Initial Effective Date: Nov 19, 2020 (GMT)
Latest Revised Date: Dec 19, 2021 (GMT)
1. If You are having suicidal thoughts or planning to act on suicidal thoughts, or if You feel that You may be a danger to Yourself or to others, or if You otherwise have any medical or mental health emergency or severe mental health condition, or if You are in a crisis or trauma or abuse, please discontinue use of the Service immediately and call the relevant emergency number in Your country and notify the police or emergency medical services. For example, You can find Your country-specific suicide emergency number at: Suicide.org - Suicide Prevention, Awareness, and Support.
3. Syndi’s Service will supply patient health questionnaires for you to monitor your personal well-being. The underlying principle of the Service is that You have the knowledge and capacity to make desired changes in Your life.
4. The Syndi App is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability or provide any type of state-regulated mental health services in Your country of residence. It is an enabling and empowering mode of support, rather than treatment of illness or a health condition.
5. The Syndi App cannot and will not offer medical or clinical advice. In case You mention the need for such advice, they will suggest that You seek advanced (medical) help.
Identity of the controller of personal information
The Data Controller for Syndi App is Syndi Ltd, a company registered in the United Kingdom and having its registered office address at Unit 1, Cambridge House Camboro Business Park, Oakington Road, Girton, Cambridge, Cambridgeshire, United Kingdom, CB3 0QH.
Contact details of the Data Protection Officer
If You are not satisfied with Our resolution, You have the right to complain to a Data Protection supervisory authority in Your country or state of residence. We will fully cooperate with the supervisory authority. Contact details for Data Protection Authorities in the EU are available here.
We will always respect and protect Your privacy, and this forms a part of Our guiding principles. We have policies and procedures in place to protect the privacy and security of Your Personal data. Your trust means a lot to Us. If You submit any Personal Data then We will process it with Your data basis this Agreement. Your data is secured with strong encryption during transmission and storage.
What is Syndi App?
Using the Syndi App, You can track and manage Your mood, and learn context-sensitive evidence-based techniques that can help You feel better. Syndi App and Service is not intended for use in crisis such as abuse or complex or severe mental health conditions that causes for example; ideation of suicide, harm to self and others, or for any medical emergencies. Syndi App and Service cannot and will not offer medical or clinical advice. It can only suggest that the user seeks advanced (medical) help.
Who can Use the Service
What Data do We collect, how do We, and how do We Use it?
When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below.
We encourage you to supply only the information you are comfortable with.
When You use the Syndi App, you may receive notifications by SMS. To do this We receive, transmit and securely store your phone number on Our servers. Your phone number is the only association of personal information that We request within the Syndi App. By deleting your account via your profile page within the Syndi App we remove your phone number from our systems. IF YOU DELETE YOUR DATA IT WILL BE IMPOSSIBLE TO RESTORE.
Mental Well-Being Screening Assessment Responses
When You Use the Service, You will be asked to respond to clinically validated assessments. Response is voluntary and You can opt to not report any of the assessments. Syndi App currently Uses two validated assessment scale for understanding Your emotional Well-being: Patient Health Questionnaire (PHQ8) - to self-report any symptoms of depression; General Anxiety Disorder (GAD7) - to self-report any symptoms of anxiety.
Assessments are a proven way to baseline and track the progress of Your self-reported symptoms. Processing of Your assessment response is based on Our Agreement and used for the purpose of determining if escalation is required and to provide You access to tools and techniques to manage emotions and encourage mental well-being in a self-help context. YOUR RESPONSES TO THESE ASSESSMENT QUESTIONS ARE NOT PROCESSED TO FORM A DIAGNOSTIC OPINION NOR PROCESSED FOR ANY MEDICAL PURPOSES OR FOR GIVING CLINICAL ADVICE. We DO NOT collect or process Your sensitive medical data or Protected Health data (PHI), as defined under the US law, that can directly or indirectly Identify You. We use Your anonymized assessment scores for population-level research and statistical purposes as per Our Legitimate Interest. We apply organizational and technical measures to endeavour to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest.
Your response is encrypted during transmission and is securely stored. YOUR PERSONAL DATA IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
When You Use the Service, You have an option to contact us through Our Website. You can Use this feature to email Us Your feedback. Personal data, if any provided in Your feedback, will be manually redacted before any processing of Your feedback. Your email ID resides in our GSuite Gmail servers and cannot be mapped to Your Syndi App data that reside in our AWS DynamoDB cloud servers hosted in the UK.
When You Use the Service You have an option to log in using Unidays single sign-on (SSO). Unidays single sign-on will allow Unidays to authenticate your identity and provide you the option to share certain personal information with us such as your email and place of study.
Disclosures of your personal data
Use of de-identified and aggregated information
We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our Product and Services and contribute to the development of user-centred mental wellbeing best practices globally.
Transfer outside the European Economic Area/UK
Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”) or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps in line with applicable law. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.
How is my personal data secured?
Syndi operates and uses appropriate technical and physical security measures to protect your personal data. We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. You are also responsible for helping to protect the security of your personal data. For instance, you should not disclose any personal information via text to the Syndi App. You are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Storage of personal data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
You may have various rights under data protection legislation in your country (where applicable).
These may include (as relevant):
The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
The right to data portability enables you to receive your personal data in a structured, commonly used and machine-readable format and to have that personal data transmitted to another data controller.
Note that we will require you to take steps to verify your identity in accordance with applicable law. Upon request of the data.
"Do not Track"
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honour DNT signals or similar mechanisms transmitted by web browsers.
Your right to lodge a complaint with a supervisory authority
If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. You also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at Data Protection.
Personal data or Personal Information means data relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier such as full name, identification numbers, location address, online identifier and other identifiers within the definitions of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or data) Rules 2011 and General Data Protection Regulation (GDPR) (EU) 2016/679 regulation. Personally identifiable information (PII) and Special Category of Personal Data is covered within the definition of Personal Data.
Non-Personal data or Non-Personal Information means any data that does not reveal Your specific identity either directly or indirectly.
Pseudonymisation means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific User without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal data are not attributed to an identified or identifiable natural person.
Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key. The process of making encrypted data readable again is referred to as decryption.
A Web Browser is a software program that allows User to access, retrieve and view data on the World Wide Web. Examples of browsers include Internet Explorer, Firefox, Google Chrome and Safari.
Changes to this policy
Postal: Unit 1, Cambridge House Camboro Business Park, Oakington Road, Girton, Cambridge, Cambridgeshire, United Kingdom, CB3 0QH.