1. Keeping your data safe

    1. Keeping your personal data safe and protected is incredibly important to us. We are committed to keeping your data secure, from the moment we receive it, and in relation to how we handle it. This Privacy Policy sets out in detail how and why we plan to process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it's important for you to know.
  2. Who's in control of my personal data

    1. The Okina app is run by People Matter Technology Limited ("we"). We are the "controller" of all personal data collected and used for the purposes of providing Okina and for any other purposes set out in this Privacy Policy. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
    2. Although we are legally the "controller", you still control the personal data that we have access to. Most of the personal data that we will be able to access is personal data that you voluntarily provide and is not mandatory. You have certain rights in relation to your personal data which are detailed in this policy, but if you decide you don't want us to use your personal data anymore, you can request, at any time, to have all of your personal data deleted, and we will respond to your request within 90 days. You can also edit your profile and close your account entirely at any time.
  3. What data do you collect, how do you use it and for what purposes, and what is the legal basis for using it?

    1. Data protection law requires us to tell you what personal data about you we collect, how we use it and for what purposes, and our legal basis for using it (‘legal basis’ means the justification we have under the relevant law for using the personal data in the way we do). This section gives you that information. We will not collect any other personal data, or use it in different ways or on a different legal basis, without telling you first.
    2. Where the legal basis for our use of your personal data is that you have consented to that use, you can withdraw that consent at any time in Settings in the app. Where the legal basis for our use of your personal data is that the use is justified for our legitimate interests, those legitimate interests are in ensuring that our users are able to use all functionality effectively, ensuring that reports, scores, and other measures provided to users are relevant and accurate, and ensuring that we are able to resolve any errors and respond to any queries quickly and effectively.
    3. Account Information
      1. When you register for an Okina account, we will collect the following mandatory information (we call this Account Information):
        1. First name or nickname
        2. Email address
        3. Date of birth
        4. Password
      2. We use your Account Information to set up and administer your account, allow you to log into your account and make sure that you can use Okina and all its features. We use your email address to contact you with service messages about Okina, for example to provide you with password reminders or to let you know if Okina is experiencing technical issues. Your date of birth is collected to ensure you are old enough to use our service (13 years old as per our Terms & Conditions) and in order to help generate your Wellbeing Outputs.
      3. Our legal basis for the use of ‘Account Information’ personal data is that the use is necessary to allow us to perform a contract you have entered with us to provide Okina.
    4. Data from your Employer
      1. If you give explicit consent for us to do so via the Privacy screen, we connect with your employer’s systems in order to collect the following data:
        1. Employment Information - job title, the date when you started working for your employer, performance data, changes of manager, changes of job role, office location and working hours.
        2. Email metadata - limited to the subject line, date and time of sending, sender’s email, recipient’s email. We do not collect main body content of emails.
        3. Calendar data - limited to appointment start and end date and time, meeting name, attendee names and email addresses.
      2. We use this data in order to generate your Wellbeing Outputs. Note that in doing this, we are only interested in identifying macro trends in your work patterns from your Email metadata and Calendar data.
      3. Our legal basis for the use of 'Data from your Employer' personal data is that you have consented to the use.
    5. Work Data provided by you
      1. You can choose to fill out these non-mandatory data fields on the Work Information screen:
        1. Work status - whether working part time, working full-time, unemployed, or retired.
        2. Employer company name
        3. Date when you started working for your employer
        4. Job title
        5. Job type - such as consultant or designer
        6. Contract type - such as permanent employee or self employed
        7. Contracted working hours
        8. Whether you work night shifts
        9. Average working hours per month
        10. Whether you manage a team and if so the team size
        11. Normal working location - such as office, home or car.
        12. Commute duration
        13. Whether you travel a lot for work
      2. We use this data in order to generate your Wellbeing Outputs.
      3. Our legal basis for the use of 'Work Data provided by you' personal data is that you have consented to the use.
    6. Personal Information Data
      1. During onboarding and in Personal Information section of Settings you are given the option to select an answer for the following optional data fields:
        1. Gender
        2. Mental health condition
        3. Physical illness or disability
        4. Whether you are a primary caregiver
        5. Whether you’ve experienced a significant life event recently and what that was.
      2. We use this data in order to generate your Wellbeing Outputs.
      3. Our legal basis for the use of 'Personal Information Data' personal data is that you have consented to that use.
    7. Wellbeing Inputs
      1. Measures and Journal Questions - if you respond to the prompt to answer questions, the Measures and Journal functions ask you questions about your personal circumstances and mental wellbeing, and records your answers to your account. You can choose to not answer a question by tapping the close or skip buttons. Your responses to these questions are summarised in the history section of the Journal.
      2. Daily Intention - the Journal has the option to record a Daily Intention.
      3. Values - during the onboarding process you are given the option to set your three Values. You can also set or update these from the Profile screen. You are guided through a number of questions to set these. Your Values reflect what values in life matter to you.
      4. We use this data in order to generate your Wellbeing Outputs. We also gather this data from you as a way to help you build personal awareness about your wellbeing - Okina is designed to help you understand your data and what this might mean for you so that you can take positive action.
      5. Our legal basis for the use of ‘Wellbeing Inputs’ personal data is that you have consented to that use.
    8. Wellbeing Outputs
      1. We use the data described above in the Account Info, Data from your Employer, Work Data provided by you, Data from third party sources, Personal Information Data and Wellbeing Inputs sections in order to generate your Wellbeing Outputs. Your Wellbeing Outputs are:
        1. Measures Scores and Reports - your Measures Scores comprise an Overall Score which is broken down into Pressures Score, Emotions Score, Behaviours Score and Boosts Score. These are each in turn broken down into a number of sub scores such as Energy, Accomplishment and Work-Life-Balance. These scores aim to give insights important to your mental wellbeing, based on psych-social research. These scores are accompanied in the report by text based explanations of what they mean and advice on improving them.
        2. Library Recommendations and Personalisation - you are recommended and personalised Library content based on your Measures Scores and the aforementioned data inputs. These recommendations aim to help improve your scores and wellbeing.
      2. Our legal basis for the creation of ‘Wellbeing Outputs’ from your personal data is that the use is justified for our legitimate interests, or you have consented to that us.
    9. We do not always collect all of the data described above in the Account Information, Data from your Employer, Work Data provided by you, Personal Information Data and Wellbeing Inputs sections, and we do not always use all of these data points in generating your Wellbeing Outputs.
    10. Sharing anonymised Measures Scores with your Employer
      1. If you explicitly consent to share your anonymised Measures Scores with your employer using the toggle on the Privacy screen, we will share your anonymised Measures Scores as part of an aggregate company level report with your employer, to empower them to improve wellness at work. You will not be personally identifiable in this report.
      2. Our legal basis for this use is that you have consented to the use.
    11. Communicating with you
      1. Depending on your app settings, we use your personal data to send you certain notifications, for example to remind you to submit further information or to complete a journal entry. You can control whether or not you receive these notifications, in your app settings.
      2. We use information that you voluntarily provide to us when contacting us with queries, comments or complaints to enable us to respond to those queries, complaints or comments and to make sure that these are appropriately dealt with.
      3. We generate a Weekly Report and send you a notification each week that it is ready to be read. The report summarises your Measures Scores and Reports for a week period. You can control whether or not you receive these reports in your app settings.
      4. Some of the communications we send to you, such as reminding you to submit further information to the app or to complete a journal entry, may be sent by push notification. Push notifications are messages that pop up on your mobile device. You can choose whether or not to receive push notifications from Okina through your device settings.
      5. Our legal basis for the use of personal data for ‘Communicating with you’ is that you have consented to that use, where receipt of the communication is optional or where you have contacted us requesting a reply. If we communicate with you at any time without consent the legal basis for that use is that it is necessary to allow us to perform a contract you have entered with us to provide Okina.
    12. Analysing and improving Okina
      1. We use your personal data as well as some technical information we collect about how Okina is used (such device information and your interactions with the user interface), to help us to monitor trends so that we can analyse and improve Okina. This helps us to make sure that we are providing you with the best possible service. We will only do this in an anonymised way - meaning your data will only be used by specifically authorised employees in a way that cannot be traced back to you.
      2. Our legal basis for the use of personal data for ‘Analysing and improving Okina’ is that the use is justified for our legitimate interests.

        Please note that some of the information we collect about you, such as your Wellbeing Inputs and Personal Information, is "special category" personal data under data protection law. Special categories of data include information about health, race and religion. Given the sensitivity of this data, we ensure that it is subject to special protections. If you provide this information and if you use the app to generate Wellbeing Outputs, you must make sure that you are happy for us to process this information in accordance with this Privacy Policy. You can remove information at any time by requesting to have any of your personal data deleted (we will respond to any request within 90 days), and you may also edit your profile at any time.
  4. Who do you share my personal data with?

    1. If you give explicit consent for us to connect with your employer’s systems in order to pull in your Data from your Employer, we will share this request and your email address (and those two things only) with your employer to enable us to do this. Note that this is for the purposes of obtaining Data from your Employer only and does not allow your employer to access your personal data stored with Okina. Also note that if you explicitly consent to Sharing anonymised Measures Scores with your Employer, this is only done in an anonymised way.
    2. We use third party service providers to carry out the following services on our behalf:
      1. developing, maintaining, hosting and supporting the app;
      2. providing our document management system, database and content management system;
      3. push notification and email notification delivery service providers.
      4. customer relationship management tools so that we can communicate with you
    3. Those third party service providers will have access to your data as part of performing their services for us. They do not use your data for any other purposes.
  5. How is my personal data transported and stored?

    1. When your data is transferred from our interfaces (such as our app or website) to our systems, and when it is stored within our systems, we do so securely using 256 bit (or greater) encryption.
  6. Whereabouts is my personal data kept?

    1. We do not transfer your personal data outside the UK and the European Economic Area. If we ever need to do so, we will update this Privacy Policy and we will make sure that the recipient of your data protects it in the same way that it would be protected in the UK.
  7. How long do you keep my personal data for?

    1. We will keep all your personal data for as long as your account remains open. You can close your account at any time using your account settings. If you close your account, we will delete the personal data associated with your account. It will take 30 days for this personal data to be deleted. This will delete your profile and associated information.
    2. If your account is inactive for a period of 120 days, we reserve the right to close your account and delete your personal data in accordance with section 7.1 above.
    3. We occasionally need to keep data after account closure for limited purposes, for example if we need your data in order to respond to any complaints or claims that you make. If this is the case, we will only keep the data for as long as we need to in order to fulfil those purposes.
  8. What rights do I have?

    1. You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
    2. We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
    3. If you want to exercise any of these rights, please email us at hello@okina.me or write to us at People Matter Technology Ltd, 6th Floor, Poole Road, Westbourne BH1 1AZ. You can also use the contact section of www.peoplematter.tech.
    4. A right to access your information
      1. You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).
    5. A right to an electronic copy of your information
      1. You can also ask us to send you the mandatory Account Information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
    6. A right to object to us processing your information
      1. You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 3 above). This includes non-mandatory data about you and information you voluntarily provide, for example when you contact us or add to your app profile. Remember that you can edit your profile at any time and change or remove any of your information.
      2. If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
      3. Remember that as well as editing your profile, you can always delete your account at any time by using your account settings. This will send us a notification that you have requested to delete some of your data, and we will respond to this request within 90 days.
    7. A right to have inaccurate data corrected
      1. You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
      2. You can update your own personal data at any time by editing your profile. It is your responsibility to ensure that your personal data is accurate and up-to-date.
    8. A right to have your data erased
      1. You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this Privacy Policy.
      2. We will delete the personal data associated with your account, including any journal entries that you have made, when you close your account, as set out under "How long do we keep your data for?" above. Remember that you can close your account at any time or delete personal data within your account.
    9. A right to have processing of your data restricted
      1. You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
      2. Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
  9. How can I contact you?

    1. If you have any questions or concerns about this Privacy Policy and/or our processing of your personal data, please contact us at hello@okina.me you can write to us at People Matter Technology, 6th Floor 300 Poole Road, Westbourne BH1 1BZ. You can also use the "Contact" section of our website www.peoplematter.tech.
  10. What if I have a complaint?

    1. If something goes wrong, or you are not happy, please come to us first and we will work with you to try and resolve the issue. If we are unable to resolve the issue together, and you are unhappy with how we have processed your personal data, you have a right to complain to the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK.
    2. You can find out how to do this by visiting www.ico.org.uk.
  11. What if this policy changes?

    1. We may make changes to this Privacy Policy from time to time. Any changes we make will be posted on this page. We will also always notify you by email if any changes are made.
Last updated on 6th November 2020.