Information about Joy

About
How it works
Privacy policy
Terms of use
Privacy policy

Joy Privacy Policy for Individuals 

INTRODUCTION  

This policy is designed to be simple, and clear to understand without the usual jargon included – within the document you will find out what information we collect, how we use it and what your rights and choices are relating to your personal data, this privacy policy is written in line with the EU GDPR and UK DPA 2018.  

STATEMENT  

Pungo Limited is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Processor under the UK Data Protection Act of 2018, reference ZA658349.  

Pungo Limited is the registered name and owner of Joy. 

PERSONAL DATA  

Personal data is provided to us via the following avenues;  

· When you register with us or make a booking, the following details are collected – Name, DOB, phone number, postcode and email address.  

· Facebook sign up will capture details associated with your account including name, DOB, phone number, postcode and email address. 

and is collected under the legal basis of legitimate interest. 

YOUR RIGHTS  

As per the Data Protection Act and refined by the General Data Protection Regulation, you have the right to access, rectify, or erase your personal data held by Pungo Limited.  

To make a Data Access Subject Request, please contact our privacy team using the following methods: 

Email: dataprotection@explorejoy.co.uk 

To protect your privacy and prevent unauthorised access, we will verify your identity before processing your access request. We will respond to your request within 30 days from the date of receipt. If exemptions under applicable laws apply, we will inform you accordingly. 

If possible, we will provide the requested information electronically in a commonly used format. For any questions or concerns about your personal data or to exercise your data subject rights, please contact us using the provided contact details. 

 

If we do not address your request or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via www.ico.org.uk or by telephone on 0303 123 1113.  

DECLARATION OF SHARING  

We use third party solutions for the hosting of our website and application (mobile and web), including analytics to better our service and provide the best experience.  

Our website is hosted with WordPress and our app we host within Amazon Web Services (AWS) but we have reviewed this from a security and privacy perspective and have proceeded on the basis that it meets our requirements. We ensure that we carry out data minimisation to capture the minimal amount of information through this route. 

The privacy policies for these third parties can be found below: 

Wordpress: https://en-gb.wordpress.org/about/privacy/ 

AWS: https://aws.amazon.com/privacy/  

Services  

As part of the Joy app we provide you with a list of services which can be used as referrals for your patients, we have carried out baseline reviews against the services as part of our obligations as a data processor to ensure there is a level of security.  

RETENTION PERIOD  

We will hold your data for the duration of service plus three years. The reason for the extra three-year period is in the case of being re-referred, you can choose to have all data immediately deleted upon request.  

CHILDREN'S DATA  

If you are using Joy’s services for the purpose of processing a child's data, you must ensure that you have the appropriate processes, procedures and protections in place for doing so. If a child has used this website without parental consent, please contact dataprotection@explorejoy.co.uk for rectification.  

COOKIES  

Cookies are small text files which are transferred from our websites, applications or services and stored on your device.  

We have ensured that we use the absolute minimum and have only one cookie in use on the website. This single cookie is a session token, which is utilised by Google analytics to throttle requests rates, preventing bots from flooding the server with requests.  

You can edit your cookie settings with the cookie banner when you access this website.  

 

EXTERNAL LINKS  

Throughout the website we may provide links to external parties and partners for further information and content. Whilst we take every precaution to ensure that your time on this website is safe and secure, Pungo Limited cannot guarantee the security of third-party sites and must advise that the usual internet safety precautions should be used.  

REVIEW, UPDATES AND CONTACT  

If you have any questions about this Privacy Policy, would like to exercise any of your rights, or to make a complaint, please write to: dataprotection@explorejoy.co.uk  

This policy will be updated regularly and was last reviewed on 24/07/2023 

 

Joy Privacy Policy for clinicians/professionals and service operators  

INTRODUCTION  

This policy is designed to be simple, and clear to understand without the usual jargon included – within the document you will find out what information we collect, how we use it and what your rights and choices are relating to your personal data, this privacy policy is written in line with the EU GDPR and UK DPA 2018.  

STATEMENT  

Pungo limited is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Processor under the UK Data Protection Act of 2018, reference ZA658349.  

PERSONAL DATA  

Personal data is provided to us via the following avenues;  

Personal details  

· When you, the clinician/professional, register with us we will process your name, your employer, job title and your contact details.  

The legal basis for the collection and processing of this personal data is legitimate interest. 

Your patient's/client’s personal details  

· When adding a client to Joy or making a referral the following patient details are collected – Name, DOB, contact details, NHS number and gender.  

· In addition to this, you may choose to provide us with the health and medical information of your patient, if you’ve obtained the relevant explicit consent. For example, you may wish to include health and sensitive information such as symptoms, treatments, medications, referrals, allergies and ethnicity.  

· When choosing to provide this information, we require explicit consent before doing so, this is therefore the legal basis for collecting this data.  

Note - When patient data is involved, Joy is the data processor and you are the controller and are required to have your own processes in place for ensuring that you are capturing and processing personal data in a compliant manner. Joy has features within it to help you meet compliance, such as consent capturing.  

Service information  

· You may list a service on the Joy platform such as an activity or class. Details of that information such as contact details for the service are stored securely within our database.  

YOUR RIGHTS  

As per the Data Protection Act and refined by the General Data Protection Regulation, you have the right to access, rectify, or erase your personal data held by Pungo Limited.  

To make a Data Access Subject Request, please contact our privacy team using the following methods: 

Email: dataprotection@explorejoy.co.uk 

To protect your privacy and prevent unauthorised access, we will verify your identity before processing your access request. We will respond to your request within 30 days from the date of receipt. If exemptions under applicable laws apply, we will inform you accordingly. 

If possible, we will provide the requested information electronically in a commonly used format. For any questions or concerns about your personal data or to exercise your data subject rights, please contact us using the provided contact details. 

If we do not address your request or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via www.ico.org.uk or by telephone on 0303 123 1113. 

DECLARATION OF SHARING  

We use third party solutions for the hosting of our website and application (mobile and web), including analytics to better our service and provide the best experience.  

Our website is hosted with WordPress and our app we host within Amazon Web Services (AWS) but we have reviewed this from a security and privacy perspective and have proceeded on the basis that it meets our requirements. We ensure that we carry out data minimisation to capture the minimal amount of information through this route.  

We may display on our website or share with our commercial partners aggregated data that does not hold personally identify information, but which shows general trends, for example, patterns for demand of services, health and wellbeing improvement.  

Services  

As part of the Joy app we provide you with a list of services which can be used as referrals for your patients, we have carried out baseline reviews against the services as part of our obligations as a data processor to ensure there is a level of security.  

RETENTION PERIOD  

We will hold your data for the duration of the contract or until you delete it.  

CHILDREN'S DATA  

If you are using Joy’s services for the purpose of processing a child's data, you must ensure that you have the appropriate processes, procedures and protections in place for doing so. If a child has used this website without parental consent, please contact dataprotection@explorejoy.co.uk for rectification.  

COOKIES  

Cookies are small text files which are transferred from our websites, applications or services and stored on your device.  

We have ensured that we use the absolute minimum and have only one cookie in use on the website – you can edit your cookie settings with the cookie banner when you access this website.  

EXTERNAL LINKS  

Throughout the website we may provide links to external parties and partners for further information and content. Whilst we take every precaution to ensure that your time on this website is safe and secure, Pungo Limited cannot guarantee the security of third-party sites and must advise that the usual internet safety precautions should be used.  

REVIEW, UPDATES AND CONTACT  

If you have any questions about this Privacy Policy, would like to exercise any of your rights, or to make a complaint, please write to: dataprotection@explorejoy.co.uk  

This policy will be updated regularly and was last reviewed on 24/07/2023