Privacy Notice

Last updated 10 February 2023; effective from 10 February 2023

🤝 About us

We are Spill App Ltd and are located at 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN. We are registered on Companies House under number 10602161 with the ICO number ZA459842 — you can look us up in the ICO register here.

In the US, we are Spill Inc and are located at Corporation Trust Center, 1209 Orange Street, City of Wilmington, County of New Castle, Zip Code 19801.

If you have any questions about how we process your personal data then you can contact our DPO on dpo@spill.chat.

❓ What we do

Spill App Ltd provides all-in-one mental health support for employees. This includes one-to-one sessions, manager mental health training, and regular feelings check-ins — embedded into the company's Slack or MS Teams or accessed via email login depending on your plan.

As a company dealing with sensitive issues to do with people’s mental health, we take privacy and confidentiality extremely seriously.

Spill processes your data for the purpose of offering our service, meaning remote sessions, wellbeing tools, and mental health content.

⚙️ Spill’s role

Principally, we’re a data controller with regards to the user data we collect for the purposes of providing the Spill services. If you’re based in the US, Spill Inc and Spill App Ltd are joint controllers for this data.

Being a controller means that we are trusted to look after and deal with your personal information in accordance with data protection law. We determine the ways and means of processing your data and must therefore be accountable for it.

However, in some cases we may also act as a data processor where your employer is the controller. For example, when we first start to work with a company, the employer provides us with a way to contact employees — be that via Slack, MS Teams or email. This means we can contact the employees (you!) to offer our Spill services. We are doing this on the instruction of your employer.

If you are on one of our team plans (accessed via Slack or MS Teams), we are also a processor in two further instances: (1) if you contribute to a Wall of Praise (any praise or comments you leave for your colleagues on the Wall of Praise is therefore viewable by your company’s Slack administrator) and (2) if you, as a manager, refer a report as part of Manager Check-in.

If you have questions about the invitation process, Wall of Praise or Manager Check-in, please contact your employer.

Note: If you are the organiser of a Team Check-in, then we are a processor for the data used to set up the invite by you. We will give you the option to connect Spill to your Google calendar in order to make it easier for you to select the meeting which you wish to link to Spill. Spill will read a list of meetings from your Google Calendar in order to show these to you as options to choose from, but Spill does not store information about these events.

If you select a meeting, Spill will use the video link URL for that event in order to generate a Team Check-in URL. When setting up the meeting, Spill will only process the data you ask us to process and do this as a processor on behalf of your employer. For details about the information collected during Team Check-in, please see below.
‍
If you have any questions about how we handle your personal data, please email us at dpo@spill.chat.

🔒 Your rights

As a data subject you have rights in respect of our processing of your personal data when we are the controller of your data:
‍Your right of access - you have the right to ask us for copies of your personal information.
‍Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
‍Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
‍Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
‍Your right to object to processing - you have the right to object to our processing your information if the legal basis is legitimate interests.
‍Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.

If you want to exercise any of these rights, please just contact us on dpo@spill.chat. In the UK and the EU you also have the right to lodge a complaint about our processing with a supervisory authority.

In the UK that is the ICO whose details are here.

If you are an EU user then you also have the option to communicate with our EU Data Rep for any issues or to exercise your rights. Please see the section about our EU Data Rep.

🔎 How we process your data

As a general principle, we try to only collect the data we can’t function without — and delete it as soon as we no longer need it (unless we are legally obliged to keep it). We collect and use data at different stages during your interactions with Spill. Click on the stage that you are most interested in for more detail.
‍
In brief:
     We never share your data outside Spill unless it’s absolutely necessary.
     All your data is kept confidentially.
     We will never share data with your employer without your consent.

If you are using Spill through one of our team plans (accessed via Slack and MS Teams) and you accept the invite and onboard onto Spill, we will collect your confirmation that you have accepted our Terms of Use and read this Privacy Notice, and that you consent to Spill processing your health data as explained herein.

If your company signed up with Spill prior to 15th May 2023 we will also ask you 3 short questions:
              How are you feeling about your work and career?
               How are you feeling about relationships outside of work?
               How are your interests and passions?
‍
This helps us suggest how best to use Spill. Like all digital services, once you are signed up to our Spill services our system automatically collects information about how you use our product. Analytics are obtained through Mixpanel and are used to improve Spill and to let Spill provide anonymous and aggregated reporting on service usage to its clients (your employer).

Spill will only share limited usage data (e.g. “13 people from your organisation have used Spill in the last month”) with its clients and this data will never reveal anything to employers about individual users of Spill.

If you are using Spill through our Starter Plan (accessed via web access and email login), and you accept the invite and create an account with Spill, we collect confirmation that you have accepted our Terms of Use and read this Privacy Notice.

When sessions are charged on a pay-as-you-go basis, you may be the only person at your company using Spill. We will therefore have to share data on your usage with the person who bought Spill for you. That means that whilst the content of therapy sessions remain completely confidential, your admin sees the bill and therefore will know when you start therapy, how many sessions through you are and when you finish. We remind you of this immediately after you sign up and ask that you agree to it before moving into the booking and message sending service.

Our lawful basis for processing this data is a combination of contract (you are signing up to our service), legitimate interest for analytics and aggregating data, and then consent to process any data about your mental wellbeing that you supply at this point.

We retain answers to these questions for seven years after you leave your employer or the Spill platform. We keep analytics and usage data until you leave your employer or the Spill platform.

If you use Spill services as a non- or ex-employee, we use your data in exactly the same way as above, but any reference to “your employer” refers instead to the company through which your access to Spill is provided.

If you move to paying for Spill sessions as a private client, rather than through your employer, no data will be shared with your employer. We will, however, also collect contact and payment details in order to take payment for any Spill sessions you have. Our lawful basis for processing this data is a combination of Contract and Legitimate Interest, and we will retain this data for 7 years after you stop using the platform.

Booking a session

‍When you book a session with one of our practitioners, we ask for a few pieces of information.

We will ask you for your name and an email address in order to send calendar invites and reminders for sessions. You are not required to use your work email address.

We also need a phone number to reach you on, in case the practitioner needs to get in touch, and the name and number of an emergency contact. This is because we hold ourselves to the standard of the UK’s BACP Ethical Guidelines. This means our practitioners have to contact the emergency contact in certain select circumstances – for example, if they believe a client might hurt themselves or someone else.

If you are using Spill through one of our team plans (accessed via Slack and MS Teams), we will also ask for your age (to check you are above 18), your pronouns, a bit about what brought you to Spill, whether you have used a similar service before and whether you are looking for a practitioner with a particular area of expertise or specialism — you can leave this blank, though, when you book. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

If you are using Spill through our Starter Plan or our Team plan where your company signed up after 15th May 2023, we ask for your pronouns and your rating on 4 statements which we use to understand whether our therapy is effective:
    1. I feel like I can cope with my current situation
     2. I am getting along well in my relationships
     3. I understand my distress
     4. I can accept myself
The answers to these questions will be used to help Spill know when to follow up with you and (only with your explicit permission) are shared with the person who bought Spill for you. Spill also analyses the data anonymised and in aggregate to see how we can continue to improve our therapy quality.

Finally we ask a bit about what you want to get out of therapy with Spill — you can leave this blank, though, when you book. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

Our lawful basis for processing this data is a combination of legitimate interest, so we can provide services to you, and your consent for any health data that you provide. We retain this data for 7 years after you stop using Spill services.

Attending a session by phone or video

‍When you attend a session, we record the date and time that the session was held. This is so we can see how many sessions are happening in total and make sure we pay practitioners the right amount for any sessions they have given.

When you attend a session or cancel a session, we store this under your Spill ID, away from your identifiable information. If you opt into Team Check-in, a practitioner will look at how you’re feeling and your session attendance when evaluating whether or not to send you a message reminding you of additional support.

The practitioner who holds the session is also required to keep notes on the content of the session, in a secure system confidential within the service. These notes will be kept for seven years after being logged, and will only ever be accessed when there is legitimate need to do so, for example if you ever want access to the notes for your own records, or if Spill or the counsellor is ever legally required to provide the notes. Because both Spill and the practitioner are independently obliged to maintain this data for legal reasons, we are considered to be Joint Controllers of these notes.

In the UK, Spill is bound by the Ethical Guidelines of the major UK bodies governing psychotherapeutic practice to keep all therapeutic conversations private and confidential within the boundaries set by UK law. Spill conversations between client and practitioner are confidential, but we have legal and ethical obligations.

For example, if a practitioner feels concerned about a client after a session, we would like to get in touch and offer additional support. Either our Clinical Supervisor or the client’s practitioner will get in touch with the client to follow up. If we can’t get in touch with the client we will try to get in touch with their emergency contact and, failing this, if deemed to be necessary we will get in touch with the emergency services. For more information on how this works in the UK, please have a look through our Safeguarding Policy.

In the US, in line with US law for mental health care, our practitioners will contact the emergency services if they believe you might hurt yourself or someone else. There are a small number of other extreme situations where they will also do this - they vary state by state, but in general, they cover situations involving the abuse or neglect of children or other vulnerable people.

If your practitioner feels a bit concerned about you (for instance, if you miss a session without notice after discussing a difficult situation with them), then they will seek advice from other clinicians in the service, such as the Spill Clinical Supervisor or the Clinical Director, as is standard clinical practice. This means they'll share a summary of their concerns, which may also be shared with other Spill practitioners you speak with in the future: but the information remains confidential within the service.

After seeking advice, they may get in touch with you, to make sure you're OK. They will use the email address and phone number you gave Spill when you booked the session or any other contact details you gave them directly. We will never tell your employer or anyone else if this happens, unless you ask us to.

Following some sessions, we will ask you for feedback. This is entirely optional to fill in. We store this information in order to improve our services and give feedback to counsellors and, in some cases, to report back on satisfaction with Spill to your company Spill administrator, if you agree. Spill will always store your feedback against a unique user ID, and only share it with the people you have asked us to.

When you choose to share feedback with either your company Spill administrator or your therapist, Spill is the controller of this data. If you choose to include your name, we carry out a controller-to-controller transfer of your response to your company, otherwise it is shared anonymously.

When you choose to share feedback with others in a Slack or Microsoft Teams channel in your company workspace, Spill is the controller of this data. We carry out a controller-to-controller transfer of this data to the channel, at which point your company is also a controller.

When you choose to share feedback for your company to share on their careers page, Spill carries out a controller-to-controller transfer of this data to your company, at which point we act as the processor to host the data on their behalf, as well as having our own copy as a Controller for our own purposes.

When we process data about the appointment or ask you for feedback and process the results, our lawful basis is legitimate interest. When you share data about your mental wellbeing with our practitioners, our additional basis for processing is your public interest (Counselling). Should we need to share any data about you in an emergency then we will use vital interest as our lawful basis. We retain this data for 7 years.

‍Messaging a practitioner

‍If you are using Spill through one of our team plans (accessed via Slack and MS Teams integrations), when you submit a question to one of our practitioners, we store this under your Spill ID, away from your identifiable information, so not even the practitioner knows who has asked the question. Information held on your Spill ID is used in certain circumstances for triage purposes when you interact with Spill in the future.

We then send it to one of our practitioners to answer. Both the question and the answer are securely stored by Spill. This is so if you ever want to read back over your answer at some point in the future you can do so.

It also means we can see how many questions are being asked in total and therefore make sure we employ enough practitioners to be able to answer them.

If you are using Spill through our Starter Plan, when you send a message to one of our practitioners, we ask you for your emergency contact and location for safeguarding purposes. We also ask for your rating on 4 statements which we use to understand whether our therapy is effective:
     1. I feel like I can cope with my current situation
     2. I am getting along well in my relationships
     3. I understand my distress
     4. I can accept myself

You will then be able to respond to the therapist again and review the entire message history in the Spill App.

Our lawful basis for processing this data is explicit consent. We retain this data for 7 years after you stop using Spill services.

When you have been invited to take part in a Team Check In

‍If you are on one of our team plans (accessed via Slack or MS Teams) then you have access to the Team Check-In feature. When you take part in a Team Check-In, you can choose to be anonymous or share your responses with Spill and/or your company.

Sharing with Spill: If you log in with Slack then we will connect your responses to your user ID and store them so that we can track how you feel over time. If you do not log in with Slack then we cannot connect your responses to your user ID so your responses will be anonymous to Spill. We still store all responses (both anonymous responses and those linked to the user ID where you have chosen to log in) so we can identify why and when people choose not to log in. This helps us build a better product for users and admins.

Sharing with your company: You are able to choose whether you share all or some of your mood score (number between 1 and 10) and your emotions (pick up to 3 from 12 or enter your own in a free text field) with everyone who has access to join the call as well as whoever is responsible for Spill at your company (we call them company admins). If you choose not to share your responses, they will remain anonymous to your company. If you choose to share them, you can choose which ones you share and whether you want your name to appear next to them or ‘Anonymous’.

We also check in on how you’re doing week-on-week. When you submit check in responses, we store this under your Spill ID, away from your identifiable information. Our system then uses an algorithm to determine how you may be feeling and flag you to a therapist so they can contact you if appropriate. You can choose whether or not to take us up on the support – either way we’re always here if you ever need us.

Our lawful basis for processing this data is your consent. We retain this data for 7 years.

Note: If you are the organiser of Team Check-ins, then we are a processor for the data used to set up the invite by you. We will give you the option to connect Spill to your Google Calendar in order to make it easier for you to select the meeting which you wish to link to Spill. Spill will read a list of meetings from your Google Calendar in order to show these to you as options to choose from, but Spill does not store information about these events. If you select a meeting, Spill will use the video link URL for that event in order to generate a Team Check-in URL. When setting up the meeting, Spill will only process the data you ask us to process and do this as a processor on behalf of your employer.

‍Attending a Manager Clinic

‍If you are on one of our team plans (accessed via Slack or MS Teams) then you have access to manager clinics (if your company signed up prior to 15th May 2023). When you book a manager clinic with one of our practitioners, we ask for a few pieces of information.

We will ask you for your name and an email address in order to send calendar invites and reminders for sessions. You are not required to use your work email address. We also need a phone number to reach you on, in case the practitioner needs to get in touch via phone (for example if your connection stops working during the call). Finally, we ask a few questions around what brought you to the manager clinic. For example, we ask what your management experience has been to date. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

Our lawful basis for processing this data is legitimate interest, so we can provide services to you, and your consent for any health data that you provide. We retain this data for 7 years after you stop using Spill services.

‍When as a manager, you take part in Manager Check-In
‍Note: Manager Check-Ins are not currently enabled for Spill customers.

‍Spill is the processor for this functionality, processing data from the manager on behalf of the employer. For details on the lawful basis and to exercise your rights over this data, either as a manager or a referred employee, you will need to contact your employer.

If you are on one of our team plans (accessed via Slack or MS Teams) then you have access to manager check-ins. When a manager takes part in manager check-in, we ask for some specific information.

We ask for: who their line reports are, and on a regular basis we ask their opinion on how their reports are doing. This is in the form of a ‘Sad’, ‘Meh’, ‘Happy’ rating. If the manager tells us a report is ‘Sad’, we ask the manager if they’d like Spill to reach out.

The purpose for asking for this information is specifically so that Spill can reach out to those who are not feeling their best. Spill may follow up with the employee, inviting them to answer a few questions about how they’re feeling.

Note: Spill is the processor of this data up to the point where we directly ask the employee how they’re feeling, at which point Spill becomes the data controller. Spill processes the manager data on your behalf only so that we can follow up with people who might benefit from hearing from Spill.

‍If your manager has referred you to Spill via the Manager Check-In
‍Note: Manager Check-Ins are not currently enabled for Spill customers.

‍If your manager has referred you to Spill, we will send you a message inviting you to answer a few questions about how you are feeling. This will be received on Slack or Teams with a link to the Spill Web App. If you wish to respond to that message and you have not previously used Spill then we will ask you to sign our T&Cs and you will then become a user of Spill services and you should refer to point 1 of this privacy notice. Your employer will not see the answers you have given to the questions as we are now the Data Controller for this data and it is not shared with your employer.

📦 What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

🖊️ Changes to Our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up to date.

If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

🇪🇺 EU Data Rep

If you’re based in the EU/EEA and are an EU data subject or if you’re based in Switzerland and are an FADP data subject, you can raise questions about your personal data by either contacting our DPO on dpo@spill.chat or you can contact us via our EU GDPR Representative, DataRep:
datarequest@datarep.com