Hello and welcome to ZunTold
ZunTold (company number 10311055) is both a publishing company and a provider of counseling services. You can buy books from us directly, and we work with professional authors publishing their work for education and trade. We also offer consultancy to companies, local authorities, NHS, and third-sector organizations working in the digital health space.
In addition, we also run a digital bibliotherapy and therapeutic writing service for the social care and health sector whereby you can access books, write for our community, and work alongside a therapist who has been trained in therapeutic writing skills as well as other therapeutic approaches.
We have developed our privacy policy to make sure that everyone we come into contact with, whether that be authors, customers who purchase books, employees and trainees and service users who use our therapy services, can be assured that their data is safe and that we operate to the highest levels of confidentiality, security and that we comply with our legal duties.
This notice explains who we are and details how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact me, as ZunTold's Data Protection Officer in the event you have a question or a complaint.
We have split our Privacy policy into two sections. One section covers ZunTold customers who use the store to purchase books and others who work with us, such as professional authors, employees, trainees, or in a consultancy capacity. The second section relates to the Privacy Policy for our Fiction as Therapy service users.
How to contact us
First of all, if you have any questions about our privacy policy or the information we hold about you, please feel free to contact me directly:
Elaine Bousfield, Founder of ZunTold and Data Protection Officer
Email: elaine@zuntold.com
Our registered office is 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ
Contents of this page
Who are we?
ZunTold Ltd collects, uses, and is responsible for certain personal information about you. When we do so, we are subject to the Data Protection Laws described below and we are responsible as 'controller' of that personal information for the purposes of those laws.
Key terms
Here are some key terms used in this notice:
- Data protection laws: The General Data Protection Regulation and the Data Protection Act 2018 in each case as amended, updated or replaced and as they apply to the UK.
- Personal information (known as Personal Data): Any information relating to an identified or identifiable individual.
- Special category personal information: This is personal information that reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.
- Contractual service or 'contract': This relates to data we have to collect from you in order for us to be able to fulfill our obligations to you that may have arisen from us agreeing to deliver a product, service or intervention for you or alongside you. It may also relate to a contract we have with a third party such as a health provider such as the NHS or Social Care (for example) to supply you with a service that they have commissioned from us.
- Legitimate interest: Legitimate interests relate to the data we have to collect so we are able to fulfill our business and contractual interests. These have been weighed against the rights of the individual and we have ensured we only collect the data we need in order to be able to fulfill our promises to our end users and our customers.
In the context of our services, we expect that the special category personal information which we are most likely to process will be for our fiction as therapy service and will be data concerning your wellbeing and mental health, ethnicity, gender, and age. Our legal basis for processing this data in our fiction as therapy service is to deliver a 'contractual service' to you. It is also collected under the legal basis 'legitimate interest' as it helps us to measure how we are performing as a service and how to improve our service.
WEBSITE PAYMENTS
We do not currently store credit card details nor do we share financial details with any 3rd parties. All payments are processed via PayPal.
CHILDREN UNDER 13 YEARS OF AGE
We do not collect information from children under the age of 13 outside our Fiction as Therapy service. No personal information (such as name, address, or email address) is collected by, or should be submitted to us by children under 13 without the consent of their parent or guardian.
If you are under 13 and would like to register your details with us for any reason, unless you have been referred into our fiction as therapy service by one of our commissioned organizations, please ask your parent or guardian to read our privacy policy on your behalf. A guardian always has the right to question what information we store on a child and ask for that information to be deleted.
SECTION ONE
Personal information we collect about you
Customers
If you are a customer shopping in our online store for books, we may collect and use the following personal information about you:
- your name and contact information, including email address and telephone number
- your personal interests such as genres you like, authors, and audiences
- any feedback you choose to give us
Authors, employees, consultancy customers
- your name and contact information, including email address and telephone number
- your personal interests such as genres you like, authors, and audiences
- any feedback you choose to give us
- your gender and ethnicity information
- your date of birth
- medical, personal, bank details, and other information and/or options that you provide to us during interviews and/or discussions with you.
How your personal information is collected
We may collect certain information or data about you in various ways. The main ways we do this are outlined below:
- When you submit inquiries or feedback through one of our website forms, or sign up for email updates, we may collect your name, email address, telephone number, and other information.
- When you apply to work with ZunTold as an employee, trainee, or as an author
- When you use our website we will collect:
- your IP address, and details of web browser and which version of it you used.
- information on how you use our website, using cookies, that will help us improve the website.
- When you participate in any of our research projects (including through interviews and focus groups) we may collect your name, contact and other details.
- When you commission ZunTold to undertake consultancy activity, we may collect your name, email address, role, organization, and other information.
- When you contact us directly, we may keep a record of that correspondence.
How and why we use your personal information
Under data protection laws, we can only use your personal information if we have a proper reason for doing so.
The points below explain what we use (process) your personal information for and our reasons for doing so.
To fulfill your customer orders
If you purchase books from us, we need to know who and where to send it to. We will only use information on your buying practices to recommend other books to you if you have agreed to join our mailing list. We may contact you by email if you have bought from us prior to us establishing a mailing list, to see if you would like to join. If you elect not to, no other contact will be made with you.
Products and services
We need to process your personal data when we provide you with information, products, and services that you have requested from us. We do so because it is necessary for our legitimate interests and/or because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract.
Marketing
When we send marketing communications to you at a business email address, we do so because it is necessary for our legitimate interests. Our legitimate interests include disseminating our research and analysis, as well as highlighting relevant products and services, in order to fulfill our mission to bring better mental health through fiction and through bibliotherapy and therapeutic writing to everyone.
In respect of personal email addresses, we will only send you marketing with your explicit consent and you can opt out at any time.
We will always treat your personal information with the utmost respect and never share it with other organizations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us on the contact us tab.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Personal data gathered from publicly available sources
We gather limited personal data from publicly available sources (such as announcements about job moves in the publishing sector, authors' pages, announcements by agents or in the health and social care sector) so that we can contact individuals who we think will be interested in our products and services or in working with us. We do so in connection with our legitimate interests as referred to above under 'Marketing'.
Other bases for processing
We may need to process your personal data for compliance with our legal and regulatory obligations, including where it is necessary for the prevention and detection of crime or for the establishment, exercise, or defense of legal claims (for example, to protect and defend our rights or property).
Who we share your personal information with
We routinely share personal information only with our service provider Dropbox as a data back-up service provider.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information (excluding special category personal information) with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymized but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
Where your personal information is held
Information may be held at our offices and on the servers of our service providers, representatives, and agents as described above (see above: 'Who we share your personal information with').
How long your personal information will be kept
We will retain your personal data no longer than is necessary for the purposes for which it is processed. For example, it may be kept for the duration of a service or product you receive from us or as part of our legal obligations.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request.
When it is no longer necessary to retain your personal information, we will delete or anonymize it.
Your rights
You have the following rights, which you can exercise free of charge:
- Access: The right to be provided with a copy of your personal information (the right of access).
- Rectification: The right to require us to correct any mistakes in your personal information.
- To be forgotten: The right to require us to delete your personal information - in certain situations.
- Restriction of processing: The right to require us to restrict processing of your personal information - in certain circumstances, e.g. if you contest the accuracy of the data.
- Data portability: The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.
- To object:
The right to object:
- at any time to your personal information being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
- Not to be subject to automated individual decision-making:
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer; see above: 'How to contact us'; and
Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The data protection laws also give you right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner who may be contacted at ico.org.uk/concerns or by telephone: 0303 123 1113.
Changes to this privacy policy
This privacy notice was published on January 1, 2021 and last updated on January 1, 2021.
We may change this privacy notice from time to time. When we do, if you've given us your email address as part of registering for our services, we will inform you via email.
SECTION TWO
This part of our privacy policy relates to our Fiction as Therapy service.
Your Privacy and Safety
ZunTold run a Fiction as Therapy service.
We take the privacy and safety of our users very seriously. We have explained the Privacy Policy below. If you are not sure of anything please do get in touch with us at elaine@zuntold.com.
Elaine Bousfield is the founder of ZunTold and the Data Protection Officer.
You can write to us at 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ, but feel free to email us if that is better.
Who are we?
ZunTold Ltd runs a digital Bibliotherapy and Therapeutic Writing counselling service and doing this means we collect, use and are responsible for certain personal information about you. When we do so we are subject to the Data Protection Laws described below and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Website Payments
We do not currently store credit card details nor do we share financial details with any 3rd parties. All payments are processed via PayPal. This will not affect current users of our service as it is free to the end user, paid for by health, social care or education cohort that you belong to. Should we open the service to a subscription model we shall follow the same methodology of not storing credit card or debit card payment details nor will we share financial details with any 3rd parties. All payments will be processed via PayPal or a similar system.
What personal information will you collect about me?
When you use the Fiction as Therapy service from ZunTold we need to collect some personal data from you. This is known as your Personal Data.
How, where, and why do we collect it?
Firstly, when you sign up to use ZunTold Fiction as Therapy you have to put in a code.
You only have to do this the once. This code tells us which health, social care, education provider that you are affiliated with but this code doesn’t identify who you are. We use the code system so we can deliver a contractual service to you. The health, education or social care provider has contracted us to offer a free service to people from their cohort. We cannot start to do this if we do not know which provider cohort you belong to.
Secondly, once you have put in the code we ask you to create a username (not your real name) to use in the community book comments section so your identity is protected. This is the name you will go by in the community and in the support section of the site if you prefer to use your user name with your counsellor. You can choose to use your username or a pseudonym when you publish your creative writing for the community library, or if you want to use your real name when publishing your writing, you can do so. This will mean that community members will know your real name and it will end your anonyminity on the community aspects of the site, so please be aware of that.
Thirdly we collect the following Personal Data from you
- Your first name, last name and email address
- Your date of birth
We collect your first name, second name and email address from you and encrypt them. The counselling team have access to your first name, second name but do not have access to your email address, only the clinical management team, and this information is not shared with the counsellor. We do this for safeguarding reasons, because we have a duty of care to you. Our legal basis for collecting this Personal Data from you is our contractual obligations to you and to our commissioners. It is also to fulfil our legal and statutory duties when working with children and young people under the age of 16 years of age, and with vulnerable adults. Your counsellor will know your age from the date of birth we have collected from you. This falls under the legal basis of our Contractual obligations with you, and our legitimate business interests; as it allows us to fulfil our contractual service to you with regard to appropriate content and allows us to assess for Gillick competency for young people under the age of 16 years of age.
Safeguarding
We have a Duty of Care to safeguard your well-being.
If we are really worried about you and think that you are at risk or danger, we will talk to you about the need for somebody else, such as your health care or social care provider, GP or another agency outside of the ZunTold team to know what has happened or is happening to you. We would only do this if:
- Your mental health or physical health is deteriorating and you need specialist input that you are currently not accessing or are accessing
- You are at risk of harm from somebody else
- Your life is at risk because of something that you are doing
- You are a risk to somebody else
In cases such as these, our counsellors will ask you to consent to share your details so that we can refer you to the appropriate support services or get you the help you need. If you do not consent but your counsellor or the clinical management team feels it is a safeguarding issue, then they may share/refer with any details we have.
If this was to happen we would:
- Let you know who we are passing details to and why
- Keep you informed of any actions we intend to take
- Where possible, work with you to agree every step we are taking
On very rare occasions, where the situation is very serious, we may have to act without talking to you first.
Other Personal Data we collect from you at the sign- up process
We also collect and use the following personal data which is called special category data:
This information helps us to improve our service and ensure we are reaching our population and communities in an equal way. This data is collected under the legal basis ‘legitimate interest’ as it helps us to measure how we are performing as a service. This data will be kept in the file under your username but the clinical management team will be able to connect the notes to your real name.
We also collect information on:
We collect this information in order to deliver a contractual service to you to ensure our therapeutic work is achieving outcomes for you and for our legitimate interest in being a publisher/ aggregator of content and ensuring our books are of the right genres and type for our service users and which ones are popular and which ones are not and which ones are helping and which are not. This helps us choose the right authors and become a better publisher/aggregator. It also allows us to fulfil our legitimate interest in safeguarding you.
How is the data collected?
- When you sign up as explained above
- Should you choose to submit enquiries or feedback through one of our website forms, or sign up for email updates, we may collect your user name or name, email address, telephone number and other information.
- When you use our website, we will collect:
- your IP address
- information on how you use our website that will help us improve the website.
- When you choose to participate in any of our research projects (including through interviews and focus groups) we may collect your name, contact and other details.
- When you contact us directly, we may keep a record of that correspondence
Do we share your personal data with anyone else?
We collect information or data on a quarterly basis in order to share information with commissioners who make the service available to you or/and to improve our services. Any data shared in this way is fully anonymised and is used to help inform the organisations commissioning us about the usage of the service and allows us to see where we need to improve. The anonymised data we share:
Research and analysis in the field of physical and mental health
We are committed to evaluating the evidence base for therapeutic writing and guided bibliotherapy as a school of counselling and psychotherapy and education.
For ZunTold to be able to improve its services, we sometimes work with trusted partners, including universities and NHS organisations to help us analyse our data.
This includes working with researchers from universities who get ethical approval for their work.
The data which we provide to them is a mixture of statistics, information, artistic work (in the Write section) and case studies that you have provided to us or we have pulled together from the work we have done with you and anonymised so that your identity is protected. The statistics include data such as books read, feedback given and reactions to the library texts, plus volume and types of books and poems written by service users and shared in the community library. We also include outcomes recorded, age, ethnicity, and gender of service users as well as other information provided to the service such as goals or assessments, themes within templates and service usage data. Other information includes both public and private information shared within ZunTold. Public information refers to any community bibliotherapy discussions and feedback given to our service and work published in the community library. Private information refers to any communication you have with the counselling team either through chat (one-to-one messaging) or messaging the team.
Unless we have asked you first if you wish to take part in a specific research programme which requires your Personal Data – that is data which identifies you - the research we do with these bodies does not contain any personal data which could be used to identify you - it is completely anonymised.
No identifiable information will ever be shared outside of our organisation for research purposes without your explicit consent.
Referrals from outside agencies to Fiction as Therapy
Sometimes, people are referred into our service by a third party, such as your GP, social worker or another service you may have been working with.
If you have been referred to us by someone and they have shared your Personal data with us, we will keep your personal details in a confidential section of your account that can only be seen by the clinical leadership team. This information would only be used in situations described in the Safeguarding section.
Where your personal information is held
All information is stored securely within the ZunTold Platform and is only accessible to the ZunTold team. Our systems are encrypted - all case notes, communication between counsellors and service users are encrypted. This means they are coded which ensures your data is protected. ZunTold uses Site Ground for hosting. Site Ground has an SSL certificate and our data is encrypted with an encyrption key. If we have to share personal idenifying data about you for referral purppses to third party partners, this is done using email which has a 256-bit encyption key.
Books written by you are shared in the community but are edited and discussed with you by our team before publishing. These are not encrypted and although you can produce duplicate versions of them, you cannot delete them by yourself once published. It may not be possible to remove the books published to the community as other community members may be reading them.
Therapeutic templates are only shared with your therapist and are encrypted.
Some data may occasionally be held at our virtual or physical offices and on the servers of our service providers, representatives and agents - we share personal information with our service provider DropBox as a data back-up service provider. This relates to external referrals and communication with our external partners where referrals may have been made on your behalf. All online data is encrypted (coded which ensures your data is protected) and stored securely within the ZunTold platform as described above.