About us and your Personal Data 

Mycelium Group Ltd (registered number 12026869), has its registered office at 86-90 Paul Street, London, EC2A 4NE. 

Mycelium Group Ltd  takes your privacy and the law around data protection very seriously. Mycelium Group Ltd  collects very little data about you or which essentially can be used to identify you (“Personal Data”). Whenever Mycelium Group Ltd  collects Personal Data, it does so in full compliance with the law whilst being respectful of our mission, elevating a world where everyone has the mental health resilience to cope with life’s challenges. 

Specifically this Privacy Policy applies to the processing of Personal Data collected by us when you: –

1. Use our products and services such as our instructor led training, blended learning and flexible e-learning – or generally avail of our Mixed Mental Arts ™ programme and tools.
2. Visit our Mycelium Group Ltd  websites.
3. Visit our branded social media pages.
4. Visit our offices or any events Mycelium Group Ltd hosts.
5. Receive communications from us, including emails and phone calls.
6. Complete surveys.

For the avoidance of doubt, this Privacy Policy does not apply to products and tools not owned by us. For example, where our Consultants use video technologies (e.g. Zoom) through which our customers enjoy our Services, it is the 3rd party technology provider’s privacy policy which applies to your Personal Data (including your image on the video call). 

Our compliance with data protection law 

In terms of the relevant laws that apply to our business and your Personal Data, Mycelium Group Ltd  adheres to Regulation (EU) 2016/679 (the “EU GDPR”) as it applied in full prior to 1 January 2021 (and continues to apply to Personal Data belonging to persons who are located in the EU today). Mycelium Group Ltd  also complies with the retained version of the EU GDPR as it applies from 1 January 2021 in the UK (as amended and updated from time to time) (the “UK GDPR”).

Where Mycelium Group Ltd  collect data, why and how 

1. Mycelium Group Ltd website 

If you use and interact with our Mycelium Group Ltd  websites, Mycelium Group Ltd  automatically collects some Personal Data about your device and usage of our Mycelium Group Ltd  websites through cookies, Mycelium Group Ltd  web beacons, or similar technologies. Examples of less obvious Personal Data may include your Internet Protocol (IP) addresses, username, or log-on credentials. 

2. Trainings 

Mycelium Group Ltd  only collects information which you choose to give us as part of the training programmes. Should you choose not to share participant email addresses with us or should participants not consent to having their work email addresses shared – all communication with participants must be handled via a designated Client Representative who will help us administer the course. All participant data is held securely and in line with applicable laws. Mycelium Group Ltd  only uses participant data for the purposes detailed during course sign ups and delete all data when no longer required for course administration, unless permission is given by a participant to retain for purposes of future product information. Participants may make a request to Mycelium Group Ltd  to view data Mycelium Group Ltd  holds on them or to withdraw consent at any time by emailing admin@myceliumgroup.co.

3. Zoom & Video Platform Recordings 

Sometimes our Services are delivered over Zoom or similar video technologies. To assess our Consultants for performance purposes, they may record the video call. If this is the case, you would be notified prior to commencement of the recording. All recordings are stored securely on Zoom’s servers or limited-access Google Drive. Once a Consultant is certified and the recording no longer required, it is deleted. Only the Consultant is ever recorded; breakout rooms of participants are never recorded. 

In some cases, by exception, training recordings are requested by a Client. In this case, prior consent from all attendees must be gathered by the Client Representative and confirmed in writing to Mycelium Group Ltd  prior to course commencing. These recordings are stored on our eLearning platform for the duration of the course. Two weeks following completion of the course, and once the recordings are provided to the Client, where requested in advance, the recordings are deleted permanently. In some cases you may request and agree that recordings are kept longer, in line with applicable laws and consents given. Such requests must be in writing and prior to the end of the course in question

4. Surveys & Testimonials 

Mycelium Group Ltd uses SurveyMonkey, Google Forms, and Microsoft Forms for ‘impact assessments’. This often involves data relating to anonymous psychological metrics. Participants will have the option to sign opt-in for future messages regarding Mycelium Group Ltd  products, news, and Services. The participant or Client Representative may notify us at admin@myceliumgroup.co to opt-out of receiving such communications. Mycelium Group Ltd  ensures that all data is stored securely, in line with relevant laws, and only used for the purposes that participants have consented to. The objective is to only receive and process the Personal Data about you that you choose to provide. Mycelium Group Ltd only uses this information to make our company more effective at delivering mental health resilience Services that transform people’s lives for the better. 

5. Contacting Us 

If you use our “Contact Us” form or similar features, or download certain content, Mycelium Group Ltd may require that you provide us information, such as name, job title, company name, address, phone number, email address, and username/password. 

6. Third parties 

Mycelium Group Ltd may share your Personal Data with 3rd parties we’ve engaged with and are vital with delivering our Services. These include:-

– SurveyMonkey, Google Forms, Microsoft Forms: For collecting anonymous and/or identifiable impact measurements, feedback, and testimonials from course participants. Aggregated data is shared post-course with the Client Representatives or collated to understand Mycelium Group Ltd ’s trends and overall impact. 

– Pipedrive: Customer relationship management platform for managing sales and delivery. Only details of buyers and those required to administer the course which have been provided to us for the purposes of delivering courses are stored. No participant data is captured. 

– Instilled by PeopleFluent: An eLearning platform hosting Mycelium Group Ltd  course content. No user interactions exist on the platform. Users register their name, email address, and organisation. Access to this data is limited to Mycelium Group Ltd ’s Data Lead and System Support team members. It is only viewed in the case of issue resolution requested by a participant, and is never processed further outside of Instilled. Please note that user data is processed in the US. Please refer to the Storage & International Transfers section below for full details of how your data will be handled.

– Learnworlds (Mycelium Academy): The Mycelium Academy is designed to be a fully integrated and interactive platform in which user actions are monitored by Mycelium and Client Representatives. Client Representatives and Mycelium representatives can view all user data and interactions. Users can communicate with other users via the chat function and this may also be monitored. Any volunteered personal data, including email addresses, names and other volunteered items will be visible. The Learnworlds LMS is hosted on EU Google Cloud servers and is fully GDPR compliant.

– FreeAgent/Xero: An invoicing system, which auto-sends PDF’s to the Client Representatives via email plus any nominated billing email provided to us for the purposes of billing. 

For these close partners above, Mycelium Group Ltd  may automatically share information about a particular customer or account holder, along with a small amount of detail about those users whose data is incorporated within any particular tool (name and email address typically) as part of Mycelium Group Ltd ’s provision of its Services.

7. Other Information 

If Mycelium Group Ltd  are involved in a merger, reorganisation, dissolution or other fundamental corporate change, Mycelium Group Ltd  will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party. 

If a user requests assistance with the use of a third party tool or reports an issue requiring technical investigation.

Additionally, Mycelium Group Ltd  may share such anonymous usage data on an aggregate basis in the normal course of operating our business for example, Mycelium Group Ltd  may share information publicly to show trends about the general state of mental health resilience in the UK or the uptake in our products and tools over a sustained period of time. 

8. Lawful Compliance

Mycelium Group Ltd  only holds and processes Personal Data when the law allows us to. Mycelium Group Ltd  sets out below a visual depiction of the eight (8) core “legal bases” which allow us to process Personal Data under UK GDPR and EU GDPR followed by a short assessment of the most relevant to Mycelium Group Ltd ’s operations: 

• Providing our websites and services: Mycelium Group Ltd  processes your Personal Data to perform our contract with you for the use of our websites and services to fulfil our obligations under the applicable terms for the provision of Services. Where Mycelium Group Ltd  has not entered into a contract with you, Mycelium Group Ltd  bases the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with suitable training modules, and content you access and request.

• Promoting the security of our websites and services: Mycelium Group Ltd  process your Personal Data by tracking use of our websites and services, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Services, systems and applications, and in protecting our rights and the rights of others.

• Managing user accounts and registrations: If you have registered for an account with us, Mycelium Group Ltd  processes your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service.

• Handling contact and user support requests: If you fill out a “Contact us” web form or request user support, or if you contact us by other means including via a phone call or email to our Consultants, Mycelium Group Ltd  process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.

• Assessing and improving user experience (UX): Mycelium Group Ltd  processes device and usage data, which in some cases may be associated with your Personal Data, in order to analyse trends to assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where Mycelium Group Ltd  seek your valid consent. 

• Assessing capacity requirements: Mycelium Group Ltd  process your Personal Data to assess the capacity requirements of our Services to the extent that it is in our legitimate interest to ensure that Mycelium Group Ltd  are meeting the necessary capacity requirements of our Service offering (with respect to the number of people attending training or a particular module). 

• Sending marketing communications: Mycelium Group Ltd  will process your Personal Data to send you marketing information, product recommendations, and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us, our affiliates, and partners, including information about our products, promotions, or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent through a course of dealing with us.

• Complying with legal obligations: Mycelium Group Ltd  may have to disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from the Information Commissioner’s Office or other competent authority such as Court); or in order to enforce our conditions of sale and other agreements. 

Mycelium Group Ltd may want to send you information about products and services of ours that Mycelium Group Ltd think you may be interested in (on the basis Mycelium Group Ltd have an existing relationship with you). You can opt out of receiving this sort of information at any time by contacting us at admin@myceliumgroup.co.

10. Storage & Transfers including International

All data is stored securely on Google Drive or via secure email between our Staff and Consultants only where absolutely necessary for the delivery of our Services.

Where Mycelium Group Ltd  engage in some international transfers of Personal Data (those which would be considered to be outside the EEA and UK), Mycelium Group Ltd  shall continue to make sure that appropriate safeguards are in place, such as the deemed application of standard contractual clauses approved by the Information Commissioner here in the UK. This would apply to our use of Google Drive, Google Analytics, and Instilled, which are US-based service providers. 

Your data is shared amongst our internal team on a need-to-know basis. In reality this is most commonly the Service Delivery team working to supply you with information and services, and Consultants being sent details of Client Representatives.

Mycelium Group Ltd  processes and stores the Personal Data described in this Privacy Policy inside the UK mostly but also in the European Economic Area (“EEA”) and elsewhere. Mycelium Group Ltd  will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, EU GDPR, UK GDPR, plus any localised data protection laws which apply in specific jurisdictions (recognising that our compliance with UK GDPR provides us with a highly regarded benchmark from which to build upon as Mycelium Group Ltd  grow). 

How long do Mycelium Group Ltd  keep your Personal Data? 

Mycelium Group Ltd  may retain your Personal Data for a period of time consistent with the original purpose of collection as above. Mycelium Group Ltd  determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of Personal Data processed, the potential risk of harm from unauthorised use or disclosure of Personal Data and whether Mycelium Group Ltd  can achieve the purposes of the processing through other means, as we’ll as on the basis of applicable legal requirements (such as applicable statutes of limitation). 

Data Protection Lead 

Such is the importance of data protection law and best practice, Mycelium Group Ltd  have selected Luke Barton, Mycelium Group Ltd ’s COO, as our Data Protection Lead for the business. You can reach Luke by emailing Luke.Barton@myceliumgroup.co.

Your rights relating to your Personal Data 

You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:-

• To have access to your Personal Data held by us (right to access).
• To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to rectification).
• To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure right to be forgotten).
• To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing).
• To transfer your Personal Data to another controller, to the extent possible (right to data portability).
• To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where Mycelium Group Ltd  process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
• Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our websites or in our Services.
• To the extent Mycelium Group Ltd bases the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal. 

How to exercise your rights 

To exercise your rights, please contact us by using the information in the “Contact us” section, below. Mycelium Group Ltd  try to respond to all legitimate requests within one (1) month and will contact you if Mycelium Group Ltd  need additional information from you in order to honour your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests Mycelium Group Ltd  receive. If you are an employee/contractor/client/student/affiliate of a Mycelium Group Ltd  customer, Mycelium Group Ltd  recommend you contact your company’s System Administrator for assistance in correcting or updating your information. 

IT SECURITY – How Mycelium Group Ltd  secure your Personal Data 

Mycelium Group Ltd takes precautions including organisational, technical, and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorised disclosure of, or access to, the Personal Data Mycelium Group Ltd  process or use. 

In the event there is an occasion in future where there is an unauthorised use or breach with respect to Personal Data, Mycelium Group Ltd  shall comply with UK GDPR expectations and timelines (including a 72 hour investigation and reporting window) in order to mitigate the risk to any individuals affected. 

While Mycelium Group Ltd  follows generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us by using the information in the “Contact Us” section, below. 

Changes to our privacy policy 

Mycelium Group Ltd  reviews its privacy policy regularly and places any updates on this Mycelium Group Ltd  web page. Mycelium Group Ltd  will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When embarking on a new product feature, or taking on a new third party partner, or expanding into new territories, Mycelium Group Ltd  endeavour to capture and determine the level of privacy risk via proportionate internal consideration and screening exercises. That will then inform any updates to this Privacy Policy or to our business practices which may be required. 

Contact & Complaints 

Mycelium Group Ltd  are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If however, you believe that Mycelium Group Ltd  have not been able to assist with your complaint or concern, you have the right to formally write to the Information Commissioner’s Office (ICO) at www.ico.org.uk, or to the relevant data protection supervisory authority in your country of residence. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by telephone on 0303 123 1113 or 01625 545 745. 

Mycelium Group Ltd  – Cookie Policy 

Mycelium Group Ltd uses cookies and similar technologies such as web beacons, pixels, and GIFs alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us. 

When you visit our websites, Mycelium Group Ltd  or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. For example, you will notice on our websites, a range of clips and content which is powered by YouTube. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience. 

Mycelium Group Ltd uses both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. To change your cookie settings and preferences for the site you are visiting, click the Cookie Preferences link in the footer of the page. You can also control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of our services. 

Mycelium Group Ltd  also uses web beacons on our websites and in email communications. For example, Mycelium Group Ltd  may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications.

The following describes how Mycelium Group Ltd uses different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies. 

Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.

If you have chosen to identify yourself to us, Mycelium Group Ltd  may place on your browser a cookie that allows us to uniquely identify you when you are logged into the website. Cookies are essential to operate the websites, as such, there is no option to opt out of these cookies.

Functional cookies

Functional cookies enhance functions, performance, and services on the websites. Some examples include: cookies used to analyse site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual. Functional cookies may also be used to improve how our websites function, including our use of module clips and video clips. This helps us to provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often. 

Mycelium Group Ltd  may use our own technology or third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements. For example, Mycelium Group Ltd  uses Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about You can choose to opt out of functional cookies. To change your cookie settings and preferences, including those for functional cookies, click the Cookie Preferences link in the footer of the page. To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here. To learn how to control functional cookies via your individual browser settings, click here. Google’s privacy practices by going to www.google.com/policies/privacy/partners/.

Google Analytics uses cookies to help us analyse how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. This information is used by us to improve our websites.

You can choose to opt out of functional cookies. To change your cookie settings and preferences, including those for functional cookies, click the Cookie Preferences link in the footer of the page. To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here. 

Targeting or Advertising Cookies

Targeting or advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct specific marketing to them. Some examples include: cookies used for remarketing, or interest-based advertising. To opt out of any advertising cookies, please visit the opt-out pages of the Network Advertising Initiative and opt-out from the setting of cookies on your individual browser.

Where available, you may opt-out from the collection of non-essential device and usage data on your web browser by managing your cookies at the individual browser level. While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked. These features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators.

Video Conferencing data and images

Mycelium Group Ltd  understands the importance of modern video communication tools which help support the Consultants and Users who use our Services. It is important to remember that Mycelium Group Ltd  does not directly provide or own the communication tools used in the delivery of its Services. It is important you are aware of the approaches to image-use and Personal Data inputted by the various video-call providers. The below links are some examples of their approaches to data privacy by these 3rd party organisations:

• https://www.microsoft.com/en-gb/microsoft-teams/security/ 
• https://zoom.us/privacy/  
• https://whereby.com/information/tos/privacy-policy/ 
• https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/ciscowebex-meetings-privacy-data-sheet.pdf
• https://support.google.com/meet/answer/9852160