Summary of Key Points

This summary provides key points from our Privacy Policy. Find out more about any of these topics by using our table of contents to navigate to the section of interest.

What personal information do we process? When you access the BEAM app, we will process your email address. Other personal information may be processed depending on how you use, interact, and navigate the app (e.g. what information you choose to share with your peer coach via in-app messaging).

Do we process any sensitive personal information? We may process sensitive personal information, depending on how you interact with us (e.g. what information you choose to share with your peer coach via in-app messaging), and program features you use, or as otherwise permitted by applicable law and ethical compliance.

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to administer the BEAM program, communicate with you, improve the program, to ensure your safety, and for security and fraud prevention. We also process your information for research purposes, for which consent is separately obtained and stored by BEAM research teams. We process your information when we have a valid ethical and legal reason to do so.

In what situations and with which parties do we share personal information? Full effort to keep your personal information confidential will be enacted, but absolute confidentiality cannot be guaranteed. Your personal information may be disclosed if required by law. We may share information in specific situations called "exceptions to confidentiality." BEAM research teams are trained to follow mandatory reporting regulations that require institutional employees/staff to report suspected cases of child maltreatment (abuse, neglect, or endangerment).

How do we keep your information safe? The University of Manitoba and Mindsea have institutional and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to bypass our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights in Canada (https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/).

How do you exercise your rights? The easiest way to exercise your rights is contacting the team at beam.research@umanitoba.ca. We will consider and act upon any request in accordance with applicable data protection laws.

1. What Information Do We Collect?

Personal information you disclose to us.

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the BEAM app, express an interest in obtaining information about us and the BEAM app, when you participate in activities on the BEAM app, or otherwise when you contact us.

Personal Information Provided by You.

The personal information that we collect depends on the context of your interactions with us and the BEAM app, the choices you make, and features you use. The personal information collected in-app may include the following:

• email address

• username

• screentime/app usage

• in-app symptom monitoring survey data

• online forum topics and posts

• lesson activity engagement data

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable ethics standards and the law, we process the following categories of sensitive information:

• health data

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

App engagement data: Data on app engagement may include time spent on the app, videos watched on the app for each participant.

Forum data: All posts and comments made within the forum will be collected as qualitative data. Posts and comments will be linked to non-identifiable participant usernames.  

Personally identifiable information: No personally identifiable information will be collected in the app. All data will remain linked to non-identifiable participant usernames and the anonymity of users will remain protected. The BEAM app will not have access to the personal information you have on your phone, such as your contacts or text messages.  

Data Backup: The backed-up data will include user emails and usernames; lesson activity responses; public forum topics, posts, notifications, and mentions, including any posts that have been archived (removed from public view); private conversations with peer coaches; video engagement data; lesson activity responses; responses for weekly symptom monitoring survey.

Information automatically collected

In Short: Some information such as your Internet Protocol (IP) address and/or browser and device characteristics is collected automatically when you visit BEAM.

We automatically collect certain information when you visit, use, or navigate the BEAM app. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use BEAM, and other technical information. This information is primarily needed to maintain the security and operation of BEAM, and for our internal analytics and reporting purposes.

The information we collect includes:

Log and Usage Data: Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use BEAM and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the BEAM app (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings

Google Cloud: Internet Protocol (IP) address and/or browser and device characteristics is collected and stored for diagnostics for 300 days, as per industry standard.

Vimeo: Internet Protocol (IP) address and/or browser and device characteristics is collected and stored for viewing video analytics.

2. How Do We Process Your Information?

In Short: We process your information to administer the BEAM program, communicate with you, improve the program, to ensure your safety, and for security and fraud prevention. We also process your information for research purposes, for which consent is separately obtained and stored by BEAM research teams. We process your information when we have a valid ethical and legal reason to do so.

We process your personal information for a variety of reasons, depending on how you interact with BEAM, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

• To deliver and facilitate delivery of the BEAM app to the user. We may process your information to provide you with the requested service.

• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

• To protect BEAM. We may process your information as part of our efforts to keep BEAM safe and secure, including fraud monitoring and prevention.

• To evaluate and improve BEAM and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our clinical trial, and to evaluate and improve BEAM, and your experience.

• To identify usage trends. We may process information about how you use BEAM to better understand how the BEAM app is being used so we can improve it.

• To develop a clinical program for mental health and parenting support. Using personal data to track effectiveness of our app in supporting parenting and mental health.

3. What Legal Bases Do We Rely on To Process Your Information?

We value the confidentiality of BEAM participants and are committed to protecting all participant information. The University of Manitoba and Mindsea have extensive technical and administrative measures in place to securely and safely protect your data.  

Data exported from the BEAM app is stored directly on the University of Manitoba’s server in Winnipeg, Manitoba, Canada. Only research staff can access this information and all access will be tracked and documented. Data collected in this study will be securely stored for 5 years after publication of research results which is consistent with the University of Manitoba’s policy requirements. We also adhere to legislation regarding Personal Information, including The Personal Health Information Act and The Freedom of Information and Protection of Privacy Act. 

BEAM Data Breach procedure

To prevent or mitigate data loss, backups of all participant data are performed daily using an automated script. The backup is stored in the Google Cloud Platform hosted in a Montreal data center (northamerica-northeast1).

Members of the research team will control this instance and be able to control who has access. Trained personnel (researchers or their delegates) can restore backups, within 24 hours or less. 

In Short: We only process your personal information when we believe it is necessary and we have a valid legal or ethical reason (i.e., legal basis) to do so under applicable laws or ethical procedures (e.g. with your consent), to comply with laws, to provide you with the BEAM app to enter into or fulfill our ethical obligations, to protect your rights, or to fulfill our legitimate research interests.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way

• For investigations and fraud detection and prevention

• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim

• For identifying injured, ill, or deceased persons and communicating with next of kin

• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse

• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province

• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records

Should there be changes in the purpose of data collection, per ethics protocols, all participants will be contacted to reconsent.

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

• When we use Google Analytics. We may share your information with Google Analytics to track and analyze the use of the BEAM app. To opt out of being tracked by Google Analytics across the BEAM app, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

• Your personal information may be disclosed if required by law. We may share information in specific situations called "exceptions to confidentiality." BEAM research teams are trained to follow mandatory reporting regulations that require institutional employees/staff to report suspected cases of child maltreatment (abuse, neglect, or endangerment).

  • The BEAM Program does not explicitly focus on child maltreatment. However, should you volunteer information over the course of the program that leads us to suspect that your child has experienced or is experiencing maltreatment, we may ask you additional clarifying questions and may be obligated to contact a child welfare agency.

  • We will take precautions to determine your safety, the safety of your child or others if we hear that you or your child plan to hurt themselves or someone else. This may mean notifying others.

  • You may disclose that you are having thoughts or urges related to self-harm or have thoughts about death. We will ask some follow-up questions to learn if these are recent and if the behavior is high-risk. If we believe these behaviors are life threatening, we will take necessary actions to prevent this from happening, such as calling a local mobile crisis unit that operates through the police station and will come to assist you. We want to emphasize that telling us you engage in self-harm or have had recent thoughts about death will not automatically result in our calling a local crisis unit.

  • Other instances where we may share information with others will only be done with your consent. For example, if you have another provider that we should contact to discuss the BEAM program, we will have you complete a standard release of information form.

  • Participant data will not be shared with other parties, except for the purposes that have been set out in the Privacy Policy.

5. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law or ethical procedures. No purpose in this policy will require us keeping your personal information for longer than sixty (60) months past the termination of the user's participation in the BEAM program.

When we have no ongoing legitimate need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.