Privacy policies can be dense and inaccessible. Sometimes you just want your question answered quickly without having to navigate pages of text. With this document, we hope to make that easier. We tried our best to make our Privacy Policy as easy to navigate and understand as possible. If you have any questions while reading it, please don’t hesitate to reach out to info@yourwellnessclinic.org.

For purposes of this Policy and unless otherwise specified, “data” includes information that is linked to one person or household including things like name, email address, phone numbers, device ID, Third Party identifiers, contact information, and communications with Therapists using our digital communication platform (the “Platform”) to provide services (“Therapists”). Some jurisdictions might consider this to be “personal data,” “personally identifiable information,” or “sensitive personal data” in certain circumstances. When you use and access our app or website, you accept and agree to both the Terms and Conditions and this Privacy Policy, including that we’ll share certain data with Service Providers.

The categories of data which we process are listed below. We Process this data to do things like operate the Platform and make sure you are able to use our services effectively. We may also Process data to send you periodic emails or text messages. In some cases, these communications are to help provide services. Other times, they are to provide marketing communications. You can opt out of receiving texts or marketing communications at any time. Additionally, provided you opt in, we may Process and share some data with Third parties for advertising purposes. You can find more details in the relevant sections of this Policy.

What data we Process depends on how you’re using our website, app, or the Platform. We explain in the section below the specific data we collect and Process and, in the section following this, the business purpose for collecting and Processing this data.

As highlighted in the table below, we collect and Process “Therapy Data“, which includes health and treatment information that is required to facilitate therapy.

“Visitor data” – What is collected:

When you visit the website, app, or Platform, we Process information like the particular pages visited or which features you interacted with, the amount of time on the website or app, site/app/Platform errors, information about the type of device and browser you’re using, and IP address. We may Process your Third Party identifier or advertising ID (if available based on the settings of your device) and will share the information with Third Parties, if you opt in to Advertising (previously “Targeting cookies”) and web beacons.

When required by law, we cooperate with government agencies. This is not unique to yourwellnessclinic and is applicable to in-person therapy as well. For example, a court might subpoena information from us where we would be required to share certain information requested in the subpoena. Keep in mind that, as a general rule, we defer to your chosen Therapist to decide to produce (or not produce) any psychotherapy notes or messages you have had with them. Many jurisdictions have strict rules governing Therapist/client relationships and the confidentiality requirements associated with that. We encourage you to discuss with your Therapist early on if you have concerns about their disclosure obligations.

You should also be aware that Therapists may be obliged to disclose information to authorities to meet professional and legal responsibilities. Specifically, some laws require mental health professionals to disclose information and/or take action for: (a) reported or suspected abuse; (b) serious suicidal potential; (c) threatened harm; and (d) court-ordered treatment. You should speak with your Therapist if you have concerns about this.

We aren’t paid by anyone for any data. However, in Nigeria, the laws define “sale” broadly to include the sharing of personal information in exchange for anything of value. If you opt in to our use of Advertising cookies and web beacons, this use may be considered a “sale” of personal information under that specific California law. For specific information on your data rights as a resident of Nigeria.

In order to reach people who may be looking for mental health support, we advertise on some third parties web properties such as Third Party websites and apps. In order to minimize advertising costs related to this process and downstream costs to you, we strive to deliver ads that are relevant, interesting, and personal.

Therefore, if you opt in to Advertising cookies and web beacons, your IP address, Third Party identifier (if applicable), hashed User ID (if applicable) excluding activity when you’re logged in and have started therapy, may be shared for advertising purposes. As a result, you may see ads for our services on some Third Party websites.

Even if you do opt in, we still do not engage in “retargeting” advertising. Retargeting advertising is a type of advertising whereby advertisers leverage the fact that you viewed a page or took an action on their site to advertise to you again on third party properties in the hope that you will see the ad and return to their site.

To be clear, we don’t share any data or information you share with your Therapist with any Third Party advertisers. Even if you opt in to Advertising cookies and web beacons, we still don’t share information with Third Party advertisers like Member names, email addresses, phone numbers, clinician diagnosis, questionnaires answers, sessions data, journal entries, messages, worksheets, or any other type of private communication you have with your Therapist on the Platform.

For additional information regarding Third Parties that yourwellnessclinic may share data with, please reference our Third parties partners disclosure lists.

yourwellnessclinic is committed to ensuring that all applicable Member data is retained only for the amount of time required to provide relevant products and services and in accordance with relevant legal requirements.

Certain categories of data are retained for a period of time after you cancel your Membership or your Membership becomes inactive. These categories of data are retained to allow for a seamless reactivation in the event you begin using our services again and allow Therapists to reference historical information. Retaining this data is also needed to ensure our products and services function.

In addition to the data retention schedule outlined below, yourwellnessclinic maintains a process for all Members (regardless of where they live) to receive and process, without undue delay, requests to erase or access their data.

Retention Policy

yourwellnessclinic data retention policies are based upon what data is being processed, whether or not the Member has participated in therapy, and if the Member proactively requested data erasure or if the erasure is triggered due to Platform inactivity.

As stated, you have certain rights under data protection laws, including the right to request that we erase personal data we hold about you, and the right to request a copy of it. The following sections describe how you can exercise those rights.

To request data erasure, please log in to your account and go to Menu > My Account (or Account Settings) > My Personal Information, where you will see a link to request complete erasure of your account. Click that and follow the instructions to begin the data erasure process. You will receive a confirmation email from us within 24 hours of your request.

Requirements:

• Only you or your authorized representative may make a request on your behalf. You may also make a request on behalf of your minor child depending on the applicable laws.
• You must provide sufficient information that allows us to reasonably verify your identity or status as an authorized representative.
• You must provide details that allow us to understand, evaluate, and respond to your request.

If a Member joined the platform via an organization or Employee Assistance Program (“EAP”) then the only way to erase their account will be via contacting Member Success. The Member will not be able to request account erasure from within the Platform.

In some circumstances, legal or regulatory requirements limit our ability to honor erasure requests. As such, we may decline requests for erasure if the information is:

• Subject to a litigation hold or legal request to preserve it.
• Necessary to comply with laws and regulations and to maintain business integrity.
  
  • Clinical Health Record (described above) falls under this exemption.

Additionally, compliance obligations require us to retain records documenting certain interactions you have with us related to your Membership. As such, we cannot honor erasure requests for information contained in records of:

• Communications about complaints and erasure or access requests.
• Disclosures of personal data to Third Parties.

If we don’t intend to comply with a request, then we will tell you why this is the case, and outline how we weighed your rights and freedoms against our legal obligations. In such instances, any information retained will only be used for purposes contemplated under the legally recognized exemption.

To receive a summary copy of your data, please log in to your account and go to Menu > My Account (or Account settings) > My Personal information, where you will see an option to request a copy of your data. The data you will receive as part of this request includes the contact information that you input on the site, questionnaire answers, worksheet entries, emergency contact information, messages you sent to your Therapist, journal entries that you created, and other personal information.

How do you keep my data secure?

We apply industry standards and strive to apply best practices to prevent any unauthorized access and disclosure. Internet-based services carry inherent security risks, but our systems infrastructure, encryption technology, operation and processes are all designed, built, and maintained with your security and privacy in mind. one of the most recognized data security certification programs in the health industry.

yourwellnessclinic has an experienced team of data security professionals whose job it is to make sure we use secure technology to protect your data. We have an Information Security team who test internal security at yourwellnessclinic to try and anticipate threat actors and act defensively to build processes and infrastructure to prevent incidents and attacks. We have numerous robust security practices such as:

• All messages between a Member and their Therapist are secure and have 256-bit encryption.
• Our servers are distributed across multiple Tier 3 AWS Data Centers for optimal security and protection.
• Our browsing encryption system (SSL) follows modern best practices.
• Our databases are encrypted and scrambled rendering them useless in the unlikely event that they are stolen or inappropriately retrieved.
• We have robust monitoring and alerting systems and procedures in place that include both automated systems and humans. For example, there are always security personnel active in our 24/7 rotation.

For your own security, keep the following in mind:

• Phishing: This is a type of online identity theft or account hacking. We will never request your login information or credit card information in any non-secure or unsolicited communication. You should always be diligent when you are asked to provide your account information and make sure it is in our secure system.
• External links: Our Platform may contain links to an external website or service. We do not control external websites, and do not have control over their privacy policies and terms of use. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that external party or of their privacy and security policies or practices.

When you sign up for an account on yourwellnessclinic, we do not ask you for your full name. You may pick any name or “nickname” which will identify you in the system. You will need to provide an email address so that we can verify your account, and so we can communicate with you. You can choose an email that does not include your name (including if you are coming to us from an employer, organization, or other business partner and do not want to use your organization’s email address), but you should be aware that in some jurisdictions emails may be considered “personal data,” “personally identifiable information,” or “sensitive personal data” in certain circumstances. When you decide to start the therapy process, we’ll ask you for your contact information for emergency situations such as if your Therapist thinks that you or someone else is in immediate danger. Your Therapist may request additional specific information about you as required by their license or other accreditation guidelines.

Even though we try to limit the kinds of information you must provide to us as discussed above, it is very difficult to be truly “anonymous” when you use any app or the internet. Read more about what data we process and why.

You and your Therapist are able to see the messages you send, the worksheets you submit. Your Therapist can also see the journal entries you submit if you opt in to sharing journal entries.

If you consent, a licensed Therapist who is employed as part of the yourwellnessclinic Clinical Operations Team may review correspondence with your Therapist for quality assurance purposes. For example, if you raise a concern about your Therapist, or if we have concerns about a specific Therapist’s clinical care.

In addition, our internal Trust and Safety or Legal teams may review correspondence for specific accounts if we have a reason to believe that there is a security, legal, or fraud issue occurring with that specific account.

Messages with your Therapist are not shared with any Third party, and your live sessions are not recorded. We also do not share when you send a message, or have a session with your Therapist, with any Third Party.

We don’t knowingly collect or solicit any data or information from anyone under the age of thirteen (13) or knowingly allow such persons to become our users. The Platform is not directed at and not intended to be used by children under the age of thirteen (13). If you’re aware that we have collected personal information from a child under age thirteen (13), please let us know by contacting us, and we’ll delete that information.

A “cookie“ is a small data file that is accessible within a folder on a computer, and it is used for record-keeping purposes. Cookies are used to enhance performance of the Platform, personalize your experience and can be used for third party tracking (as described above). For example, cookies may be used to help you quickly log into certain platforms and websites without having to enter your credentials every time.

A “web beacon“ or “pixel” is a tiny and sometimes invisible image or embedded code, placed on a web page or email that can report your visit or use to a Third Party (as described above). In general, these tools can be used to monitor the activity of users for the purpose of web analytics, advertising optimization, or page tagging.

We use our own, service providers and Third Party cookies and web beacons to deliver a faster and safer experience, to monitor and analyze usage, to comply with laws, and for advertising purposes. To read more about the kinds of Third Party cookies we use and their purposes, to update your settings, or to opt out, click here.

You can always opt out of receiving marketing emails. In order to opt out, you can select the unsubscribe link located at the bottom of the relevant email communication.

This Privacy Notice for California Residents supplements the yourwellnessclinic  Privacy Policy to comply with the Nigeria Consumer Privacy Act of 2018 (“CCPA”) and the Nigeria Privacy Rights Act (“NPRA”) of 2020.

The CCPA and the CPRA are Nigeria laws that provide its residents with certain rights over information about them, including notice about the categories of personal information we have collected from them in the preceding twelve (12) months and the purposes for which the information is used or disclosed, and correction of personal information.

The following Sections outline the data that is processed by us, as well as the purpose for collection, and the categories of sources of such information

• Identifiers;
• Personal information categories listed in the Nigeria Customer Records statute
• Protected classification characteristics under Nigeria or federal law;
• Commercial information;
• Biometric information;
• Internet or other similar network activity;
• Geolocation data;
• Sensory data;
• Sensitive Personal Information;
• Professional or employment-related information

The information that we have disclosed in the past 12 months and the recipients of the information are described above, in the section titled The information that we may have shared in the past 12 months falls into the following personal information categories under the CCPA and CPRA:

• Identifiers;
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
• Protected classification characteristics under California or federal law;
• Commercial information;
• Internet or other similar network activity;
• Geolocation data;
• Sensory data;
• Sensitive Personal Information; and
• Professional or employment-related information;
• Non-public education information (per the Family Educational Rights and Privacy Act

As noted in the Section titled, our “sale” of information (including sale of information about consumers under the age of 16) consists of the disclosure of your information for targeted advertising purposes, and we aren’t paid by any external or third party for any data. The information that we may have “sold” (for purposes of the CCPA and CPRA) in the past 12 months falls into the following personal information categories under the CCPA and CPRA:

• Identifiers;
• Commercial information; and
• Internet or other similar network activity.

Do I have the right to know what information you have about me?

Yes, as a California resident you can request certain information about what we have Processed over the past 12 months. Once we receive and verify your consumer request, we can provide:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting that personal information.
• The categories of Third Parties with whom we shared that personal information.
• The specific pieces of personal information we collected about you.
• Whether we disclosed your personal information for a business purpose and the personal information categories that each category of recipient obtained.

We will verify your identity by matching the information you provide with information that we maintain about you or via biometrics (specifically, FaceID via iOS). You also have the right to request that we correct personal information about you if it is found to be inaccurate. To make such a request, please send an email to us info@yourwellnessclinic.org

Can I “opt out” or request that you delete my information?

Yes, you can request that we delete your data as described in the section of this Policy. Once your request is received and verified by matching the information you provide with information that we maintain about you or via biometrics, we’ll move forward with the Process of deleting your information in line with our legal requirements and Retention Policy. We cannot fulfill a deletion request and need to retain your information if the data is necessary to:

• Provide you services, take actions reasonably anticipated within the context of our ongoing business relationship, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with applicable laws, including but not limited to, the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) and information covered by the California Confidentiality of Medical Information Act.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

As noted above, you do not need to opt in to the “sale” of personal information about you by withdrawing your consent to accept cookies used for advertising here. Our websites are also designed to implement a do-not-sell privacy preference.

Other California privacy rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of personal information to Third Parties for direct marketing purposes. To make such a request.

This section provides additional information about our Policy relevant to you if you are from the European Economic Area (the EEA), United Kingdom, and Switzerland (together “European Area Countries”). It supplements and should be read in conjunction with the rest of the Policy. Under the European Area Countries’ privacy laws, we are the Controller with respect to your data.

When is my data used?

• When it is in our legitimate interests or an external third party’s legitimate interests (“legitimate interest” is a term defined by the General Data Protection Regulation (GDPR) and UK General Data Protection Regulation Notice). Our legitimate interests in this instance include managing the Platform and yourwellnessclinic business, safety and security of the infrastructure, prevention of fraud, research, and development, and management of contracts and legal claims.
• When it is needed for the provision of the Platform. In particular, for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Platform. We only rely on our or an external third party’s legitimate interests to Process your data when these interests are not overridden by your rights and interests.
• When it is necessary to do so to comply with any legal obligations imposed upon us under our contractual obligations or our contractual obligation or applicable law.
• In rare instances, when it is a medical emergency, we may use your data to protect your or another’s vital interests if consent is not a reasonable option.
• When you have consented to the use of your data, for marketing purposes or through the use of cookies and web beacons. Where consent is the legal basis, you have the right to withdraw your consent at any time.

What Lawful Basis for Sensitive Data is Used in the UK and EEA?

yourwellnessclinic may also collect and Process certain categories of personal information, which may be considered “sensitive personal information” in the UK and EEA. The lawful basis for this Processing are (1) health and social care, (2) our establishment, exercise, or defense of a right or legal obligation, (3) substantial public interest, and (4) consent. Where consent is the legal basis, you have the right to withdraw your consent at any time. Sensitive personal information that we Process includes your racial or ethnic origin, religious or philosophical beliefs, and data concerning your health or about your sex life or sexual orientation.

When you begin to use our services and register your account, we ask you to provide answers to a questionnaire to customize the service, to match you with a Therapist, and to provide therapy and related services to you. In providing your responses to the questionnaire you may provide us with “sensitive personal Information” as described above. You may also continue to share such data with us as you receive services. This data is necessary as it allows us to continue providing services to you and customize our services for you. It is also necessary to provide healthcare with a personalized and well-selected Therapist based on points of data which impact your therapy and health care needs. The Therapist also reviews this data and can choose to not work with you if they are not a good fit. We may also use this information to improve our service and understand how you interact with the services.

How we obtain your personal information

yourwellnessclinic obtains the categories of personal information listed above from the following sources:

• Directly from you, such as information when you apply to be a counselor or that you submit during the Process of using and paying for our Services.
• Indirectly from you, such as through your actions on our website.
• From external business partners, such as social media sites, ad networks, and analytics providers.