MYMUP Digital

Legal

MYMUP Digital, Privacy Policy

Last updated: 30/04/2026

1. Introduction

MYMUP Digital Ltd (“MYMUP”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, platform, and services. It also explains your rights under UK data protection law.

We comply with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)

These laws require us to process personal data lawfully, fairly, and transparently.

2. Who We Are (Data Controller)

MYMUP Digital Ltd is the data controller responsible for your personal data.

Contact details:

If applicable:
Data Protection Officer (DPO): [Insert details or state “Not applicable”]

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

a) Identity Data

  • Name
  • Job title
  • Organisation

b) Contact Data

  • Email address
  • Phone number
  • Address

c) Technical Data

  • IP address
  • Browser type
  • Device information
  • Website usage data (via analytics)

d) Service / Platform Data

  • Client records (via CPR system)
  • Assessments and outcomes
  • Referral and service data
  • Communication logs

e) Special Category Data (Health Data)

As part of our platform, we may process health-related data, which is classified as special category data under UK GDPR.

This includes:

  • Mental health data
  • Wellbeing assessments
  • Care and support records

We only process this data where lawful and necessary, and with appropriate safeguards.

4. How We Collect Your Data

We collect data when you:

  • Use our website or contact forms
  • Request a demo or make enquiries
  • Use the MYMUP platform
  • Are referred through partner organisations
  • Interact with our services or communications

We may also receive data from:

  • NHS organisations
  • Charities and service providers
  • Partner organisations

5. How We Use Your Data (Purpose & Lawful Basis)

Under UK GDPR, we must explain why we process data and the lawful basis for doing so.

PurposeData UsedLawful Basis
Provide platform servicesIdentity, service dataContract
Deliver care & support insightsHealth dataPublic task / healthcare provision
Reporting (e.g. MHSDS)Service + health dataLegal obligation
Improve services & analyticsTechnical dataLegitimate interests
Communication & supportContact dataLegitimate interests
Marketing (if applicable)Contact dataConsent

Where we rely on consent, you can withdraw it at any time.

6. Data Sharing

We may share your data with:

  • NHS organisations and commissioners
  • Partner organisations and service providers
  • Regulators and authorities (where required by law)
  • Technology providers (e.g. hosting, analytics)

We ensure all third parties process data securely and in accordance with UK GDPR.

7. International Transfers

Where data is transferred outside the UK:

  • We ensure appropriate safeguards are in place
  • Such as UK adequacy regulations or standard contractual clauses

8. Data Retention

We retain personal data only as long as necessary for:

  • Service delivery
  • Legal and regulatory obligations
  • Reporting requirements

Retention periods are based on:

  • NHS and sector guidelines
  • Legal requirements
  • Business needs

9. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Encryption (in transit and at rest)
  • Role-based access controls
  • Two-factor authentication
  • Audit logs and monitoring
  • Secure hosting environments

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request)
  • Request correction of inaccurate data
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)
  • Lodge a complaint with the ICO

You can exercise your rights by contacting us at: info@mymup.org

You also have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk

11. Cookies and Website Data

Our website may use cookies and analytics tools to:

  • Understand how users interact with the site
  • Improve functionality and performance

We will request consent for non-essential cookies where required under PECR.

12. Automated Decision-Making

We do not carry out solely automated decision-making that significantly affects individuals.

Where analytics or insights are used, these are always reviewed by human users.

13. Children’s Data

Where our services involve children or young people:

  • We apply additional safeguards
  • Ensure data is handled appropriately
  • Work with organisations responsible for lawful data collection

14. Updates to This Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page with an updated “Last updated” date.

15. Contact Us

If you have any questions about this Privacy Policy or your data: