Identification of the Entity Responsible

This Privacy Policy describes how your Personal Data may be collected, used and disclosed by Digital Mind Solutions, S.L. (hereinafter “ifeel“) and how you can access it. 

 

At ifeel, we are committed to protecting and respecting your privacy. ifeel operates in compliance with, among others, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as the Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”) and its implementing regulations. Hereinafter indistinctly (“Data Protection Regulation”).

The controller of the processing of the User’s Personal Data associated with certain uses of the Web Platform and Mobile App (both together referred to as “Platforms”) from the moment you process your registration and/or log in, as well as the provision of the services, is ifeel. 

 

  • Owner: Digital Mind Solutions S.L.
  • Registered office: C. de José Ortega y Gasset, 100, 6A, 28006 Madrid
  • C.I.F.: B87593851
  • Public register: Registered in the Mercantile Register of Madrid; in volume 34901, folio 29, General section, page number M-627653, 1st entry.
  • E-mail: [email protected]


2. Our approach to privacy

 

2.1 This Privacy Policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you (“personal information”) in your use of the Platforms.

 

2.2 This Privacy Policy applies to the Platforms. Please ensure that you have read this Privacy Policy and understand how we collect, store, use and communicate your personal information before accessing or using the Platforms.

3. Background information on our account types

 

-User Account

 

-Psychologist Account

 

We have two types of accounts, depending on whether it is a user or a psychologist, which provide different functionality to different users of the Platform;

 

  • A “User Account” allows a user to access, via the platform, the emotional wellbeing improvement programme set up by ifeel. The User Account is unique, personal and non-transferable. ifeel is not liable for misuse or negligent use of the User Account nor for the use of the User Account by third parties other than the individual user. 
 
  • A “Psychologist Account” allows a professional psychologist to use the ifeel platform in order to be able to provide personalised care to users of the platform. The psychologist account is unique, personal and non-transferable. ifeel is not liable for the improper or negligent use of the Psychologist Account, nor for the use of the Psychologist Account by third parties other than the specific psychologist to whom it has been provided.
 


4. Who is responsible for the use of your personal information?


– ifeel as Data Controller
 

We act as the Controller of personal data for the purposes of the GDPR in the following situations:

 

  • Platforms:
 

ifeel is the data controller of the personal information that we hold about you in connection with your registration on the Platforms and of the information provided through your use of the Platforms. Specifically, we act as data controllers:

a) When we manage the registration of the User Account and the Psychologist Account on our platform.
b) In obtaining the initial emotional health questionnaire.
c) In the provision of the health service, when the user is attended to by one of our in-house psychologists.

-ifeel as Processor of Personal Data

 

We act as Processor of personal data for the purposes of the GDPR:

 

  • ifeel acts as data processor in relation to those users of the platform who are employees of an organisation or company with which ifeel has concluded the corresponding contract for the provision of emotional well-being services, for the benefit of employees of that organisation or company, in order to pre-register them on the Platform.

In this case, ifeel has no direct relationship with the data subjects and exclusively processes the end user’s personal data on behalf of the organisations or companies and in accordance with their instructions.

  • In the provision of the health service carried out in the Platforms by the external Professional Psychologist, with whom ifeel maintains a commercial relationship, being the Data Controller of said professional health service, ifeel acting as a data processor.

5. The personal information we collect from you when you use our Platforms and how we use it.

 

5.1 We collect personal information that you, or your Psychologist, voluntarily submit directly to us when you use our Platform. This may include information that you or your Psychologist provides to us when you create or set up an account or use our application, as well as settings that are automatically generated through your use.

5.2 We will tell you where you are required to provide us with certain personal information so that we can provide you with features and functionality of the applications. If you choose not to provide such information, we may not be able to provide those parts or functionalities of the Platform to you.

5.3 When you use the Platform, the categories of information we collect may include:

a)First and last name, e-mail address, gender, age, marital status, country of residence, telephone number (optional), location, alias and password.

 

b)Health data (results of initial health questionnaires and professional treatment)

 

c)Details of the associated professional psychologist; (identification data, membership number, professional association, residence

 

d)Usage data collected on the Platforms through cookies or other data collection files.

 

We use this information to provide you with the functionalities of our application that make up the Platform, and to provide user support.

 

-The basis of legitimacy for the processing of personal data for registration as a user or as a therapist on our platform is the provision of our services on the basis of the contractual relationship between the Parties (Art. 6 para. 1 lit. b) of the GDPR).

 

-The basis of legitimacy for the processing of your personal data relating to health is based on the express consent given by you (Art. 6 para. 1 lit. a) of the GDPR).

 

-The legitimisation basis for the processing of data related to the use of the platform is based on our legitimate interest (Art. 6 para. 1 lit. f) of the GDPR).

 

5.4  At ifeel, we employ artificial intelligence (AI) technologies as part of the triage process necessary for delivering our psychology services. This process utilizes advanced AI tools to analyze data provided by users through questionnaires, identifying relevant patterns and risks. The results of this analysis enable the assignment of the most appropriate therapy approach to the user, optimizing the quality of care provided and offering a more personalized experience.
It is important for ifeel to emphasize that all final decisions regarding the most suitable therapist approaches are reviewed and validated by our qualified clinical team. AI serves solely as a complement to professional human judgment, and no automated decisions are made without oversight from our clinical team. This ensures that the recommendations generated by AI are supervised and supplemented by our clinical team, thereby ensuring an ethical and responsible approach to the delivery of our services.

By registering on our platform and accessing our services, you consent to your personal and health data being processed through these technological tools, in accordance with the purposes described in our privacy policy. The processing of your personal and health data through our AI solution is conducted in compliance with the General Data Protection Regulation (GDPR) and the European Union’s Artificial Intelligence Regulation.
We are committed to ensuring that our AI technology is used ethically, transparently, and in strict compliance with applicable regulations. We conduct regular audits to ensure that the system operates fairly, reliably, and without bias.
If you have any questions about the use of artificial intelligence in our services or about how your data is handled, please do not hesitate to contact us at [email protected].

 

6. Personal end-user data received from Google and Facebook

If you choose to access our Platform via the website using the Google sign-in tool, Google Ireland Limited will share your full name, email address, language preferences and profile picture with us for authentication purposes. By logging into your Facebook account, you acknowledge and consent that by using this registration method, ifeel will have access to certain information from your Facebook account. For more information, please see Google’s and Facebook’s privacy terms.

7. How long we keep your personal information

We will generally store the personal information we collect about you for no longer than is necessary for the purposes described above, consistent with our legal obligations and legitimate business interests.

 

However, we may need to keep your personal information for longer if we are required by law to do so. After the retention period, all personal data will be deleted or anonymised.

 

We may anonymise and aggregate any personal information we collect (so that it does not directly identify you). We may use anonymous information for purposes including testing our IT systems, research, data analysis, improving the Platform and our applications, and developing new products and features.

8. Recipients of personal information.

In some cases, only when necessary, ifeel will provide user data to third parties. However, the data will never be sold. External service providers (e.g. hosting providers) with whom ifeel works may use the data to provide the relevant services, but will not use this information for their own purposes or pass it on to third parties.

 

ifeel endeavours to ensure the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have adequate measures in place to protect personal data. These third parties are obliged to ensure that the information is processed in accordance with data privacy regulations. For the provision of professional services, your data may be communicated, through the platform, to professional psychologists with whom ifeel maintains a business relationship, for the proper provision and care of services.

In some cases, personal data may be required by law to be disclosed to public bodies or other parties; only that which is strictly necessary for the fulfilment of such legal obligations will be disclosed.

 

The following have been appointed as sub-processors by ifeel in accordance with Article 28 of the Regulation:

 

  • Amazon Web Services: For, among others, the provision of infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services, which we use for the operation of our solutions and, thereby, the provision of the service. Your information is stored on their servers located in Ireland (EU-West-1 Zone)
  • Google Inc. (Gmail): For, among others, the management and resolution of technical issues and communications via e-mail.

9. International data transfers

The information we collect from you may be processed in third countries within the meaning of Article 44 of the GDPR. Some third countries, such as the United States, have not currently received an adequacy decision from the European Union under Article 45 of the GDPR, which means that your data may not receive the same level of protection there as under the GDPR.

International data transfers are usually carried out on the basis of contractual or other rules provided for by law, which aim to ensure adequate protection of your data and which you can consult on request. In doing so, we rely on the safeguards provided for in Article 46 of the GDPR or, where applicable, the provisions set out in Article 49 of the GDPR. We and our processors intend to implement appropriate safeguards to protect the privacy and security of your personal data. Therefore, we only process your personal data in accordance with the practices described in our Privacy Policy.

10. Exercise of your personal rights

Under the GDPR, you have certain rights when it comes to our processing of your personal data:

Right to be informed: You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights.

Right of access: You have the right to obtain access to your personal data.

Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete.

Right of erasure: this right allows you to request the erasure or deletion of your personal data where there is no longer any compelling reason for us to continue to use it. This is not an absolute right of deletion and exceptions apply.

Right to restrict processing: You have the right to “block” or delete the further use of your personal data. Where processing is restricted, we may continue to store your personal data, but we may no longer use it.

Right to data portability: You have the right to obtain and re-use your personal data for your own purposes in different services.

Right to object to processing: You have the right to object to certain types of processing.

Right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection authority.

Right to withdraw consent:  If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. 

The right not to be subject to an automated decision: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal (or similarly significant) effects for you.

You may address your communications and exercise your rights by sending a written communication to the following e-mail address [email protected]. In some cases, the request may be refused if the deletion of data necessary for the fulfilment of legal obligations is requested.

11. PROCESSING OF MINORS’ PERSONAL DATA

Our services are not specifically aimed at minors. However, in the event that any of them are addressed to minors under fourteen years of age, in accordance with article 8 of the RGPD and article 7 of the LO 3/2018, of 5 December (LOPDGDD), ifeel will require the valid, free, unequivocal, specific and informed consent of their legal guardians for the processing of the personal data of minors. In this case, the identity card or other form of identification of the person giving consent shall be required.

In the case of persons over fourteen years of age, the data may be processed with the consent of the user, except in those cases in which the law requires the assistance of the holders of parental authority or guardianship.

12. Security measures applied to the processing of your data

We implement security measures to ensure the confidentiality, availability and resilience of personal data processing systems. We also conduct verification and evaluation processes of the technical and organisational measures implemented in order to guarantee the security of personal data at all times.

 

13. Modification of the privacy policy

This privacy policy is subject to change. We recommend that you review the privacy policy on a regular basis.

Last updated: 1 February 2023