Last updated: July 2023
stem4 (“stem4”, “us” or “we”) is fully committed to protecting and fully respecting your privacy in connection with your use of the Worth Warrior App (“App”).
Information we collect from you
We do not collect any personal information, that is any information that could allow you to be identified as an individual. We do collect some anonymous or non-personally identifiable information (non-PII) – this is data that cannot be used on its own to track, or identify a person. At the time you start using the App, we ask you which country you are in, so that if you need further support, the App will give you accurate information for the country you are in. The additional non-PII data that we can collect, if you agree to share this with us, is county (if in UK), year of birth, gender, ethnicity, and whether you are receiving treatment or advice for an eating disorder from a health professional. This information is used to help us develop our Apps and understand basic information on who is using the App.
It is important to know that you do not have to share any information about yourself, apart from letting us know which country you are in at the beginning of your use, and you can still use the whole App without telling us anything that you don’t want to share.
We use the Firebase SDK to collect Google Analytics 4 Data, to process anonymous (non-PII) information from the App. This allows us to monitor how well the App is working in terms of its technical function, usability and how helpful it is. Google Analytics 4 collects data related to the device you are using, activities you undertake in the App, and your location, but does not log or store individual IP addresses, so we cannot know your exact location. Google Analytics 4 allows us to follow and report on how people are using the App. It is not possible to identify you as an individual user of the App.
Data is anonymously aggregated by us for evaluation, with the purpose of monitoring and improving the App and our services. We may share this anonymous data with some organisations e.g. a Local Authority or the NHS if they are funding your use of a localised version of the App, or with some donors who fund the work of the stem4 charity, and who help us develop the Apps. We do not share any information with other companies that may use it for advertising and marketing.
We adopt the data minimisation principle, and only collect and retain data that is absolutely necessary for us to provide the Apps for users. Our data collection processes are compliant with the UK GDPR regulations (General Data Protection Regulations). As we do not collect any personally identifiable information (PII) – your rights are already protected by our ‘Privacy by Design and by Default’ approach. However, to support a better understanding of your rights with any online service that does collect and process PII, you have the following rights under UK GDPR:
- The right to access – You have the right to request us for copies of your personal data, if collected.
- The right to rectification – You have the right to request us to correct any information about you that you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, if collected, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, if collected, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, if collected under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
- The right to avoid automated decision-making.
As mentioned before, as we do not collect, save or process any personally identifiable information, and only use anonymised (non-PII) data, your rights are already protected. So, for example, we cannot delete your personal information because we do not collect any from you.
If you would like to discuss any of these rights, please contact our Data Protection Lead at firstname.lastname@example.org and we will respond within one month.
If you use the App, we consider that as your consent to us collecting the anonymised (non-PII) data that we do.
We are compliant with the ICO’s (Information Commissioner’s Office) Age-Appropriate Design or Children’s Code, which is an additional data protection code of practice for online services, including Apps. This code prioritises the rights of young people in their use of online service, particularly with respect to the design of the services and privacy.
If you are an adult and are concerned about data privacy issues for any young person who may use the App, please contact us, see details below.
Confidentiality and security
The security of personal information is important to us. We follow current regulatory UK and International standards and in the UK, the NHS standards.
If a security breach takes place, we will quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it, compliant with the UK Information Commissioner’s Office (ICO) recommendations, including informing the ICO if required within 72 hours.
If you have any concerns about a possible data breach or questions about the security of the App and your information, you can contact our Data Protection Lead at email@example.com.
As we do not collect your personal data (PII), we cannot give your personal information to any organisation or third party.
Where we store your data
Anonymised data collected from the App is stored in Google Analytics 4, in non-PII form, and is stored securely in the cloud, accessed by us through a 2-step authentication process. Google Analytics 4 does not share data between Google Analytics 4 users. Google report that “Retention of user-level data, including conversions, is set to 14 months”.
Updates, queries, comments and complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), in relation to data protection issues and this App. We would appreciate you giving us the opportunity to respond. The ICO can be contacted by calling 0303 123 1113 or by going online at www.ico.org.uk/concerns. If you are outside the UK you have the right to lodge a complaint with your local data protection regulator.
We are committed to updating the App and it is reviewed every three months and updated as required. Feedback from our users is very important to us. We are keen to address any users’ issues with the App and welcome your comments, suggestions and queries about this App. You can contact us by emailing firstname.lastname@example.org and we will do our best to reply within 2 working days.
stem4 registered office: 51 St George’s Rd, Wimbledon, SW19 4EA.
Registered Charity No 1144506
Company Registration No 07779151