‍

This Privacy Policy applies to:

‍

·       our website at https://www.solasmind.com,

·       our hubs, and

·       any related websites or mobile applications (together, the “Website”).

It also applies to personal information we collect when you contact us by email, phone, text message, social media, or other electronic communications.

This policy covers information we collect:

·       through our Website,

·       in emails, phone calls, texts,or video sessions with us, and

·       when you interact with ouradvertising or applications on third-party websites that link to this Privacy Policy.

This policy does not apply to:

·       information collected by us offline or in another way, or

·       information collected by any third party, including through applications or content (such as advertising) that may link to or be accessible from our Website.

Important: Solas Mind is not a medical group or practice. Anyone-to-one online well-being sessions obtained through our Website are providedby independent practitioners (our “Providers”). Each Provider is responsible for their own professional privacy practices as applicable. Solas Mind does not provide medical services and is not responsible for a Provider’suse of your health information.

By using our Website, you agree to this PrivacyPolicy. If you do not agree, you must not use our Website. Your continued use of our Website after any updates are posted will mean you accept those changes, so we encourage you to check this Privacy Policy from time to time.

‍

‍

Solas Mind launched in September 2019 as a well-being service specialising in supporting people inthe creative industries.

Under UK data protection laws, we are a “data controller.” This means we decide how and why your personal information is used, andwe are responsible for keeping it safe.

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number ZA741303.

If you are based in the United States, both Solas Mind Ltd. and Solas Mind International Ltd. act as joint data controllers.

Being a data controller means that we are accountable for the way we handle your information. We must comply with data protection law and ensure your personal information is processed securely, fairly, and lawfully.

‍

“Personal data” means any information that can identify you, directly or indirectly. It does not include information that has been anonymised so that your identity can no longer belinked to it.

We collect, use, store, and transfer different kinds of personal data depending on how you interact with us. This may include:

·       Identity data – your name, title, date of birth, or social media username if you contact us through a social platform.

·       Contact data – email address, phone number, billing address.

·       Financial data – bank account or payment card details (handled throughour secure payment processors).

·       Transaction data – details about the services we have provided to you.

·       Technical data – your IP address, browser type and version, operating system, time zone and location, and other technology used to access our Website.

·       Geographical data – your main address or location information (ascontrolled through your device settings).

·       Usage data – information about how you use our Website and Services.

·       Marketing and communication data – your preferences for receiving updates or marketing communications from us.

At first contact, to establish whether we can provide you with well-being support, we may also collect:

·       your emergency contact or next of kin details,

·       the name of your medical practice,

·       information about any disability or communication difficulty, and

·      a brief description (if you choose to share it) of why you have booked a session.

Sensitive information

Details you share about your wellbeing, health, or personal circumstances may be treated as “special category data” under the UK GDPR and EU GDPR. This means they are handled with extra care and only used for the purpose of providing you with support, safeguarding, or meeting legal obligations.

Health Information (United States only)

Some of the information you share may look similar to “protected health information” (PHI) under U.S. law. However, Solas Mind is not a healthcare provider and is not a “covered entity” under HIPAA. When working through Solas Mind, Providers act only as coaches and not in a clinical role. That means HIPAA does not generally apply to the information you share with us.

Even so, your personal information is still protected under this Privacy Policy. Where possible, we may also de-identify your information so it no longer reasonably identifies you.De-identified data may be used without restriction, including to improve our Website and Services.

‍

We collect personal information indifferent ways depending on how you interact with us. You may give us information directly, or it may be collected automatically when you use our Website or booking system.

4.1 Information You Give Us

·      Forms and Registrations –When you complete forms on our Website (such as our contact form or booking system), we collect the details you provide, including your name, email address, phone number, and the content of your message. This allows us to respond to your enquiry and provide the services you request.

·      Bookings – When you book a session, we collect your personal details (name, contact details, emergency contact, and sometimes your GP or doctor details) to prepare for your support session.

·      Events and Training – When you attend our events, workshops, or training sessions, we collect relevant registration information to manage your attendance.

·      Emails and Messages – We retain copies of emails and messages you send to us as long as necessary to manage our relationship with you.

4.2 Payment Processing – We use trusted third-party services for payment processing (such as Stripe and PayPal). We do not store or collect your payment card details. These payment processors use your personal data in line with their own privacy policies:

·      Stripe:https://stripe.com/us/privacy

·      PayPal:https://www.paypal.com/myaccount/privacy/privacyhub

4.3 Social Media – We use social media (Facebook, Instagram, LinkedIn,Twitter) to connect with users. We do not collect data that directly identifies you from social media platforms, unless you send us a direct message, in which case we may retain those details only as long as necessary to manage our relationship with you. The way each platform uses your data is governed by its own privacy policy.

4.4 Information Collected Automatically – When you visit our Website, we may automatically collect some technical data (such as your IP address, browser type, operating system, and usage data) through cookies and similar tools. For more information, please refer to our Cookie Policy (Section 13).

4.5 Special Category Data – As part of providing well-being support, you may share sensitive personal information such as:

·      emergency contact details,

·      your GP or doctor’s information,

·      information about any disability or communication difficulty, and

·      why you have booked services.

This information is treated as “special category data” under GDPR. We handle it with extra care and share it only on a need-to-know basis, so your Provider can support you safely.

4.6 Children – Our Services are designed for adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 16. If we discover that we have collected such data, we will promptly delete it.

‍

From time to time, we may receive information about you from third parties. This will only happen where it isnecessary to provide our Services and is permitted by law.

We may receive:

·       personal data relating to your identity and contact details from data partners, and

·       data from third parties who are legally permitted, or who have your permission, to share your information with us (such as through social media).

We will only use this information for the purposes set out in this Privacy Policy and never to build marketing profiles without your consent.

‍

6.1 Our Legal Basis – UK data protection laws require us to have a “legal basis” for processing personal data. The legal bases we rely on are:

·       performance of a contract we are about to enter into or have entered into with you,

·       compliance with a legal or regulatory obligation,

·       carrying out activities that are legitimate to our business interests, and

·       your consent.

Where our legal basis is consent, you have the right to withdraw that consent at any time.

6.2 What We Do With the Information We Gather – The main reason we hold and use your data is to provide the Services you have booked with us.

This includes:

·       registering you and managing your bookings,

·       providing you with well-being support and HR consultancy,

·       processing payments and invoices,

·       meeting legal or regulatory obligations (for example, when you exercise your dataprotection rights or when safeguarding issues arise), and

·       communicating with you about your sessions, your account, or important updates to our Services.

6.3 Our Legitimate Interests – When we use “legitimate interests” as the legal basis for processingyour data, we will always balance our business needs with your rights. We only proceed where we believe our interests are not overridden by the impact on you.

Our legitimate interests include:

·      managing our business operations,

·      ensuring quality and supervision of Providers, and

·      improving and developing our Services for the benefit of Clients and Businesses.

6.4 Marketing Communications – We will not use your persona linformation for marketing purposes unless you have specifically opted in to receive such communications. You can opt out of marketing at any time by clicking “unsubscribe” in our emails or by contacting us directly.

‍

‍

7.1 Disclosure – We do not share, sell, or distribute your personal data to thirdparties, except as explained in this Privacy Policy or where you have agreed with us in advance.

We may disclose your data if requiredby law, in connection with legal proceedings, or to establish, exercise, or defend our legal rights. In exceptional safeguarding situations, we may also need to contact your GP, doctor, another health professional, or your emergency contact.

If you are a staff member of a Business using our Services, we will not share your personal data with your employer except in emergencies where we believe you are at immediate risk.

‍

7.2 Sale or Transfer of Ou rBusiness – If Solas Mind is sold, merged, or restructured, your data may be transferred to the new owner. The new owner will only be allowed to use your data for the same purposes for which it was originally collected. You will be notified before any such transfer takes place.

7.3 Practitioner Notes and Online Platforms – Providers may keep brief handwritten notes for their own records, in line with their accreditation body’s rules. These notes must be stored securely and kept confidential.

Sessions are not recorded. However, online sessions take place via third-party platforms (such as Zoom or Skype). You should review the privacy policies of those platforms to understand howthey handle your data.

7.4 Supervision – Solas Mind Providers are required to attend professional supervision. They do not share personally identifying client details with their supervisors.

7.5 Data Processors – We use trusted third-party providers (“Data Processors”) who process personal data on our instructions only. All Data Processors must confirm compliance with data protection laws. Examples include:

·       Acuity (ou rbooking system provider, part of SquareSpace): https://www.acuityscheduling.com/

·       Sign Request and Esignatures.io (contract management tools)

·       Zapier (app integration service, GDPR compliant)

·       Appsmith (survey proxy layer, does not store data)

·       Typeform (feedback survey forms)

‍

7.6 Marketing – We may carry out direct marketing by email, but only if you have given consent. You can withdraw consent at any time by using the unsubscribe link in emails or contacting us at hello@solasmind.com.

7.7 External Links – Our Website may contain links to third-party websites. Once you leave our Website or are redirected to another site, plug-in, or application, this Privacy Policy no longer applies. We cannot control or verify the content of external websites and are not responsible for any damages that may result from their use.

7.8 Social Media – Our Website links to our official accounts on Facebook, Instagram, LinkedIn, and Twitter. Any interaction with us through social media is also subject to those platforms’ own privacy policies. We will never ask you to share personal or sensitive information via social media. If you wish to discuss private matters, please contact us through email or phone.

7.9 Reviews and Evaluations – We may ask for feedback or reviews of our Services. With your consent, these may be published anonymously on our Website or social media. You can withdraw your consent at any time.

‍

We keep your personal data only for aslong as necessary to provide the Services you have requested, and meet legal,statutory, or regulatory obligations.

We review our data holdings regularly andsecurely delete or anonymise information once it is no longer required.

Some examples include:

·       booking and payment records – usually kept for up to 6 years to comply with financial record-keeping laws,

·       basic contact details – kept while you are an active client and deleted after a set period of inactivity, and

·       intakeforms or wellbeing information – kept only as long as necessary to provide Services safely, then deleted.

If different retention periods apply for legal,contractual, or safeguarding reasons, we will follow those specific requirements.

We use a range of technical and organisational measures to help keep your personal data safe. These include:

‍

·       storing data on secure networks,

·       limiting access to people who need it to do their job, and

·       requiring anyone with access to keep your information confidential.

We take steps to protect your information from being lost, misused, accessed without authorisation, altered, or disclosed.

Online sessions conducted over Zoom are encrypted, and we work with service providers who use secure systems.

Despite these measures, no system or method of transmission over the internet is ever completely secure. If you choose to send us information through our Website or by email, you do so at your own risk.

‍

We use trusted service providers to store and process personal data, including Acuity Scheduling (part of SquareSpace), which provides our booking system. Your data may be stored and processed by them in line with their own policies andunder applicable data protection laws.

Because Solas Mind is based in the UK,y our data may be transferred outside your home country, including outside the EU/EEA.

For residents of the EU/EEA:

·       If your data is transferred to a country that does not provide the same level of protection as the GDPR, we will ensure appropriate safeguards are in place (such as standard contractual clauses or equivalent protections).

·      When transferring data to organisations in the U.S., we will only do so where those organisations can provide adequate protection for your personal data.

We take steps to make sure any international transfers are carried out lawfully and that your personal data remains protected, no matter where it is processed.

If you live in the UK, EU, or EEA, you have certain rights under data protection laws (including the GDPR). Solas Mind recognises these rights and will uphold them in accordance with applicable laws.

When you make a request, we may ask for information to confirm your identity and, where relevant, to help us locate your personal data. Please note that some rights are not absolute and may not apply if there is a lawful reason for us not to uphold them.

11.1 Access (Subject Access Request) – You have the right to request a copy of the personal data we hold about you. To do this, email us at hello@solasmind.com. We may withhold parts of your information if it relates to another individual or if we are legally permitted to withhold it.

11.2 Rectification – You have the right to have inaccurate or incomplete personal data corrected. We will act on such requests without undue delay.

11.3 Erasure (Right to beForgotten) – You have the right to ask us to delete your personal data at any time. We will act on such requests without undue delay, unless there is a lawful reason to keep the data.

11.4 Restriction of Processing – You may ask us to restrict the processing of your personal data in certain circumstances, such as when:

·       the datais inaccurate,

·       the processing is unlawful,

·       the data is required to establish or defend legal claims, or

·       you have objected, and we are verifying whether our lawful grounds override your rights.

11.5 Data Portability – You have the right to request that we transfer your data to you or to another service provider in a structured, commonly used, and machine-readable format.

11.6 Objection – You have the right to object at any time to the processing of your personal data, including for marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

11.7 Automated Decisions – You have the right not to be subject to decisions based solely on automated processing, including profiling, which has legal or significant effects on you. Solas Mind does not make decisions about Clients based solely on automated processing.

11.8 Using Your Rights –To use any of your rights, please contact us at hello@solasmind.com. You willnot have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

While the California Consumer Privacy Act(CCPA) only applies to California residents, Solas Mind applies the samestandards to all U.S. residents.

In this Privacy Policy:

·       “personal data” (EU/UK term) and “personal information” (U.S. term) mean the same thing,

·       Solas Mind is not a healthcare provider, and HIPAA generally does not apply to the information you share through our Services.

This section supplements the other information in our Privacy Policy and explains your rights under the CCPA/CPRA.

12.1 Categories of Personal Information We Collect – As explained elsewhere in this Privacy Policy, we may collect:

·       information you provide directly (e.g., name, email, emergency contact),

·       information collected automatically (e.g., IP address, device data, cookies), and

·       information shared with us by service providers.

Personal information does not include:

·       publicly available information,

·       de-identifiedor aggregated information, or

·       information covered under HIPAA or the California Confidentiality of Medical Information Act (CMIA).

12.2 Use and Sharing of Personal Information – We use your personal information only for the purposes described in this Privacy Policy, such as:

·       providing and managing Services,

·       safeguarding clients in exceptional circumstances, and

·       complying with legal obligations.

We do not sell your personal information.

We may share your information with service providers and third parties as needed to provide our Services, or in an emergency where we must contact your doctor or emergency contact.

12.3 Access Rights – You may request details about the personal information we collected about you in the past 12 months, including:

·       the categories of personal information collected,

·       the sources of that information,

·       the business or commercial purposes for collection,

·       the categories of third parties we share it with, and

·       the specific pieces of personal information we hold about you.

12.4 Deletion Rights – You may request that we delete the personal information we collected about you, subject to certain legal exceptions. If applicable, we will also direct our service providers to delete your information.

12.5 Exercising Your Rights – To make an access or deletion request, email hello@solasmind.com.

·       For California residents, you may also authorise an agent registered with the California Secretary of State to act on your behalf.

·       You may make up to two access requests within a 12-month period.

·       We will need sufficient information to verify your identity before processing your request.

·       We will respond to verifiable consumer requests within 30 days, as required by law.

12.6 Non-Discrimination – We will not discriminate against you for exercising your CCPA rights. This means we will not:

·       deny you services,

·       charge different prices, or

·       provide a lower quality of service.

12.7 Do Not Track Signals – Solas Mind honours “Do Not Track” browser signals. We do not track, place cookies, or use advertising where a Do Not Track setting is enabled.

Cookies are small text files placed onyour computer or mobile device by websites you visit. They help websites function properly and provide useful information to site owners.

There are two main types of cookies:

·       Session cookies – temporary cookies that last only while your browser is open and are deleted when you close it.

·       Persistent cookies – cookies that stay on your device until they expire or you delete them.

Cookies do not usually contain personal information, but they may be linked to other data we hold about you.

13.1 How We Use Cookies – We use cookies to:

·       analyse how visitors use our Website and improve performance (using Google Analytics),

·       enable payment processing, and

·       detect and prevent fraud through our payment processors (Stripe and PayPal).

13.2 Your Choices – You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually change your browser settings to decline them if you prefer. If you disable cookies, some parts of our Website may not function properly.

13.3EU/UK Cookie Consent –For visitors from the UK and EU, we will only place non-essential cookies (such as Google Analytics) if you have actively consented to them through our cookie banner or consent tool. You can update or withdraw your cookie preferences atany time.

Our Services are designed for adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal data from someone under 18, we will delete it as soon as possible. As stated in our Terms of Service, you must be at least 18 years old to use Solas Mind’s Services. If you are under 18, you must not use our Services or provide any personal data to us

If we become aware of a personal data breach involving information governed by the GDPR, we will follow the requirements of the GDPR. This includes reporting the breach to the Information Commissioner’s Office (ICO) within 72 hours where required.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly using an appropriate method of communication.

For non-EU data subjects (including residents of the United States), we will also take reasonable steps to notify affected individuals of any breach of personal information where such notification is required under applicable law or where we consider it appropriate to protect your interests.

We will ensure that any relevant third-party data processors take immediate steps to investigate and remedy the situation

We may update this PrivacyPolicy from time to time. Any changes will take effect immediately once posted on our Website. You should check this page regularly to ensure that you are aware of any updates. By continuing to use our Website or services after changes are made, you will be deemed to have accepted the updated Privacy Policy.

If you are concerned about how your personal data is being handled, you should first contact us using the details in Section 18 below. We will do our best to address your concerns.

For users located in the United Kingdom, you also have the right to raise acomplaint with the Information Commissioner’s Office (ICO), the UK’s regulatoryauthority for data protection. Further details on how to do so can be found onthe ICO’s website at https://ico.org.uk/make-a-complaint/..

If you have any questions, concerns, complaints, or suggestions regarding this Privacy Policy or how we handle your personal data, please contact us through the “Contact Us” page on our Website or by email at hello@solasmind.com.

This Privacy Policy is reviewed regularly to ensure compliance with applicable data protection laws and guidance.