Privacy Policy
Updated 2024-11-24
Who we are
M50m is an online platform dedicated to providing mental health services and resources. Our website address is: https://m50m.eu. M50m is committed to safeguarding user privacy and ensuring the confidentiality of personal data. If you have any questions about our services or how we handle your information, please contact us from our contact page.
Policies
Comments
When visitors leave comments, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string for spam detection.
An anonymised string from your email (hash) may be provided to Gravatar. Their privacy policy is here: https://automattic.com/privacy/. After approval, your profile picture is visible alongside your comment.
Media
If you upload images, avoid those with embedded location data. Visitors can extract location data from website images.
Cookies
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
Embedded content from other websites
Content from other websites (e.g., videos, images) behaves the same as if you visited those websites directly, meaning they may collect data, use cookies, and track your interaction.
Who we share your data with
Data sharing depends on your cookie consent preferences. Additionally, we may share data with service providers for operational purposes, such as hosting, analytics, or security, in compliance with privacy regulations. No personal data is shared without your explicit consent, unless required by law.
How long we retain your data
Comments and their metadata are stored indefinitely. Registered users’ information is stored in their profile and can be edited or deleted anytime (except usernames). Website administrators can access and edit this information.
Your rights over your data
You can request a copy of your personal data or ask for it to be deleted, except for data needed for administrative, legal, or security reasons. Please refer to the section below for specific exclusions related to mental health services.
Where your data is sent
Data stays on the platform with some exceptions: Some browser data is checked to safeguard against malicious intent, comments may be checked through an automated spam detection service, If requesting a password reset, your IP address will be included in the email.
Additional Information for Mental Health Services
This section provides an overview of the measures we take to protect client privacy.
Why must I accept the Terms and Privacy Policy?
By accepting our terms and privacy policy, you agree to the storage and use of your data. This is essential for us to read and manage your information.
Privacy policy specific to mental health clients
We do not disclose personal information (e.g., last name, address, email) to anyone other than your assigned therapist and their supervisor. Your information will never be sold or forwarded to third parties.
Terms of Use
You agree that your information will be reviewed by a licensed therapist and their supervisor. If you have a personal account, it’s your responsibility to keep your login details secure and not share them.
Confidentiality and Ethical Guidelines
Each practitioner is personally responsible for adhering to the ethical guidelines and regulations set by the relevant licensing authorities in their country. These guidelines ensure the highest standards of confidentiality and care are maintained. As a rule practitioners are bound by strict confidentiality and client protection guidelines, including safeguarding personal data, upholding client privacy, and prioritising client welfare throughout treatment. For example, in Sweden, practitioners are licensed by the national authority Socialstyrelsen and may also follow the ethical guidelines of private organisations, such as Psykoterapicentrum. Similar regulations apply to practitioners in other countries, according to local laws and licensing bodies. Also see the following section Data sharing in emergency situations.
Data Sharing in Emergency Situations
Under EU legislation, including the General Data Protection Regulation (GDPR), patient privacy and client confidentiality are of paramount importance in the mental health field. Disclosure of personal data is strictly limited and only permitted under exceptional circumstances. In cases where there is an imminent and serious risk to life or health—such as threats of self-harm or harm to others—data may be shared with relevant authorities in accordance with both legal and ethical obligations. These exceptions align with the duty to protect individuals while maintaining the highest possible standard of privacy and confidentiality. For each individual situation, only the minimum necessary information shall be shared.
Data Retention for Mental Health Information
Medical and mental health information is governed by legal regulations that differ depending on the country where the practitioner operates. Practitioners are typically required by law to retain certain records for a specified period and ensure session notes and other documents are stored securely. Compliance with these regulations is the responsibility of each individual practitioner.
On m50m.eu, sensitive mental health data, such as CORE assessments, are anonymized to protect privacy and ensure confidentiality. This means that no stored information can be linked to an identifiable individual. CORE assessments are retained only while clients are actively receiving therapy and are permanently deleted afterward. Individual practitioners may incorporate parts or the entirety of the assessments into their clinical notes as required by law or voluntarily. Clinical notes are not stored on M50m.eu and are the practitioners own full responsibility.
In the self-help section, test results are stored only if explicitly requested by the user. Otherwise, no personal data related to self-help activities is retained. Given the sensitive nature of this information, we strongly encourage users to activate passkeys to protect their accounts and prevent unauthorised access.
Data Protection Measures
M50m.eu has implemented multiple layers of data protection to safeguard user information and ensure confidentiality. The platform uses 2-factor authentication (passkeys) to prevent unauthorised access to accounts. It is hosted on a Cloudflare server, which provides SSL encryption for secure communication and protection against online threats. A robust firewall defends against malicious activities, and the system is automatically updated to maintain the latest security standards.
To ensure ongoing compliance and security, regular audits are conducted to identify and address vulnerabilities, maintaining high standards of data protection.
Emails sent from M50m.eu never contain identifiable personal data and are transmitted through a secure, DMARC-compliant email server. All data transmissions are encrypted, and user sessions are protected by automatic timeouts to reduce the risk of unauthorised access. We are regularly reminding our users to always follow security best practices to safeguard their accounts.