Privacy and Data Protection is at the heart of our organisation and business culture. Here at OnePlusOne, we have a number of policies which refer to how we collect and process your data.Our Policies
During the onboarding process, we collect various types of personal data to enhance your experience and provide potential support. This includes your full name, email address, age, gender, ethnicity, sexual orientation, relationship status, relationship length, time since separation, details about your children, income bracket, and first four digits of your postcode. Additionally, we inquire about your engagement with the United Kingdom court system.
In the parenting plan feature, two users or separated parents create a plan for their child/children. Users have the option to invite an additional user to participate in the co-parenting plan. Both users must agree to create a co-parenting plan, and they can collectively agree or disagree on the information contained within the plan. The co-parenting plan can be modified or deleted with mutual consent.
It is important to note that both parents participating in the co-parenting plan can view all the data shared within the plan. Users are encouraged to exercise caution when sharing personal information in this format with another user.
While we prioritise maintaining confidentiality, there is a potential risk of personal information being shared inadvertently. Users are urged to carefully consider their responses and interactions within the co-parenting plan feature.
The safety and privacy of children are paramount to us. Therefore, the use of our App is restricted to individuals who are 18 years old or older. If you are under 18 years of age, you are considered a "Minor" and are prohibited from using our services. We do not knowingly collect personal information from Minors. If you believe that a Minor may have provided us with personal information, please contact us at email@example.com. We reserve the right to request users to verify their age, and failure to provide such verification may result in the termination of the user's account and the deletion of all personally identifiable information associated with the account.
We collect data through standardised questionnaires measuring emotional readiness, couple conflict, psychological well-being, communication skills, and co-parenting cooperation. Versions of these questionnaires, available within the App, contribute to our research evaluation process.
To assess the efficacy of mediation, we collect data on how successful mediation has been and how well users have engaged. This information is crucial for our research and evaluation purposes.
We process personal data to operate, improve, understand and personalise our App. For example, we use personal data to:
Our processing of personal data is conducted based on various legal grounds, ensuring transparency and compliance with applicable data protection regulations. The following categories represent the legal bases for processing personal data:
We process personal data as a matter of "contractual necessity." This means that processing is essential for the performance of our Terms and Conditions, enabling us to provide you with access to and use of the App. Failure to provide such personal data may result in your inability to use some or all portions of the App that require this data.
We process personal data based on our legitimate interests or those of third parties. Our legitimate interests include:
In some cases, we may process personal data based on the explicit consent granted by users at the time of data collection. When personal data is processed based on user consent, it will be expressly indicated at the point and time of collection.
We may also process personal data to comply with legal obligations, protect the vital interests of users or other data subjects, or perform tasks carried out in the public interest.
In the context of research data collection, we may process personal data based on our legitimate interests. This includes anonymising the data to ensure privacy while contributing valuable insights to our research efforts.
Access to the data is limited to specific roles within our organisation, and our App development company for ongoing support.
No personal data is shared without prior consent from users. We respect your privacy choices, and within the onboarding process, you have the option to provide consent for specific data-sharing scenarios.
Users can choose to be contacted by us for App usage feedback. This feedback helps us enhance the user experience and improve our services. Additionally, users have the option to allow us to share their email address with National Family Mediation (NFM) (our mediation partners) for additional support. If you do not opt-in to these data sharing purposes, your information will not be passed on to NFM or our App usage feedback team.
Evaluation data shared with the Department for Work and Pensions (DWP) is anonymised before analysis. Data shared for analysis purposes is aggregated and de-identified to ensure the privacy of individual users.
Your control over the sharing of personal information is fundamental to our commitment to user privacy. If you have any questions or concerns about data sharing, please contact us at firstname.lastname@example.org.
SPSS (Statistical Package for the Social Sciences) is employed for analysing extracted data within the OnePlusOne research team, while UXCam is used for app analytics within our UX and Operations team.
Personal data collected for research purposes will be retained only as long as necessary to achieve research objectives. Upon the completion of the evaluation report, scheduled for March 2025, personal data will be anonymised or deleted, following data minimisation principles.
While the completion of the evaluation report is scheduled for March 2025, users will have until the 20th December 2024, to request the removal of their personal data from the evaluation. After this date, all user data up to this point will be extracted and anonymised. However, it's important to note that users may continue to interact with the App after this period.
By choosing to use the App beyond the specified date (20th December 2024), users implicitly agree to the continued use of their data for further research purposes unless they explicitly request the removal of their data or delete their account within the App.
If you wish to have your data removed from our evaluation datasets before the 20th December 2024, please contact email@example.com for further information. After this period, we will not be able to remove your data from the anonymised datasets.
In our commitment to providing a seamless and optimised user experience, we utilise third-party software and service providers to enhance various aspects of our App.
Additionally, we use UXCam, an analytics solution designed to enhance our App's functionality. UXCam may record information such as screens visited, interaction patterns (including screen actions and gestures like taps and scrolls), and device details (type, version, model, operating system). The information collected by UXCam is crucial for improving our App.
To safeguard your data, we implement robust technical security measures. Firebase services encrypt data in transit using HTTPS, and customer data is logically isolated, enhancing security. Each Firestore object's data and metadata are encrypted under the 256-bit Advanced Encryption Standard (AES). Users are required to select robust passwords when completing the onboarding/registration process.
Our staff is educated on the importance of data security. Training programs ensure that team members are aware of and adhere to security measures, minimising the risk of unauthorised access or mishandling of personal data.
Users are solely responsible for the content submitted and actions taken within the App. It is strongly advised not to share account access, and in the event of such sharing, users retain full responsibility for any consequences arising from shared access, including but not limited to the content shared and actions performed within the App. We offer the option to invite another user to create a co-parenting plan to reduce the need for shared account access.
Accurate recording of data is crucial. We have mechanisms in place to ensure accurate data recording, and users can update their profile data within the App. If inaccuracies are identified, you have the option to update your profile details via the App. Otherwise, you can contact us using firstname.lastname@example.org to request additional updates.
In our commitment to data privacy and security, we implement a structured approach to data deletion and retention, aligning with data protection principles.
We maintain two datasets to manage user data effectively. The first is an anonymised dataset, where user IDs replace email addresses and names. The second dataset includes email addresses linked to user IDs and is stored separately in an encrypted and password protected location.
To adhere to data retention rules, raw data is not deleted; instead, it undergoes anonymisation. However, it's crucial to note that anonymisation processes will be completed on or after the 20th December 2024. Beyond this date, data up to this point will be anonymised, ensuring continued privacy and aligning with data minimisation principles.
If you have any queries or concerns regarding data deletion or anonymisation, please contact us at email@example.com.
Users have control over their data. They can delete their accounts at any time by using the options within the App, resulting in removing their data from the App and our systems. Additionally, they can update their profile data within the App or contact us using firstname.lastname@example.org if additional requirements need to be actioned.
We respect and acknowledge the data protection rights afforded to users under the General Data Protection Regulation (GDPR). To exercise these rights, users can utilise features within the App, empowering them with control over their personal data.
The rights include, but are not limited to:
Features within the App provide a seamless and user-friendly way for individuals to manage their data protection rights. If you need additional assistance in exercising your rights, or you have any questions, please contact us at email@example.com.
As part of our commitment to data protection and privacy, we have established an anonymisation deadline scheduled for the 20th December 2024. This means that after this date, personal data collected up to that point will be anonymised, rendering it non-identifiable.
Users have the right to exercise certain data protection rights, such as access, rectification, erasure, and data portability. However, it's important to note that the effectiveness of these rights may be influenced by the anonymisation status of the data:
The anonymisation of data may not affect the continued functionality of the App. Users may still be able to interact with the App and benefit from its features post the anonymisation deadline. However, it's important to understand that any data generated or shared within the App after this date will be subject to the anonymisation process during subsequent evaluation periods of potential future research.
By choosing to continue using the App after the anonymisation deadline, users implicitly agree to the use of anonymised data for research, analytical, and improvement purposes. The anonymisation process ensures that individual identities are protected while allowing valuable insights to be gained for ongoing research and development.
If you wish to remove your data from any future research, analytical, and improvement purposes after the anonymisation deadline, you will be required to delete your account via the App. If you have any questions or require further clarification regarding the anonymisation process and its implications on user rights, please contact us at firstname.lastname@example.org.
All personal data is processed within the European Economic Area (EEA). Geo-locking mechanisms are in place to ensure data is not transferred outside of the EEA.
Since no data is processed outside the EEA, there are no formal or recognised adequacy measures needed for privacy protection. Data remains within the geographic boundaries covered by EEA regulations.
We comply with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR). Users are directed to company documents, including data protection policies, GDPR policies, terms and conditions, and research policies during the onboarding journey.
Governance arrangements involve utilising two datasets – one anonymised and another with identifying information. This approach aligns with British Psychological Society (BPS) ethical guidance for research with human participants. Oversight and compliance with data protection principles are integral to our ongoing operations.
Effective Date: Thursday 11th January 2024