Shout Learning Hub

Who we are

The course you are about to access has been created, and is hosted, on behalf of Experian by The Mix, which is part of Mental Health Innovations. 

This Privacy Notice describes how Mental Health Innovations (“MHI”, “we”, “us”, “our”) collects and uses your personal information in connection with providing this course (“the course”).

Our address is: Mental Health Innovations (“MHI”), PO Box 78319, London, W10 9FE. Our registered charity number is 1175670. We are registered with the Information Commissioner’s Office under number: ZA480522. Our data protection officer’s contact details are here{LINK}.

We are committed to safeguarding your personal information (also known as “personal data”) in line with all applicable laws, including the UK Data Protection Act 2018, the UK General Data Protection Regulation (collectively the “GDPR”) and the common law of confidentiality.

What this Privacy Notice does

This Privacy Notice explains:

• The data we collect as you complete this course

• How we use your personal information and the lawful basis/ground(s) relied upon

• With whom we may share your personal information and where we may transfer it

• How long we retain your personal information for

• How we protect your personal information

• Your data subject rights regarding your personal information

• What to do if you do not wish for us to collect or hold your personal information

• Contacting us and the UK’s data protection supervisory authority

In some circumstances other privacy notices may apply where we may collect other personal information. For example, this Privacy Notice does not cover our volunteers or donors and funders, see our Volunteer Privacy Notice and Marketing and Fundraising Privacy Notice.

We may amend this Privacy Notice from time to time, therefore we encourage you to refer to it periodically. If you have any questions, please contact us at  dataprotection@mhiuk.org.

The personal information we collect when you use this course

As you complete this course we record your IP address, which is considered personal information, as well as any feedback you choose to share with us.

We take appropriate steps to keep all personal information accurate, complete and up to date. If you believe your personal information is out of date or incomplete, please contact our data protection officer.

How we use your personal information, and the lawful basis we rely on

What is a lawful basis?

Consent 

Means an explicit, specific, informed, freely given unambiguous indication of your agreement to our processing of your personal information.

Legitimate Interests

Means our interest in conducting and managing our charity, providing our Mental Health Services and working towards our charitable aims. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information in our legitimate interests by undertaking an assessment. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your Consent, to Comply with a Legal Obligation, to conduct Legal Claims, protect Vital Interests or for the provision of the Mental Health Services). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific processing activities by contacting our data protection officer.

Special Category Data

We do not collect or process any special category data in the delivery of this course unless you choose to share it in any feedback you give about the course. 

Our use of cookies and other similar technologies

We use cookies and equivalent technology to enable our website to function effectively and to improve the experience. Some cookies are used to collect Internet information. 

Two cookies are used on this site:

The essential one is the session cookie, usually called MoodleSession. You must allow this cookie in your browser to provide continuity and to remain logged in when browsing the site. When you log out or close the browser, this cookie is destroyed (in your browser and on the server).

The other cookie is purely for convenience, usually called MOODLEID or similar. It just remembers your username in the browser. This means that when you return to this site, the username field on the login page is already filled in for you. It is safe to refuse this cookie - you will just have to retype your username each time you log in.

With whom we may share your personal information and where we may transfer it

We respect and seek to preserve the confidentiality of the personal information we control. However, in certain circumstances, including as discussed below, we may share your personal information with third parties, including with: 

1. our authorised volunteers, directors and third-party service providers; 

2. further independent controllers (including professional advisers, accountants researchers) with whom we have appropriate agreements; 

3. people who have funded our work 

(Collectively “the “Recipients”). A current list of all our Recipients is available upon request by contacting us. Further, we may disclose your personal data to third parties to whom we may sell (or buy), transfer or merge part(s) of our charity or assets.

Restricted transfers

Your personal data is primarily stored within our charity’s servers located within the European Union and/or the UK or other countries deemed adequate under the GDPR (“Adequate Countries”). However, subject to the application of suitable safeguards, we have the right to move your personal data and our servers (including those provided by our third-party service providers) to areas outside the Adequate Countries. In the absence of a decision on adequacy by the UK’s Secretary of State, the suitable safeguards include undertaking transfer risk assessments, guarantees of a contractual or negotiated nature, including Binding Corporate Rules and approved international data transfer agreements. In the absence of a decision on adequacy or the other suitable safeguards described above, the transfer to and/or processing of your personal data outside the Adequate Countries will only be carried out with your Consent. You can ask to seek redacted copies of the international data transfer agreements which protect your personal data by contacting us.

How long we retain your personal information for

We retain your personal information in accordance with our retention policy, which sets out retention periods as may be required by law, or where there is a reason to keep it because of our need, legal action (actual or in reasonable contemplation), or for internal or external investigations. After that, we will permanently delete your information. You can ask to seek a copy of our retention policy by contacting us. Anonymised and aggregated data from your indirect Interactions with us, from which you cannot be identified, may be retained indefinitely and used for research.

How we protect your personal information

We adopt a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction in line with the GDPR. We oblige our third-party service providers to implement at least equivalent standards of data protection as stipulated in our contract with them.

Your data subject rights regarding your personal information

We comply with the GDPR which gives individuals a number of rights over their personal information. Depending upon the lawful processing ground/condition(s) relied upon to justify our processing of your personal information you may be entitled to request:

• Access to your personal information (commonly known as a “data subject access request”) such as to receive a copy of the personal information we hold about you;

• Correction of the personal information that we hold about you, if the information is incomplete or inaccurate;

• Erasure of your personal information where there is no good reason for us continuing to process it or where you have exercised your right to object to processing;

• Objection to our processing of your personal information where we are relying on a Legitimate Interests (or those of a third party) as the lawful basis;

• Restriction or suspension of processing of your personal information where we are relying on our Legitimate Interests;

• Transfer (portability) of your personal information to another party where we are relying on your Consent or Performance of a Contract as the lawful basis; and

• Withdrawal of your Consent to the processing or your personal information, where we previously obtained it.

What to do if you do not wish for us to collect or hold your personal information

If you would like to exercise your rights, please contact us. We may ask you to verify your identity before fulfilling the request. Verification ensures that your personal data are kept secure. If you would like to make a complaint, please refer to the Contacting us and the UK’s data protection supervisory authority section for more information.

Depending on the nature of the request, you may not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded or excessive. Alternatively, we may refuse to comply with the request in the exact terms in which you made it.

Contacting us and the UK’s data protection supervisory authority

If you have any questions specifically about this Privacy Notice, or wish to make a request to exercise your GDPR rights, please contact our data protection officer:  

By e-mail: dataprotection@mhiuk.org

By post: PO Box 78319, London, W10 9FE

If you are dissatisfied with how we have handled your personal information or request, please contact us in the first instance and we will aim to resolve the matter. However, you have the right to submit a complaint to the data protection supervisory authority in the United Kingdom being the Information Commissioner’s Office details here. In addition, and in the alternative, you also have the right to bring a claim in the courts.