HFMH PRIVACY POLICY
Welcome to Happy: Frictionless Mental Health™ ("HFMH"). At Happy: Frictionless Mental Health™, we are committed to providing accessible and supportive mental health services through text-based interactions. This privacy policy outlines how we collect, use, and safeguard data to deliver our services effectively while maintaining the privacy and security of our members' information.
This policy applies to all interactions and data exchanges conducted through our SMS platform. It covers the collection of personal information, message content, technical data, and the procedures for opting in and out of our services. Additionally, it addresses our compliance with 10DLC regulations for business SMS and the standards set forth by The Campaign Registry (TCR).
By engaging with our SMS services, you consent to the practices described in this privacy policy. We encourage you to read this document carefully to understand how your information is handled and your rights regarding its use. If you have any questions or concerns, please contact us for further clarification.
DEFINITIONS
"Program" Refers to Happy: Frictionless Mental Health™, a service providing emotional support through SMS interactions.
"Support Givers" Individuals who respond to member texts and provide emotional support via the Program.
"Members" Individuals who engage with the Program and receive emotional support and other services via SMS.
"HIPAA" The Health Insurance Portability and Accountability Act, which sets standards for protecting sensitive patient information.
"10DLC" 10-Digit Long Code, a type of phone number used for business SMS that requires compliance with specific regulations.
"TCR" The Campaign Registry, an organization that oversees the registration and regulation of SMS campaigns to ensure compliance with industry standards.
"Opt-In" The process by which members consent to receive outbound text messages from the Program.
"Opt-Out" The process by which members can stop receiving text messages from the Program by texting STOP.
"Personal Information" Data that identifies an individual, such as name, contact details, and message content.
"Technical Data" Information related to the device and network used for accessing the Program, including IP address and device type.
"Carriers" Mobile network providers that deliver SMS messages to members.
"Message/Data Rates" Charges applied by carriers for sending and receiving SMS messages, which may vary based on the member’s mobile plan.
1. DATA COLLECTION AND USAGE
1.1. Types of Data Collected
Personal Information: This includes data that can identify you, such as your name, email address and contact details, which are collected when you engage with our services.
Text Message Content: All messages sent to and from our Support Givers, including your interactions and responses.
Technical Data: Information about your device and network, such as IP address, device type, and usage patterns.
1.2. Purpose of Data Collection
Providing Emotional Support: We use your personal information and message content to deliver tailored emotional support through our Support Givers. This helps ensure that the assistance you receive is relevant and effective.
Service Reminders and Notifications: Your data is utilized to send you reminders for upcoming appointments, check-ins, and notifications about special events. These messages aim to keep you engaged and informed about your mental health support.
Service Improvement: The data collected helps us analyze and enhance our services. By understanding usage patterns and feedback, we can continually improve the quality and effectiveness of our support offerings.
Communication: We may use your contact information to communicate important updates, changes to our services, and responses to your inquiries or requests for support.
Compliance and Legal Obligations: We may use your data to comply with applicable laws, regulations, and legal processes. This includes ensuring our practices adhere to HIPAA, 10DLC, and TCR requirements.
1.3. Data Storage and Retention
HIPAA Compliance: All data collected through Happy: Frictionless Mental Health™ is stored in compliance with the Health Insurance Portability and Accountability Act (HIPAA). This ensures that your personal and health information is protected according to the highest industry standards.
Encryption: We employ robust encryption methods to protect your data both during transmission and while at rest. This means that any data you share with us is securely encoded to prevent unauthorized access.
Access Controls: Access to your data is restricted to authorized personnel only. We implement strict access controls and regularly review permissions to ensure that only those who need access to your data for service delivery and support can view it.
Retention Period: Your data is retained for as long as your sponsoring organization maintains its service with us. Once the service is terminated, your data will be securely deleted in accordance with HIPAA regulations and industry best practices.
Regular Audits and Updates: We conduct regular audits and system updates to maintain compliance with HIPAA and other relevant regulations. This includes frequent reviews of our security practices and technology to safeguard your data effectively.
Secure Data Storage: Your data is stored in secure, HIPAA-compliant systems with robust physical and logical security measures in place. These systems are hosted in reputable data centers with stringent access controls and monitoring to prevent unauthorized access or breaches.
Training and Awareness: Our staff undergo regular training and awareness programs to educate them about data security best practices and their responsibilities in safeguarding your information. This helps promote a culture of security throughout our organization.
Incident Response Plan: In the event of a data breach or security incident, we have a comprehensive incident response plan in place to promptly detect, assess, and mitigate any potential impacts. This includes notifying affected individuals and relevant authorities as required by law.
Third-Party Security: We carefully vet and monitor any third-party service providers or partners who may have access to your data to ensure they maintain adequate security measures and comply with applicable privacy regulations.
Continual Improvement: We are committed to continually improving our data security measures to adapt to evolving threats and technology advancements. This includes staying updated on emerging security trends and incorporating industry best practices into our policies and procedures.
No Data Selling: We do not sell, rent, or share your personal data with third parties for marketing or any other purposes not directly related to providing our services. Your information is kept strictly confidential and is only accessed by authorized personnel for service-related purposes.
1.4. Member Rights
Access and Correction: You have the right to access the personal data we hold about you upon request. If you believe any of the information is inaccurate or incomplete, you may request corrections or updates to ensure its accuracy.
Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another service provider if desired.
Deletion: You can request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or if you withdraw your consent. However, please note that we may retain certain information as required by law or for legitimate business purposes.
Withdrawal of Consent: If you have previously provided consent for the processing of your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
Objection to Processing: You have the right to object to certain types of processing of your personal data, such as direct marketing or processing based on legitimate interests. We will cease processing your data for such purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
Lodging a Complaint: If you believe that we are not processing your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority.
2. OPT-IN AND OPT-OUT PROCEDURES
2.1. Opt-In Process
Manual Opt-In: Members may be asked to explicitly opt-in to receive outbound text messages from the Program. This can be done by responding affirmatively to a request for consent, such as a message asking if they would like to receive notifications or reminders.
Automated Opt-In: Members may also opt-in through automated systems by following instructions provided in messages or prompts from the Program. This could involve replying with a specific keyword or clicking on a link provided in a text message.
2.2. Opt-Out Process
Texting STOP: Members have the right to opt out of receiving messages from the Program at any time. They can do so by simply texting the word "STOP" to the Program's designated phone number.
Confirmation of Opt-Out: Upon receiving the opt-out request, the Program will send a confirmation message to the member, acknowledging their decision to opt out. Following this confirmation, the member will cease to receive further text messages from the Program, except for a final message confirming their opt-out request.
Revoking Consent: If a member wishes to revoke their consent to receive messages after opting in, they can follow the same opt-out procedure outlined above.
Re-Opting In: Members who have previously opted out but wish to rejoin the Program and receive messages again can do so by following the manual or automated opt-in procedures described above.
3. MEMBER SUPPORT
Technical Support: Our support team is available to assist you with any technical issues or questions you may have regarding our services. You can easily reach out to us by texting HELP at any time. Our team will promptly respond to your inquiries and provide the necessary assistance to address your concerns.
Service Assistance: If you encounter any challenges or require clarification on how to use our services effectively, our support team is here to help. Whether you need guidance on navigating the platform, understanding certain features, or resolving any issues you may encounter, we are committed to ensuring your experience with Happy: Frictionless Mental Health™ is seamless and satisfactory.
Feedback and Suggestions: We welcome your feedback and suggestions on how we can improve our services to better meet your needs. Your input is valuable to us as we strive to continuously enhance the quality and effectiveness of our support offerings. Please feel free to share your thoughts with our support team, and we will carefully consider your input in our ongoing efforts to provide the best possible experience for our members.
4. COMPLIANCE WITH 10DLC AND TCR
4.1. 10DLC Compliance
Registration: All business SMS communications conducted through our Program adhere to the regulations outlined for 10-Digit Long Code (10DLC) messaging. We ensure that our messaging campaigns are registered with appropriate carriers and compliant with carrier-specific guidelines.
Campaign Approval: Before sending messages to members, each campaign undergoes a thorough approval process to ensure compliance with carrier requirements and industry standards. This includes verification of message content, opt-in procedures, and adherence to message frequency guidelines.
Content Compliance: Our messaging content complies with all applicable laws and regulations, including the Telephone Consumer Protection Act (TCPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. We prioritize transparency, accuracy, and relevance in all communications with our members.
Opt-In Mechanisms: We employ clear and explicit opt-in mechanisms to obtain consent from members before sending outbound messages. Members have full control over their communication preferences and can opt out at any time by texting STOP.
Compliance Monitoring: We continuously monitor our messaging campaigns to ensure ongoing compliance with 10DLC regulations. Regular audits and reviews are conducted to identify and address any compliance issues promptly.
Member Rights: We respect the rights of our members regarding their communication preferences and data privacy. Members have the right to opt out of receiving messages, access their personal data, and request corrections or deletions as outlined in our privacy policy.
4.2. TCR Requirements
Campaign Registration: All SMS campaigns conducted through Happy: Frictionless Mental Health™ are registered with The Campaign Registry (TCR). This ensures that our messaging practices comply with industry standards and regulations.
Compliance Standards: We adhere to TCR's guidelines for business SMS, which include:
Message Content: Ensuring messages are appropriate, relevant, and non-deceptive.
Frequency: Regulating the frequency of messages to avoid spam and ensure a positive user experience.
Opt-In/Opt-Out Procedures: Clearly outlining and implementing procedures for members to opt-in and opt-out of receiving messages.
Monitoring and Reporting: We regularly monitor our SMS campaigns to ensure ongoing compliance with TCR requirements. Any issues identified are promptly addressed to maintain our commitment to regulatory standards.
Data Security: TCR compliance includes maintaining robust data security measures to protect members' information. This aligns with our overall commitment to data privacy and security.
5. CARRIER LIABILITY
Disclaimer: Mobile carriers are not liable for delayed or undelivered messages. The delivery of SMS messages is subject to the effective functioning of carrier networks, which can be influenced by various factors such as network traffic, technical issues, and geographic location.
Service Availability: The availability and performance of SMS services may vary depending on the carrier and your specific mobile plan. We strive to ensure reliable delivery of messages, but we cannot guarantee timely delivery due to potential carrier-related issues.
Responsibility: By using our services, you acknowledge that carriers are not responsible for any damages or losses resulting from delayed or failed message delivery. Happy: Frictionless Mental Health™ will make every reasonable effort to ensure that messages are sent and received as intended.
6. MESSAGE AND DATA RATES
6.1. Charges
Standard Rates: Standard message and data rates may apply when sending or receiving SMS messages through our Program. These rates are determined by your mobile carrier and your individual mobile plan.
Carrier Policies: It's essential to check with your mobile carrier to understand the specific charges associated with your plan. We are not responsible for any fees or charges incurred as a result of using our SMS services.
International Rates: If you are using our services outside your home country, additional international message and data rates may apply.
7. ADDITIONAL PRIVACY POLICY INFORMATION
Contact Information: For any questions or concerns regarding this privacy policy, or to exercise your rights related to your personal data, please contact us at:
Updates to This Policy: We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Members will be notified of significant changes through SMS, email, or updates on our website.
External Links: Our website may contain links to external sites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any websites you visit.