Please select whether you are signing up as an organisation or an individual.
Sign up with email
Joy is a web service.
Rights of Content
The users themselves retain the right to all text, pictures and other content that they create in the service. The users allow others to utilise the content in accordance with the nature of the service and furthermore allow Joy to file information and data and make changes that are necessary for the service. Users permit Joy to commercialise their content elsewhere such as on other organisations Directories. The responsibility of the content lies with the user, who has produced it for Joy. The service provider has the right to remove any material when it deems it necessary.
No guarantees of the functioning of the Joy service are given. The users are themselves responsible for their actions in the service and they should estimate the reliability of other users before dealing with them. Joy can under no circumstances be liable for damage that is caused to the user. The user may not store any information or data in the service, and expect it to remain there.
The Removal of a User
Joy has the right to remove any users from the Joy platform and terminate their right of use of the service without any specific reason and without being liable for compensation.
We take data protection very seriously and want to be market leader when it comes to privacy and being compliant with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
This policy explains how we use your personal data.
We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This notice applies across all websites and apps that we own and operate and all services we provide, including our online referral systems and self-referral pages. For the purpose of this notice, we’ll just call them our ‘services’.
This policy covers:
- Who we are
- Data we hold about you that we collect from you directly
- Data we hold about you which is provided to us by another person or entity
- Purposes for holding your data
- Sharing your personal data with others
- Legal grounds for holding and using data
- Retention periods
- Data storage, security and transfers
- Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by sending an email titled ‘Data Protection’ to email@example.com or writing to us at:
Address: Data Protection Officer, Pungo, City Launch Lab, 124 Goswell Road, London, EC1V 7DP, UK1. Who we are
Your relationship is with Pungo Limited. If for example, you would like to access your data, Pungo Limited is the entity to which you would make such a request.
We hold the following categories of personal data about you which you provide us directly:
When you register with us or makes a booking, personal details are collected containing identifiable information about you, such as your name, date of birth, email address and NHS number. In addition, you may disclose information on your gender or ethnicity.
Health and medical information
You may choose to provide us with health and medical information for example you may wish to store information on your Joy profile about a health condition so that we can improve the service we provide to you. This may contain information about health, symptoms, treatments, medications, referrals and allergies.
You may list a service on the Joy platform such as an activity or class, details of that information such as contact details for the service are stored on in our database.
If you make any payments on our services, their credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain credit or debit card information.
Technical information and analytics
When you use our app or visit our website, we may automatically collect the following information where this is permitted by your device or browser settings:
- technical information, including the address used to connect your device to the Internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
- information about your visit (such as when you first used our app/website and when you last used it, and the total number of sessions you have had on our app/website), including products and services you viewed or used, app/website response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the app/device or otherwise) and any phone number used to call our customer service number.
- We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as users’ interactions with our services. You can prevent the setting of cookies by adjusting the settings on your browser or your mobile phone.
Information obtained from third party services
You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name. Provided we are acting in accordance with data protection laws, we may also use information from other sources, such as specialist companies that supply information, online media channels, our commercial partners and public registers. This information can for example, help us to improve and measure the effectiveness of our services.
3. Data we hold about you
which is provided to us by another person or entity
When another person uses our services on your behalf, we need to collect some personal data. For example, three common use cases include:
- When a family member or loved one makes a referral on your behalf to a community group
- When a Social Prescriber uses Joy to make referrals for you and record notes of appointments, referrals and health information where relevant
- When a GP refers you into a Social Prescribing scheme using their GP system
We hold the following categories of personal data about you
For example, identifiable information such as your name, date of birth, email address and NHS number. In addition, diversity information may be provided for reporting purposes such as client gender or ethnicity.
and medical information
It may be necessary to hold some of your health and medical information for example when signing up to a community group it may be necessary to enter information about a disability so that you can be better supported.
Other relevant data can include information on your health, wellbeing, symptoms, treatments, medications, referrals, bookings, allergies as well as details of appointments such as notes from an appointment with a Social Prescriber.
If someone makes a payment on the app or website on behalf of you using your details, then your credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain credit or debit card information.4. Purposes for holding your personal data
The purposes for which we use your personal data are as follows:
Providing a service
- We obtain and use your information in order to establish and provide a service and (if applicable) deliver a contract to an organisation which you are associated with.
- We obtain and use your health and medical information because this is necessary for health purposes, including case management, the provision of care or treatment and the measuring of outcomes.
Improving the service, we deliver
- We will use your information to improve our services, so that we can deliver a better service. For instance,
- we may identify gaps in service provision for people with a health need in a specific location
- we may identify the services that have the greatest impact on wellbeing and share best practice across the wider health community
- we may research the impact of community referrals on health and social care resources in order to understand the link between community referrals and health
Keeping you up to date
- We may use your email addresses, phone numbers and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time
- Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
- We may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation.
- Strict confidentiality and data security provisions will apply at all times to any such audit and access.
5. Sharing your personal data with others
- We may share your personal data with health and social care providers you are part of such as the NHS and Local Authority where we have a contract to do so. For instance, notes and referrals stored in a Joy record may be shared with a GP or your Social Worker.
- We may share your personal data with service providers which you are referred to in order to enable a successful referral
- We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
- We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
- We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
6. Legal grounds for holding and using data
We collect, use and share the
data that we have in the ways described above:
- as necessary to fulfil our terms of services
- in accordance with your consent which you may provide to others when they make referrals on your behalf
- in order to fulfil a contract obligation with a Local Authority, NHS organisation or other Public Organisation you are a part of e.g. with the NHS or Local Authority
- in order to comply with our legal obligations
- as necessary for our (or others') legitimate interests, including your interests in providing an innovative, personalised and safe service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
- Your data will not be sold to third parties for advertising
7. Retention periods
We will retain your data for a maximum of ten years of inactivity or account closure
8. Data storage, security and transfers
All information is stored on our (or Our third party service providers’) secure servers located in the United Kingdom. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our services, you are responsible for keeping this password confidential.
We do not store any credit or debit card information.
Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
9. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time
You also have specific rights under the GDPR and DPA to:
- wherever we process data based on your consent, withdraw that consent at any time.
- understand and request a copy of information we hold about you. Subject to our retention periods. For other information, you can make a request by email we will return this to you within 14 working days;
- ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records
- ask us to restrict our processing of your personal data or object to our processing; and
- ask for your data to be provided on a portable basis.
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
For any questions or concerns, you can contact us by sending an email to firstname.lastname@example.org