Help Center

What kind of help do you need?

SilverCloud Privacy Notice

Effective date: Jan 1 2022

This privacy notice is for people who use the SilverCloud platform and programs as a client or coach.

SilverCloud Health provides its platform to many healthcare services and other organisations. In this notice we will tell you how we process your personal data on behalf of your service (that is, the healthcare team that has given you access to SilverCloud). Your service is the ‘data controller’, which means they decide how and why your data is processed, and SilverCloud is the ‘data processor’, which means we follow their instructions. Your service may also have a privacy notice that is relevant to you. To review that policy, click here

SilverCloud also uses some of your data to understand how the SilverCloud platform is used and could be improved. When we collect or use your data on our own behalf, SilverCloud is the ‘data controller’.

There is a separate privacy notice for people who use the SilverCloud company website and for people who we communicate with for marketing purposes.

Contact details for SilverCloud are listed at the bottom of this notice.

  • How we collect your personal data

    Your data is collected by SilverCloud in a few ways:

    • Data you give directly
    • Data given about you (by a client or coach)
    • Data we collect automatically when you use SilverCloud
  • What personal data we collect and use

    Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers, including what your service has asked SilverCloud to collect.

    • Contact details
    • Optional personal information
    • Health data
    • Data about your use of SilverCloud
    • Feedback data
    • Data about your background or demographic profile

    Contact details

    Your name, email address, mobile telephone number (for notifications), etc.

    The following types of data will only be collected if SilverCloud has an obligation to do so:

    Your postal address, post code, telephone numbers

    Optional personal information

    Interests, likes/dislikes, profile image, etc.

    Health data (PHI)

    The SilverCloud customer organization with which you are associated; your SilverCloud program; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries; messages between clients and coaches; ID numbers for health records; etc.

    The following types of data will only be collected if SilverCloud has an obligation to do so, or if SilverCloud has your specific consent:

    For referrals, we may collect more data: date of birth, GP name, address, telephone number, national or local ID number.

    Additional health data about your disabilities, conditions, problems or treatments.

    Data about your use of SilverCloud

    Your invitation, when you first signed up, pages and sections viewed, other actions you take on SilverCloud, emails sent to you, server errors that affect you, etc.

    When you log in and log out, your IP address, browser type and version, time zone and language, notification preferences

    Your login details (username, encrypted password)

    Feedback data

    Your feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud

    Data about your background or demographic profile

    The following types of data will only be collected if SilverCloud has an obligation to do so, or if SilverCloud has your specific consent.

    Age, gender, sexual orientation, ethnicity, religion, etc.

    Data we do not collect

    Children's data

    SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.

  • How and why we use your personal data

    SilverCloud processes your data for specific purposes and where there is a legal basis.

    • Provide SilverCloud platform and programs
    • Technical support
    • Understanding usage and improving service

    Provide SilverCloud platform and programs

    SilverCloud collects and processes your data under a contract with the customer organization with which you are associated in order to provide you with secure access the SilverCloud platform and programs.

    This includes displaying program pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notification, etc.

    It also includes inviting and managing clients and coaches, coaches reviewing client progress and results, and, if your service requires, working with their health record systems.

    Your service is responsible for determining the purpose and legal basis under which they use your data and have SilverCloud process it.

    Technical support

    SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.

    Understanding usage and improving service

    SilverCloud analyzes data de-identified in accordance with HIPAA to understand usage and to help us improve the platform and programs.

    Most analysis uses de-identified aggregate data (for example, average length of time spent on the platform). Some analysis uses individual de-identified data, with additional safeguards in place such as limiting the set of individual data (data minimization). This analysis may include classification, machine learning or other techniques.

    Update usage analytics settings

  • Your rights

    You have rights regarding your personal data. If you have any questions please contact your service or SilverCloud.

    Right to information about processing of your personal details

    The aim of this privacy notice is to give you this information.

    Right to access your personal data

    You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

    Right to change or remove your details

    You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.

    Right to object to processing

    You can ask us not to use or share certain health information for treatment, payment, or our operations.

    We are not required to agree to your request, and we may say “no” if it would affect your care.

    You can object to processing if it could affect your rights, freedoms or interests.

    Right to data portability

    We will provide your data in a portable format.

    Right to lodge a complaint

    You can file a complaint by contacting SilverCloud using the information at the end of this notice.

    You can file a complaint if you believe we have violated your HIPAA rights with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201, or visiting www.hhs.gov/hipaa/filing-a-complaint.

    We will not retaliate against you for filing a complaint.

  • Third parties

    We use third party sub-processors to host the SilverCloud platform and communicate with you.

    Amazon Web Services

    Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.

    We use Amazon Web Services to host the SilverCloud platform and database, store encrypted backups and send email notifications.

    Location of processing: Virginia, U.S.A.

    AWS Privacy Policy

    Zendesk

    Zendesk International Limited, One Grand Parade, Dublin 6, D06 R9X8, Ireland

    We use Zendesk to handle technical assistance communication.

    Location of processing: US and EU

    Zendesk Privacy Policy

    Links to other websites

    You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.

  • Data security and storage

    We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

    All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud.

    SilverCloud maintains ISO 27001:2013 certification.

  • Retention of personal data

    Personal Data shall be retained only in accordance with the Data Retention requirements of SilverCloud's Privacy Policy.

  • Privacy notice changes

    We will revise this privacy notice when necessary and we encourage you to check back in future for changes.

    24 February 2023
    Update to SMS service provider
  • OSF Privacy Policy

    To access and review OSF’s privacy policy, click here.

Contact

If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:

SilverCloud Health
One Stephen Street Upper
Dublin 8
Ireland

dataprotection@silvercloudhealth.com

SilverCloud's Data Protection Officer (DPO) is BH Consulting:

SilverCloud Health Data Protection Officer
BH Consulting
The LINC Centre
Blanchardstown Road North
Dublin 15
Ireland

dataprotection@silvercloudhealth.com