLY
BY USING THE WEB APP YOU AGREE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS DO NOT USE THE WEB APP.
WHO WE ARE AND WHAT THIS AGREEMENT DOES
We, MindData, license you to access:
www.minddata.app, the data and content supplied with the software (Web App) and any updates or supplements to it.
The related online or electronic documentation (Documentation).
The service you connect to via the Webb App and the content we provide to you through it (Service)
as permitted in these terms.
Under data protection legislation, we are required to provide you with certain information including who we are, how we process your personal data and for what purposes and your rights in relation to your personal data and how to exercise them. This information is provided in [https://minddata.io/privacy-policy] and it is important that you read that information.
OPERATING SYSTEM REQUIREMENTS
This Web App requires you to use the latest version of the applicable operating system and browser.
SUPPORT FOR THE WEB APP AND HOW TO TELL US ABOUT PROBLEMS
If you want to learn more about the Web App or the Service or have any problems using them please take a look at our support resources at https://minddata.freshdesk.com/
Contacting us (including with complaints). If you think the Web App or the Services are faulty or misdescribed or wish to contact us for any other reason please email our customer service team at firstname.lastname@example.org
How we will communicate with you. If we have to contact you we will do so by email or by SMS, using the contact details you have provided to us.
HOW YOU MAY USE THE WEB APP, INCLUDING HOW MANY DEVICES YOU MAY USE IT ON
In return for your agreeing to comply with these terms you may:
access the Web App via a web-based browser on your computer or mobile phone and view, use and display the Web App and the Service on such devices for your personal purposes only.
use any Documentation to support your permitted use of the Web App and the Service.
YOU MAY NOT TRANSFER ACCESS TO THE WEB APP TO SOMEONE ELSE
We are giving you personally the right to use the Web App and the Service as set out in the section “How You May Use the Web App” above. You may not otherwise transfer access to the Web App or the Service to someone else, whether for money, for anything else or for free.
CHANGES TO THESE TERMS
We may need to change these terms to reflect changes in law or best practice or to deal with additional features which we introduce.
We will give you at least 30 days notice of any change by sending you an email with details of the change or notifying you of a change when you next access the Web App.
If you do not accept the notified changes you will not be permitted to continue to use the Web App and the Service.
UPDATE TO THE WEB APP AND CHANGES TO THE SERVICE
From time to time we may update the Web App and change the Service to improve performance, enhance functionality, reflect changes to the operating system or address security issues. We will notify you of any such changes or updates, to the extent that they have a material impact on the functionality of the Web App.
WE ARE NOT RESPONSIBLE FOR OTHER WEBSITES YOU LINK TO
The Web App or any Service may contain links to other independent websites which are not provided by us. Such independent sites are not under our control, and we are not responsible for and have not checked and approved their content or their privacy policies (if any).
You will need to make your own independent judgement about whether to use any such independent sites, including whether to buy any products or services offered by them.
You agree that you will:
not rent, lease, sub-license, loan, provide, or otherwise make available, the Web App or the Services in any form, in whole or in part to any person without prior written consent from us;
not copy the Web App, Documentation or Services, except as part of the normal use of the Web App or where it is necessary for the purpose of back-up or operational security;
not translate, merge, adapt, vary, alter or modify, the whole or any part of the Web App, Documentation or Services nor permit the Web App or the Services or any part of them to be combined with, or become incorporated in, any other programs, except as necessary to use the Web App and the Services on devices as permitted in these terms;
not disassemble, de-compile, reverse engineer or create derivative works based on the whole or any part of the Web App or the Services nor attempt to do any such things, except to the extent that (by virtue of sections 50B and 296A of the Copyright, Designs and Patents Act 1988) such actions cannot be prohibited because they are necessary to decompile the Web App to obtain the information necessary to create an independent program that can be operated with the Web App or with another program (Permitted Objective), and provided that the information obtained by you during such activities:
is not disclosed or communicated without the Licensor’s prior written consent to any third party to whom it is not necessary to disclose or communicate it in order to achieve the Permitted Objective; and
is not used to create any software that is substantially similar in its expression to the Web App;
is kept secure; and
is used only for the Permitted Objective;
comply with all applicable technology control or export laws and regulations that apply to the technology used or supported by the Web App or any Service.
ACCEPTABLE USE RESTRICTIONS
not use the Web App or any Service in any unlawful manner, for any unlawful purpose, or in any manner inconsistent with these terms, or act fraudulently or maliciously, for example, by hacking into or inserting malicious code, such as viruses, or harmful data, into the Web App, any Service or any operating system;
not infringe our intellectual property rights or those of any third party in relation to your use of the Web App or any Service, including by the submission of any material (to the extent that such use is not licensed by these terms);
not transmit any material that is defamatory, offensive or otherwise objectionable in relation to your use of the Web App or any Service;
not use the Web App or any Service in a way that could damage, disable, overburden, impair or compromise our systems or security or interfere with other users; and
not collect or harvest any information or data from any Service or our systems or attempt to decipher any transmissions to or from the servers running any Service.
INTELLECTUAL PROPERTY RIGHTS
All intellectual property rights in the Web App, the Documentation and the Services throughout the world belong to us and the rights in the Web App and the Services are licensed (not sold) to you. You have no intellectual property rights in, or to, the Web App, the Documentation or the Services other than the right to use them in accordance with these terms.
OUR RESPONSIBILITY FOR LOSS OR DAMAGE SUFFERED BY YOU
We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking these terms or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time you accepted these terms, both we and you knew it might happen.
We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors or for fraud or fraudulent misrepresentation.
When we are liable for damage to your property. If defective digital content that we have supplied damages a device or digital content belonging to you, we will either repair the damage or pay you compensation. However, we will not be liable for damage that you could have avoided by following our instructions in respect to how to access the Web App, including without limitation having in place any minimum system requirements advised by us.
We are not liable for business losses. The Web App is for private use. If you use the Web App for any commercial, business or resale purpose we will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
Limitations to the Web App and the Services. The Web App and the Services are provided only to support and enhance the therapy process. They do not offer advice or therapy on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of information obtained from the Web App or the Service. Although we make reasonable efforts to update the information provided by the Web App and the Service, we make no representations, warranties or guarantees, whether express or implied, that such information is accurate, complete or up to date.
Please back-up content and data used with the Web App. We recommend that you back up any content and data used in connection with the Web App, to protect yourself in case of problems with the Web App or the Service.
Check that the Web App and the Services are suitable for you. The Web App and the Services have not been developed to meet your individual requirements. Please check that the facilities and functions of the Web App and the Services (as described in the Documentation) meet your requirements.
We are not responsible for events outside our control. If our provision of the Services or support for the Web App or the Services is delayed by an event outside our control then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided we do this we will not be liable for delays caused by the event but if there is a risk of substantial delay you may contact us to end your contract with us and receive a refund for any Services you have paid for but not received.
WE MAY END YOUR RIGHTS TO USE THE WEB APP AND THE SERVICES IF YOU BREAK THESE TERMS
We may end your rights to use the Web App and Services at any time by contacting you if you have broken these terms in a serious way. If what you have done can be put right we will give you a reasonable opportunity to do so.
If we end your rights to use the Web App and Services:
You must stop all activities authorised by these terms, including your use of the Web App and any Services.
You must delete or remove the Web App from all devices in your possession and immediately destroy all copies of the Web App which you have and confirm to us that you have done this.
We may remotely access your devices and remove the Web App from them and cease providing you with access to the Services.
WE MAY TRANSFER THIS AGREEMENT TO SOMEONE ELSE
We may transfer our rights and obligations under these terms to another organisation. We will always tell you in writing if this happens and we will ensure that the transfer will not affect your rights under the contract.
YOU NEED OUR CONSENT TO TRANSFER YOUR RIGHTS TO SOMEONE ELSE
You may only transfer your rights or your obligations under these terms to another person if we agree in writing.
NO RIGHTS FOR THIRD PARTIES
This agreement does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement.
IF A COURT FINDS PART OF THIS CONTRACT ILLEGAL, THE REST WILL CONTINUE IN FORCE
Each of the paragraphs of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.
EVEN IF WE DELAY IN ENFORCING THIS CONTRACT, WE CAN STILL ENFORCE IT LATER
Even if we delay in enforcing this contract, we can still enforce it later. If we do not insist immediately that you do anything you are required to do under these terms, or if we delay in taking steps against you in respect of your breaking this contract, that will not mean that you do not have to do those things and it will not prevent us taking steps against you at a later date.
WHICH LAWS APPLY TO THIS CONTRACT AND WHERE YOU MAY BRING LEGAL PROCEEDINGS
These terms are governed by English law and you can bring legal proceedings in respect of the products in the English courts. If you live in Scotland you can bring legal proceedings in respect of the products in either the Scottish or the English courts. If you live in Northern Ireland you can bring legal proceedings in respect of the products in either the Northern Irish or the English courts.
Data Processing Agreement
Applicable Laws: means:
To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.
To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject.
Applicable Data Protection Laws: means:
To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data.
Customer Personal Data:
any personal data which the Supplier processes in connection with the Services, in the capacity of a processor on behalf of the Customer.
the General Data Protection Regulation ((EU) 2016/679).
the purposes for which the Customer Personal Data is processed, as set out in: Clause 1.8(a).
the subscription services provided by the Supplier to the Customer via minddata.io and minddata.app or any other website notified to the Customer by the Supplier from time to time.
has the meaning given to it in the Data Protection Act 2018.
1. DATA PROTECTION
1.1 For the purposes of this Agreement, the terms controller, processor, data subject, personal data, personal data breach and processing and appropriate technical and organisational measures shall have the meaning given to them in the UK GDPR.
1.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This Clause 1 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under Applicable Data Protection Laws.
1.3 The parties have determined that, for the purposes of Applicable Data Protection Laws the Supplier shall process the personal data set out in Schedule 1 as a processor on behalf of the Customer in respect of the processing activities set out in Schedule 1.
1.4 Should the determination in Clause 1.3 change, then each party shall work together in good faith to make any changes which are necessary to this Clause 1 or the related schedules.
1.5 By entering into this data processing agreement, the Customer consents to (and shall procure all required consents, from its personnel, representatives and agents, in respect of) all actions taken by the Supplier in connection with the processing of Customer Personal Data, provided these are in compliance with the then-current version of the Supplier’s privacy notice available at [insert WEBSITE URL] (Privacy Notice). In the event of any inconsistency or conflict between the terms of the Privacy Notice and this agreement, the Privacy Notice will take precedence.
1.6 Without prejudice to the generality of Clause 1.2, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data and to the Supplier and/or lawful collection of the same by the Supplier for the duration and purposes of this agreement.
1.7 In relation to the Customer Personal Data, Schedule 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
1.8 Without prejudice to the generality of Clause 1.2 the Supplier shall, in relation to Customer Personal Data:
Process that Customer Personal Data only on the documented instructions of the Customer (as set out in this Agreement), unless the Supplier is required by Applicable Laws to otherwise process that Customer Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Customer Personal Data, the Supplier shall notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer on important grounds of public interest. The Supplier shall inform the Customer if, in the opinion of the Supplier, the instructions of the Customer infringe Applicable Data Protection Legislation;
implement the technical and organisational measures set out in [Schedule 2 ]] to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, which the Customer has reviewed and confirms are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
ensure that any personnel engaged and authorised by the Supplier to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;
assist the Customer insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), and at the Customer’s cost and written request, in responding to any request from a data subject and in ensuring the Customer’s compliance with its obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
notify the Customer without undue delay on becoming aware of a personal data breach involving the Customer Personal Data;
At the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Services unless the Supplier is required by Applicable Law to continue to process that Customer Personal Data. For the purposes of this Clause 1.8(f) Customer Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and
Maintain records to demonstrate its compliance with this Clause 1.8 [and allow for reasonable audits by the Customer or the Customer’s designated auditor, for this purpose, on reasonable written notice].
1.9 The Customer hereby provides its prior, general authorisation for the Supplier to:
(a) Appoint sub-processors to process the Customer Personal Data, provided that the Supplier:
(i) shall ensure that the terms on which it appoints such sub-processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this Clause 1;
(ii) shall remain responsible for the acts and omission of any such sub-processor as if they were the acts and omissions of the Supplier; and
(iii) shall inform the Customer of any intended changes concerning the addition or replacement of the sub-processors, thereby giving the Customer the opportunity to object to such changes provided that if the Customer objects to the changes and cannot demonstrate, to the Supplier’s reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Law, the Customer shall indemnify the Supplier for any losses, damages, costs (including legal fees) and expenses suffered by the Supplier in accommodating the objection.
(b) transfer Customer Personal Data outside of the UK as required for the Purpose, provided that the Supplier shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws. For these purposes, the Customer shall promptly comply with any reasonable request of the Supplier, including any request to enter into standard contractual clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the UK Information Commissioner from time to time (where the UK GDPR applies to the transfer).
DATA processing Activities
1.PARTICULARS OF PROCESSING
Information relating to mental health therapy: therapist’s and patient’s details, including commentaries, mood scores and notes, appointments and invoicing details
Collection, storage, deletion
1.3 PURPOSE OF PROCESSING
Provision of cloud hosted SaaS platform to support mental health therapists’ services and aggregation of non-personal data for research and statistical purpose
1.4 DURATION OF THE PROCESSING
For the duration of contract and additional periods as required to satisfy requirements of applicable regulations
2. TYPES OF PERSONAL DATA
Names, email address, mobile number, patient’s notes, therapist’s notes, Patient’s journal, mood score, IP address, appointments, invoicing details, invoices.
3. CATEGORIES OF DATA SUBJECT
Clients, clients’ patients
TECHNICAL AND ORGANISATIONAL MEASURES
This is a summary of technical and organisational security measures applied
All information in transit, including flows through APIs, is encrypted.
All information stored in the application is encrypted, server-side, at rest
Access is controlled via a privilege system based on single user’s credentials.
MFA (Multi-Factor Authentication) is implemented. Users are required to register their mobile devices in order to enable this security feature.
Access control to platform based on principles of “Least Privilege” and “Need to Know”
Encryption key’s value only held for duration of transaction
Encrypted patient’s private notes, only accessible to patient. Mind Data has no access to this information
Technology infrastructure is provided by vendors holding ISO27001, 27017, 27018 and SSAE18 SOC 2 reports
Pseudonymisation of data (where information is separated from personal identifiers)
All parties maintaining and supporting the platform are bound by confidentiality clauses
All information is backed up in “real time”
The Mind Data platform is hosted, supported and maintained within the United Kingdom