Our mission at Youthinmind is to provide world-class mental health assessment to our clients. Our clients mainly assess children and young adults. We consider client data as being exceptionally sensitive and take all reasonable measures to protect it.
In the GDPR context, Youthinmind consider ourselves as the Data Processor and our clients as the Data Controllers. From the very beginning of providing our online service in 2003 our mental health assessment scores were and remain anonymous to us. The mental health assessment scores we process cannot be identified to a natural person without the explicit and fully informed assistance of our clients.
How we secure, store and retain your data
Administrative and clinical data are stored indefinitely or until a client asks us to have their data removed. Should you have a query about the security or retention periods of your data, you are welcome to contact our Data Protection Officer on firstname.lastname@example.org
How you can access, update or delete your data
To access and update your data, please sign into your Administration Account on https://admin.sdqscore.org/Login with your AdminID and password. It is your right to request deletion of your Personal Data. By having your Personal Data (your email address) deleted you unsubscribe from our service and you will no longer be able to score SDQs. Should you wish to use the scoring service again in the future you can resubscribe at a latter date. If you are unable for any reason to access your Administration account, please get in touch with us via email@example.com
Our service is operated and managed on servers located in the United Kingdom, the Netherlands, Germany and the USA. Our chosen server provider, vps.net has addressed GDPR on the following pages: https://www.vps.net/about-vps-net/legal/privacy-policy/ and https://www.vps.net/about-vps-net/terms-service/msa/
Data Protection Safeguards
Youthinmind employs the highest industry standards and proprietary technology to protect our clients’ data. These include blockchain, anonymisation, strong encryption, tokenising and data sharding. We do not disclose further details beyond this as it might weaken our data security measures.
GDPR introduces the duty to report certain types of data breaches within 72 hours of detection, even if the details of the breach are not yet identified. If individuals are put at risk you must inform them. Because of the high sensitivity of child mental heath records, clients are advised to secure any information that might facilitate de-anonymisation. Data breaches in the United Kingdom should be reported to the Commissioner’s Office at www.ico.org.uk or Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
At Youthinmind your data are portable. Your Clinical Data can be exported in either .xlsx or .csv file format via your Administration account on admin.sdqscore.org/Login with your AdminID and password.
Our Data Protection Officer and Contact
If you have concerns or queries about our data protection practices, you may contact our Data Protection Officer by email on firstname.lastname@example.org You may also contact us by post: Data Protection Officer, Youthinmind Ltd, 39A Welbeck Street, London, W1G 8DH, London, England.
Data Protection Authority
Youthinmind Limited is the Data Processor for various SDQ and DAWBA instruments. Should you have a complaint in respect of how we handle your data you are entitled to submit the complaint to the Commissioner’s Office at www.ico.org.uk Full address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Youthinmind Ltd is a limited company registered in England and Wales (registration number 4044574). M T Smith Registered address: Youthinmind Ltd, 39A Welbeck Street, London, W1G 8DH, London, England
We are SUPER Act (Senate Bill 5419) Compliant