Syndi's Privacy Policy
Initial Effective Date: Nov 19, 2020 (GMT)
Latest Revised Date: Dec 19, 2021 (GMT)
Version: 1.0.2
This policy describes our policies and procedures for collection, transmission, storage, processing, disclosure and protection of any data, including, but not limited to, personal data provided by you as a user while using the Service. user shall mean any person/persons, who visits, uses, deals with and/or transacts through Syndi App (“privacy policy”). The privacy policy and any other terms and conditions as may be applicable shall hereinafter collectively be referred to as “agreement” or “contract”.
Important Notice
1. If You are having suicidal thoughts or planning to act on suicidal thoughts, or if You feel that You may be a danger to Yourself or to others, or if You otherwise have any medical or mental health emergency or severe mental health condition, or if You are in a crisis or trauma or abuse, please discontinue use of the Service immediately and call the relevant emergency number in Your country and notify the police or emergency medical services. For example, You can find Your country-specific suicide emergency number at: Suicide.org - Suicide Prevention, Awareness, and Support.
2. If You are less than 18 years of age, please read through the Syndi Privacy Policy and the Syndi Terms of Service with Your parent or legal guardian or check with Your Institution to understand eligibility before use. Syndi is not to be used by children under 13 years.
3. Syndi’s Service will supply patient health questionnaires for you to monitor your personal well-being. The underlying principle of the Service is that You have the knowledge and capacity to make desired changes in Your life.
4. The Syndi App is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability or provide any type of state-regulated mental health services in Your country of residence. It is an enabling and empowering mode of support, rather than treatment of illness or a health condition.
5. The Syndi App cannot and will not offer medical or clinical advice. In case You mention the need for such advice, they will suggest that You seek advanced (medical) help.
Introduction
Welcome to the Syndi App, the mobile and online Service of Syndi Ltd (hereinafter “Syndi”, “We”, “Us”, or “Our”). When you as a Data Subject (“User”, or “You/r”) use Syndi’s services, You trust us with Your Data. This Privacy Policy governs Your use of the mobile or web browser based software application on the Syndi website (hereinafter the “Syndi App”) created by Syndi and also covers Your use of Our Website, other websites maintained by Us. This Privacy Policy along with Syndi’s Terms of Service constitutes a legal agreement between You and Syndi.
This Privacy Policy (“Policy” or “Privacy Policy”) has been drafted in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or data) Rules, 2011, including (but not limited to) requirements within General Data Protection Regulation (GDPR) (EU) 2016/679 regulation and where applicable the Health Insurance Portability and Accountability Act (collectively referred to as “Data Protection Laws”).
Identity of the controller of personal information
The Data Controller for Syndi App is Syndi Ltd, a company registered in the United Kingdom and having its registered office address at Unit 1, Cambridge House Camboro Business Park, Oakington Road, Girton, Cambridge, Cambridgeshire, United Kingdom, CB3 0QH.
Contact details of the Data Protection Officer
If You have any concerns or grievances about this Privacy Policy You will need to send an email request to hello@Syndi.health with Attn. to our Data Protection Officer Mr. Jorge Alexander. We will respond to You within 48 hours and help resolve Your concerns or complaints.
If You are not satisfied with Our resolution, You have the right to complain to a Data Protection supervisory authority in Your country or state of residence. We will fully cooperate with the supervisory authority. Contact details for Data Protection Authorities in the EU are available here.
What does this Privacy Policy apply to?
This Privacy Policy applies to the data You provide Us when You Use the Syndi App and Service. The mobile-based and/or web browser-based services provided via Syndi App are collectively referred to as the "Service(s)".
This Privacy Policy is meant to help You understand what data We collect, why We collect it, what We do with it, how You can manage and control the Use of Your data and the rights You have to access and control Your Personal data. Please read the definitions in the next section to understand the terminologies used in this Privacy Policy.
We will always respect and protect Your privacy, and this forms a part of Our guiding principles. We have policies and procedures in place to protect the privacy and security of Your Personal data. Your trust means a lot to Us. If You submit any Personal Data then We will process it with Your data basis this Agreement. Your data is secured with strong encryption during transmission and storage.
Your use of the Syndi App will be governed by this Privacy Policy as applicable to the Syndi App together with all policies, notices, guidelines, disclaimers that are published and shared with You from time to time including but not limited to Syndi’s Terms of Service.
Users may request additional Services from Syndi or Syndi affiliates. Because the needs and choices of each User may vary, We may provide separate privacy policies or addendums to this Privacy Policy for certain additional Services. Any applicable separate privacy policies and addendums will explain the types of data We collect, their purposes of Use and other policies that may apply to that Service. When You choose to Use an additional Service, You may be informed of the applicable privacy policy or addendum which applies in addition to and may modify this Privacy Policy, before You can access the additional Service.
Syndi reserves the right to make changes to this Privacy Policy and to make such changes effective for all data We may already have collected from You. We will notify You via in-app notifications when We make any changes to the Privacy Policy.
Please note that by using Syndi App and Services, You acknowledge and agree that You have read and understood this Privacy Policy.
What is Syndi App?
Using the Syndi App, You can track and manage Your mood, and learn context-sensitive evidence-based techniques that can help You feel better. Syndi App and Service is not intended for use in crisis such as abuse or complex or severe mental health conditions that causes for example; ideation of suicide, harm to self and others, or for any medical emergencies. Syndi App and Service cannot and will not offer medical or clinical advice. It can only suggest that the user seeks advanced (medical) help.
Who can Use the Service
You may Use the Service only if You are a natural/legal person, agree to this Agreement and form a binding contract with Syndi, and only in compliance with all applicable local, state, national, and international laws, rules and regulations. If You are between 13 and 18 years of age, please read through this Syndi Privacy Policy and the Syndi Terms of Service with Your parent or legal guardian, and in such a case the Agreement shall be deemed to be a contract between Syndi and Your legal guardian or parent and to the extent permissible under applicable laws, enforceable against You. Anyone under 13 is strictly prohibited from creating an account and/or Using the Service.
What Data do We collect, how do We, and how do We Use it?
When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below.
We encourage you to supply only the information you are comfortable with.
Phone Number
When You use the Syndi App, you may receive notifications by SMS. To do this We receive, transmit and securely store your phone number on Our servers. Your phone number is the only association of personal information that We request within the Syndi App. By deleting your account via your profile page within the Syndi App we remove your phone number from our systems. IF YOU DELETE YOUR DATA IT WILL BE IMPOSSIBLE TO RESTORE.
Mental Well-Being Screening Assessment Responses
When You Use the Service, You will be asked to respond to clinically validated assessments. Response is voluntary and You can opt to not report any of the assessments. Syndi App currently Uses two validated assessment scale for understanding Your emotional Well-being: Patient Health Questionnaire (PHQ8) - to self-report any symptoms of depression; General Anxiety Disorder (GAD7) - to self-report any symptoms of anxiety.
Assessments are a proven way to baseline and track the progress of Your self-reported symptoms. Processing of Your assessment response is based on Our Agreement and used for the purpose of determining if escalation is required and to provide You access to tools and techniques to manage emotions and encourage mental well-being in a self-help context. YOUR RESPONSES TO THESE ASSESSMENT QUESTIONS ARE NOT PROCESSED TO FORM A DIAGNOSTIC OPINION NOR PROCESSED FOR ANY MEDICAL PURPOSES OR FOR GIVING CLINICAL ADVICE. We DO NOT collect or process Your sensitive medical data or Protected Health data (PHI), as defined under the US law, that can directly or indirectly Identify You. We use Your anonymized assessment scores for population-level research and statistical purposes as per Our Legitimate Interest. We apply organizational and technical measures to endeavour to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest.
Your response is encrypted during transmission and is securely stored. YOUR PERSONAL DATA IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
Email
When You Use the Service, You have an option to contact us through Our Website. You can Use this feature to email Us Your feedback. Personal data, if any provided in Your feedback, will be manually redacted before any processing of Your feedback. Your email ID resides in our GSuite Gmail servers and cannot be mapped to Your Syndi App data that reside in our AWS DynamoDB cloud servers hosted in the UK.
Unidays Data
When You Use the Service You have an option to log in using Unidays single sign-on (SSO). Unidays single sign-on will allow Unidays to authenticate your identity and provide you the option to share certain personal information with us such as your email and place of study.
Disclosures of your personal data
Analytics vendors
We use Hotjar and Wix in order to better understand our users’ needs and to optimize the Service and experience. Our Service uses Hotjar. Hotjar is a third-party technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site. Our Website, www.syndi.health, is hosted on Wix, a third-party Web management and analytics platform. Wix helps Us collect Your Website visit and usage data for the purposes of analytics and improve Your experience on our Website. The Use of Wix is governed by Wix’s Terms of Service, Privacy and Cookie Policy and GDPR Compliance Statement. For more information about Wix analytics, please visit Wix Privacy.
Use of de-identified and aggregated information
We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our Product and Services and contribute to the development of user-centred mental wellbeing best practices globally.
Transfer outside the European Economic Area/UK
Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”) or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps in line with applicable law. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.
How is my personal data secured?
Syndi operates and uses appropriate technical and physical security measures to protect your personal data. We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. You are also responsible for helping to protect the security of your personal data. For instance, you should not disclose any personal information via text to the Syndi App. You are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Storage of personal data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
Your rights
You may have various rights under data protection legislation in your country (where applicable).
These may include (as relevant):
-
The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
-
The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
-
The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
-
The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
-
The right to data portability enables you to receive your personal data in a structured, commonly used and machine-readable format and to have that personal data transmitted to another data controller.
Note that we will require you to take steps to verify your identity in accordance with applicable law. Upon request of the data.
"Do not Track"
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honour DNT signals or similar mechanisms transmitted by web browsers.
Your right to lodge a complaint with a supervisory authority
If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. You also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at Data Protection.
Glossary
Personal data or Personal Information means data relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier such as full name, identification numbers, location address, online identifier and other identifiers within the definitions of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or data) Rules 2011 and General Data Protection Regulation (GDPR) (EU) 2016/679 regulation. Personally identifiable information (PII) and Special Category of Personal Data is covered within the definition of Personal Data.
Non-Personal data or Non-Personal Information means any data that does not reveal Your specific identity either directly or indirectly.
Data or Information under this Privacy Policy means Both Personal and Non-Personal data or information.
Pseudonymisation means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific User without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal data are not attributed to an identified or identifiable natural person.
A Cookie is a small amount of data generated by a Website and saved by Your Web browser. Cookies are used to store User preferences for a specific site. Use of cookies makes Web-surfing easier. You may refuse to accept Cookies by activating the setting on Your browser which allows You to refuse the setting of Cookies.
Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key. The process of making encrypted data readable again is referred to as decryption.
A Web Browser is a software program that allows User to access, retrieve and view data on the World Wide Web. Examples of browsers include Internet Explorer, Firefox, Google Chrome and Safari.
Changes to this policy
We may need to make changes to this Privacy Policy at any time. If we make any material changes to how we collect your personal data, or how we use or share it, we will post or provide appropriate notice in accordance with applicable law.
In order to ensure fairness of the processing, we encourage you to review the content of this Privacy Policy regularly.
Contact us
For further information, to exercise your rights, or if you have any questions or queries about this Privacy Policy, please contact Syndi’s Data Protection Officer:
Email: hello@syndi.health
Postal: Unit 1, Cambridge House Camboro Business Park, Oakington Road, Girton, Cambridge, Cambridgeshire, United Kingdom, CB3 0QH.