What kind of help do you need?
Effective date: 01/26/2022
This privacy notice is for people who use the SilverCloud platform and programs as a client or coach.
SilverCloud Health provides its platform to many healthcare services and other organisations. In this notice we will tell you how we process your personal data on behalf of your service (that is, the healthcare team that has given you access to SilverCloud). Your service is the 'data controller', which means they decide how and why your data is processed, and SilverCloud is the 'data processor', which means we follow their instructions. UnityPoint Health may use and disclose your personal data consistent with its Notice of Privacy Practices
SilverCloud also uses some of your data to understand how the SilverCloud platform is used and could be improved. When we collect or use your data on our own behalf, SilverCloud is the 'data controller'.
Contact details for SilverCloud are listed at the bottom of this notice.
How we collect your personal data
Your data is collected by SilverCloud in a few ways:
- Data you give directly
- Data given about you (by a client or coach)
- Data we collect automatically when you use SilverCloud
What personal data we collect and use
Here is a list of the categories of personal data that are collected and used, with examples. Some of these are optional or depend on SilverCloud's obligations to its customers, including what your service has asked SilverCloud to collect.
- Contact details
- Optional personal information
- Health data
- Data about your use of SilverCloud
- Feedback data
- Data about your background or demographic profile
Your name, email address, mobile telephone number (for notifications), etc.
The following types of data will only be collected if SilverCloud has an obligation to do so:
Your postal address, post code, telephone numbers
Optional personal information
Interests, likes/dislikes, profile image, etc.
Health data (PHI)
The SilverCloud customer organization with which you are associated; your SilverCloud program; answers to psychological questionnaires and calculated results; entries to interactive tools such as a list of problems, recording mood over time, or journal entries; messages between clients and coaches; ID numbers for health records; etc.
The following types of data will only be collected if SilverCloud has an obligation to do so, or if SilverCloud has your specific consent:
For referrals, we may collect more data: date of birth, GP name, address, telephone number, national or local ID number.
Additional health data about your disabilities, conditions, problems or treatments.
Data about your use of SilverCloud
Your invitation, when you first signed up, pages and sections viewed, other actions you take on SilverCloud, emails sent to you, server errors that affect you, etc.
When you log in and log out, your IP address, browser type and version, time zone and language, notification preferences
Your login details (username, encrypted password)
Your feedback in the “progress points” at the end of each module; User experience questionnaires; Other questionnaires where it is indicated that the recipient is SilverCloud
Data about your background or demographic profile
The following types of data will only be collected if SilverCloud has an obligation to do so, or if SilverCloud has your specific consent.
Age, gender, sexual orientation, ethnicity, religion, etc.
Data we do not collect
SilverCloud is intended for use by adults aged 18 years or over and we do not knowingly collect personal data from people under 16 years of age.
How and why we use your personal data
SilverCloud processes your data for specific purposes and where there is a legal basis.
- Provide SilverCloud platform and programs
- Technical support
- Understanding usage and improving service
Provide SilverCloud platform and programs
SilverCloud collects and processes your data under a contract with the customer organization with which you are associated in order to provide you with secure access the SilverCloud platform and programs.
This includes displaying program pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notification, etc.
It also includes inviting and managing clients and coaches, coaches reviewing client progress and results, and, if your service requires, working with their health record systems.
Your service is responsible for determining the purpose and legal basis under which they use your data and have SilverCloud process it.
SilverCloud provides technical support to your service, and so we will process your personal data if you contact us by telephone, email or through the SilverCloud platform.
Understanding usage and improving service
SilverCloud analyzes data de-identified in accordance with HIPAA to understand usage and to help us improve the platform and programs.
Most analysis uses de-identified aggregate data (for example, average length of time spent on the platform). Some analysis uses individual de-identified data, with additional safeguards in place such as limiting the set of individual data (data minimization). This analysis may include classification, machine learning or other techniques.
You have rights regarding your personal data. If you have any questions please contact your service or SilverCloud.
Right to information about processing of your personal details
The aim of this privacy notice is to give you this information.
Right to access your personal data
You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.
Right to change or remove your details
You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.
Right to object to processing
You can ask us not to use or share certain health information for treatment, payment, or our operations.
We are not required to agree to your request, and we may say “no” if it would affect your care.
You can object to processing if it could affect your rights, freedoms or interests.
Right to data portability
We will provide your data in a portable format.
Right to lodge a complaint
You can file a complaint by contacting SilverCloud using the information at the end of this notice.
You can file a complaint if you believe we have violated your HIPAA rights with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201, or visiting www.hhs.gov/hipaa/filing-a-complaint.
We will not retaliate against you for filing a complaint.
We use third party sub-processors to host the SilverCloud platform and communicate with you.
Armor Defense, Inc., 2360 Campbell Creek Boulevard, Suite 525, Richardson, Texas, 75082, U.S.A.
We use Armor Defense to host the SilverCloud platform and database.
Location of processing: Texas, U.S.A.
Armor Terms of Service (See "TERMS OF SERVICE AGREEMENT - North and South America")
Amazon Web Services
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.
We use Amazon Web Services to store encrypted backups and send email notifications.
Location of processing: Virgina, U.S.A.
Zendesk International Limited, One Grand Parade, Dublin 6, D06 R9X8, Ireland
We use Zendesk to handle technical assistance communication.
Location of processing: US and EU
Links to other websites
You should also be aware that where you link to another website from SilverCloud, that SilverCloud has no control over that other website. Accordingly, SilverCloud cannot guarantee that the controller of that website will respect your privacy in the same manner as SilverCloud.
Data security and storage
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
All SilverCloud employees are contractually and ethically bound to respect the confidentiality of any personal data held by SilverCloud.
SilverCloud maintains ISO 27001:2013 certification.
Retention of personal data
Privacy notice changes
We will revise this privacy notice when necessary and we encourage you to check back in future for changes.
If you wish to contact SilverCloud regarding use of your Personal Data or to exercise your rights, please contact us at:
One Stephen Street Upper
SilverCloud's Data Protection Officer (DPO) is BH Consulting:
SilverCloud Health Data Protection Officer
The LINC Center
Blanchardstown Road North