Hello and welcome to ZunTold. ZunTold (company number 10311055) is both a publishing company and a provider of counselling services. You can buy books from us directly and we work with professional authors publishing their work for education and trade. We also offer consultancy to companies, local authorities, NHS and third- sector organisations working in the digital health space.

In addition, we also run a digital bibliotherapy and therapeutic writing service for the social care and health sector whereby you can access books, write for our community and work alongside a therapist who has been trained in therapeutic writing skills as well as other therapeutic approaches. We have developed our privacy policy to make sure that everyone we come into contact with, whether that be authors, customers who purchase books, employees and trainees and service users who use our therapy services, can be assured that their data is safe and that we operate to the highest levels of confidentiality, security and that we comply with our legal duties.

This notice explains who we are, and details how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information, and how to contact me, as ZunTold’s Data Protection Officer in the event you have a question or a complaint. We have split our Privacy policy into two sections. Section 1 covers ZunTold customers who use the store to purchase books and others we work with us such as professional authors, employees, trainees or in a consultancy capacity. The second section relates specifically to the Privacy Policy for our Fiction as Therapy service users.

How to contact us

First of all, if you have any questions about our privacy policy or the information we hold about you, please feel free to contact me directly:

Elaine Bousfield, Founder of ZunTold and Data Protection Officer on elaine@zuntold.com

Our registered office is 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ


Who are we?

ZunTold Ltd collects, uses and is responsible for certain personal information about you. When we do so we are subject to the Data Protection Laws described below and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Key terms

Here are some key terms used in this notice:

Data protection laws

The General Data Protection Regulation and the Data Protection Act 2018 in each case as amended, updated or replaced and as they apply to the UK.

Personal information - known as Personal Data

Any information relating to an identified or identifiable individual.

Special category personal information

This is personal information which reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.

Contractual service or 'contract'

This relates to data we have to collect from you in order for us to be able to fulfil our obligations to you that may have arisen from us agreeing to deliver a product, service or intervention for you or alongside you. It may also relate to a contract we have with a third party such as a health provider such as the NHS or Social Care (for example) to supply you with a service that they have commissioned from us.

Legitimate interest

Legitimate interests relate to the data we have to collect so we are able to fulfil our business and contractual interests. These have been weighed against the rights of the individual and we have ensured we only collect the data we need in order to be able to fulfil our promises to our end users and our customers. This can be to sell books, services and ensure we are delivering a good experience to all of our end users.

In the context of our services we expect that the special category personal information which we are most likely to process will be for our fiction as therapy service and will be data concerning your wellbeing and mental health, ethnicity, gender and age. Our legal basis for processing this data in our fiction as therapy service is to deliver a 'contractual service' to you. It is also collected under the legal basis 'legitimate interest' as it helps us to measure how we are performing as a service and how to improve our service.

Website Payments

We do not currently store credit card details nor do we share financial details with any 3rd parties. All payments are processed via PayPal.

Children under 13 years of age

We do not collect information from children under the age of 13 outside of our Fiction as Therapy service. No personal information (such as name, address or email address) is collected by, or should be submitted to us by children under 13 without the consent of their parent or guardian.

If you are under 13 and would like to register your details with us for any reason, unless you have been referred into our fiction as therapy service by one of our commissioned organisations whereby we will collect data (see section two), please ask your parent or guardian to read our privacy policy on your behalf. A guardian always has the right to question what information we store on a child and ask for that information to be deleted.

SECTION ONE

Personal information we collect about you

Customers

If you are a customer shopping in our online store for books, we may collect and use the following personal information about you:

  • your name and contact information, including email address and telephone number
  • your personal interests such as genres you like, authors, and audiences
  • any feedback you choose to give us
  • Authors, employees, consultancy customers

  • your name and contact information, including email address and telephone number
  • your personal interests such as genres you like, authors, and audiences
  • any feedback you choose to give us
  • your gender and ethnicity information
  • your date of birth
  • medical, personal, bank details and other information and/or options that you provide to us during interviews, contractual documents and/or discussions with you.
  • How your personal information is collected

    We may collect certain information or data about you in various ways. The main ways we do this are outlined below:

  • When you submit enquiries or feedback through one of our website forms, or sign up for email updates, we may collect your name, email address, telephone number and other information.
  • When you apply to work with ZunTold as an employee, trainee or as an author
  • When you use our website, we will collect:
    • your IP address.
    • information on how you use our website, that will help us improve the website.
  • When you participate in any of our research projects (including through interviews and focus groups) we may collect your name, contact and other details.
  • When you commission ZunTold to undertake consultancy activity, we may collect your name, email address, role, organisation and other information.
  • When you contact us directly, we may keep a record of that correspondence.
  • How and why we use your personal information

    Under data protection laws, we can only use your personal information if we have a proper reason for doing so.

    The points below explain what we use (process) your personal information for and our reasons for doing so.

    Products and services

    We need to process your personal data when we provide you with information, products and services that you have requested from us or when you enter into a contract with us as an employee, trainee, author or in any other contractual relationship. We do so because it is necessary for our legitimate interests and/or because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract.

    Marketing

    When we send marketing communications to you at a business email address, we do so because it is necessary for our legitimate interests. Our legitimate interests include disseminating our research and analysis, to promote books and publications as well as highlighting other relevant products and services, in order to fulfil our mission to bring better mental health through fiction and through bibliotherapy and therapeutic writing to everyone. In respect of personal email addresses, we will only send you marketing with your explicit consent and you can opt out at any time.

    We will always treat your personal information with the utmost respect and never share it with other organisations for marketing purposes.

    You have the right to opt out of receiving promotional communications at any time by contacting us on the contact us tab We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

    Personal data gathered from publicly available sources

    We gather limited personal data from publicly available sources (such as announcements about job moves in the publishing sector, authors pages, announcements by agents or in the health and social care sector) so that we can contact individuals who we think will be interested in our products and services or in working with us. We do so in connection with our legitimate interests as referred to above under 'Marketing'.

    Other bases for processing

    We may need to process your personal data for compliance with our legal and regulatory obligations, including where it is necessary for the prevention and detection of crime, or for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property).

    Who we share your personal information with

    We routinely share personal information only with our service provider Dropbox as a data back-up service provider. Your information is processed within ZunTold for internal management reports and accounting. Outside ZunTold personnel, our book-keepers and accountants, we will not share your personal information without your consent.

    We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations. We will only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.

    We may also need to share some personal information (excluding special category personal information) with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

    We will not share your personal information with any other third party.

    Where your personal information is held

    Information may be held at our virtual or physical offices and on the servers of our service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’). Online data is encrypted (coded which ensures your data is protected) and stored securely within the ZunTold platform.

    How long your personal information will be kept

    We will retain your personal data no longer than is necessary for the purposes for which it is processed. For example, it may be kept for the duration of a service or product you receive from us or as part of our legal obligations.

    We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request.

    When it is no longer necessary to retain your personal information, we will delete or anonymise it.

    Your rights

    You have the following rights, which you can exercise free of charge:

    Access

    The right to be provided with a copy of your personal information (the right of access).

    Rectification

    The right to require us to correct any mistakes in your personal information.

    To be forgotten

    The right to require us to delete your personal information - in certain situations.

    Restriction of processing

    The right to require us to restrict processing of your personal information - in certain circumstances, e.g. if you contest the accuracy of the data.

    Data portability

    The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.

    To object

    The right to object:

  • at any time to your personal information being processed for direct marketing (including profiling);
  • in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
  • Not to be subject to automated individual decision-making

    The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

    For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

    If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer; see above: ‘How to contact us’; and

  • let us have enough information to identify you (e.g. your full name and address);
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.
  • Keeping your personal information secure

    We have appropriate security measures (encryption of online data – that is coded to ensure your data is protected and the use of Drop Box to store data not collected by the ZunTold platform) to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

    How to complain

    We hope that we can resolve any query or concern you may raise about our use of your information.

    The data protection laws also give you right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner who may be contacted at ico.org.uk/concerns or by telephone: 0303 123 1113.

    Changes to this privacy policy

    This privacy notice was published on July 21st 2021. It will be reviewed annually.

    We may change this privacy notice from time to time outside of the annual review. When we do, if you've given us your email address as part of registering for our services, we will inform you via email.

    SECTION 2

    This part of our privacy policy relates to our Fiction as Therapy service.

    Your Privacy and Safety

    ZunTold run a Fiction as Therapy service.

    We take the privacy and safety of our users very seriously. We have explained the Privacy Policy below. If you are not sure of anything please do get in touch with us at elaine@zuntold.com.

    Elaine Bousfield is the founder of ZunTold and the Data Protection Officer.

    You can write to us at 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ, but feel free to email us if that is better.

    Who are we?

    ZunTold Ltd runs a digital Bibliotherapy and Therapeutic Writing counselling service and doing this means we collect, use and are responsible for certain personal information about you. When we do so we are subject to the Data Protection Laws described below and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

    Website Payments

    We do not currently store credit card details nor do we share financial details with any 3rd parties. All payments are processed via PayPal. This will not affect current users of our service as it is free to the end user, paid for by health, social care or education cohort that you belong to. Should we open the service to a subscription model we shall follow the same methodology of not storing credit card or debit card payment details nor will we share financial details with any 3rd parties. All payments will be processed via PayPal or a similar system.

    What personal information will you collect about me?

    When you use the Fiction as Therapy service from ZunTold we need to collect some personal data from you. This is known as your Personal Data.

    How, where, and why do we collect it?

    Firstly, when you sign up to use ZunTold Fiction as Therapy you have to put in a code.

    You only have to do this the once. This code tells us which health, social care, education provider that you are affiliated with but this code doesn’t identify who you are. We use the code system so we can deliver a contractual service to you. The health, education or social care provider has contracted us to offer a free service to people from their cohort. We cannot start to do this if we do not know which provider cohort you belong to.

    Secondly, once you have put in the code we ask you to create a username (not your real name) to use in the community book comments section so your identity is protected. This is the name you will go by in the community and in the support section of the site if you prefer to use your user name with your counsellor. You can choose to use your username or a pseudonym when you publish your creative writing for the community library, or if you want to use your real name when publishing your writing, you can do so. This will mean that community members will know your real name and it will end your anonyminity on the community aspects of the site, so please be aware of that.

    Thirdly we collect the following Personal Data from you

  • Your first name, last name and email address
  • Your date of birth
  • We collect your first name, second name and email address from you and encrypt them. The counselling team have access to your first name, second name but do not have access to your email address, only the clinical management team, and this information is not shared with the counsellor. We do this for safeguarding reasons, because we have a duty of care to you. Our legal basis for collecting this Personal Data from you is our contractual obligations to you and to our commissioners. It is also to fulfil our legal and statutory duties when working with children and young people under the age of 16 years of age, and with vulnerable adults. Your counsellor will know your age from the date of birth we have collected from you. This falls under the legal basis of our Contractual obligations with you, and our legitimate business interests; as it allows us to fulfil our contractual service to you with regard to appropriate content and allows us to assess for Gillick competency for young people under the age of 16 years of age.

    Safeguarding

    We have a Duty of Care to safeguard your well-being.

    If we are really worried about you and think that you are at risk or danger, we will talk to you about the need for somebody else, such as your health care or social care provider, GP or another agency outside of the ZunTold team to know what has happened or is happening to you. We would only do this if:

  • Your mental health or physical health is deteriorating and you need specialist input that you are currently not accessing or are accessing
  • You are at risk of harm from somebody else
  • Your life is at risk because of something that you are doing
  • You are a risk to somebody else
  • In cases such as these, our counsellors will ask you to consent to share your details so that we can refer you to the appropriate support services or get you the help you need. If you do not consent but your counsellor or the clinical management team feels it is a safeguarding issue, then they may share/refer with any details we have.

    If this was to happen we would:

  • Let you know who we are passing details to and why
  • Keep you informed of any actions we intend to take
  • Where possible, work with you to agree every step we are taking
  • On very rare occasions, where the situation is very serious, we may have to act without talking to you first.

    Other Personal Data we collect from you at the sign- up process

    We also collect and use the following personal data which is called special category data:

  • Your gender identity
  • Your ethnicity
  • This information helps us to improve our service and ensure we are reaching our population and communities in an equal way. This data is collected under the legal basis ‘legitimate interest’ as it helps us to measure how we are performing as a service. This data will be kept in the file under your username but the clinical management team will be able to connect the notes to your real name.

    We also collect information on:

  • Your favourite genres and what books you like to read
  • Your emotional, personal and other information/shared books and/or options that you provide to us during your therapy and support work with us. This is stored under your user name, not your real name and is collected so the counselling team has a record of the work we have done with you and can plan the work that you are doing together.
  • We collect this information in order to deliver a contractual service to you to ensure our therapeutic work is achieving outcomes for you and for our legitimate interest in being a publisher/ aggregator of content and ensuring our books are of the right genres and type for our service users and which ones are popular and which ones are not and which ones are helping and which are not. This helps us choose the right authors and become a better publisher/aggregator. It also allows us to fulfil our legitimate interest in safeguarding you.

    How is the data collected?

  • When you sign up as explained above
  • Should you choose to submit enquiries or feedback through one of our website forms, or sign up for email updates, we may collect your user name or name, email address, telephone number and other information.
  • When you use our website, we will collect:
    • your IP address
    • information on how you use our website that will help us improve the website.
  • When you choose to participate in any of our research projects (including through interviews and focus groups) we may collect your name, contact and other details.
  • When you contact us directly, we may keep a record of that correspondence
  • Do we share your personal data with anyone else?

    We collect information or data on a quarterly basis in order to share information with commissioners who make the service available to you or/and to improve our services. Any data shared in this way is fully anonymised and is used to help inform the organisations commissioning us about the usage of the service and allows us to see where we need to improve. The anonymised data we share:

  • Number of users
  • Gender, age, cohort
  • How the site is being used – messaging, chat, writing, templates
  • How many books are being read
  • Which books are being read
  • Feedback given to the service
  • Why users are using the service (presenting issues)
  • Outcomes achieved and progress made
  • For research purposes
  • Anonymised case studies
  • Customer journeys
  • Research and analysis in the field of physical and mental health

    We are committed to evaluating the evidence base for therapeutic writing and guided bibliotherapy as a school of counselling and psychotherapy and education.

    For ZunTold to be able to improve its services, we sometimes work with trusted partners, including universities and NHS organisations to help us analyse our data.

    This includes working with researchers from universities who get ethical approval for their work.

    The data which we provide to them is a mixture of statistics, information, artistic work (in the Write section) and case studies that you have provided to us or we have pulled together from the work we have done with you and anonymised so that your identity is protected. The statistics include data such as books read, feedback given and reactions to the library texts, plus volume and types of books and poems written by service users and shared in the community library. We also include outcomes recorded, age, ethnicity, and gender of service users as well as other information provided to the service such as goals or assessments, themes within templates and service usage data. Other information includes both public and private information shared within ZunTold. Public information refers to any community bibliotherapy discussions and feedback given to our service and work published in the community library. Private information refers to any communication you have with the counselling team either through chat (one-to-one messaging) or messaging the team.

    Unless we have asked you first if you wish to take part in a specific research programme which requires your Personal Data – that is data which identifies you - the research we do with these bodies does not contain any personal data which could be used to identify you - it is completely anonymised.

    No identifiable information will ever be shared outside of our organisation for research purposes without your explicit consent.

    Referrals from outside agencies to Fiction as Therapy

    Sometimes, people are referred into our service by a third party, such as your GP, social worker or another service you may have been working with.

    If you have been referred to us by someone and they have shared your Personal data with us, we will keep your personal details in a confidential section of your account that can only be seen by the clinical leadership team. This information would only be used in situations described in the Safeguarding section.

    Where your personal information is held

    All information is stored securely within the ZunTold Platform and is only accessible to the ZunTold team. Our systems are encrypted - all case notes, communication between counsellors and service users are encrypted. This means they are coded which ensures your data is protected. ZunTold uses Site Ground for hosting. Site Ground has an SSL certificate and our data is encrypted with an encyrption key. If we have to share personal idenifying data about you for referral purppses to third party partners, this is done using email which has a 256-bit encyption key.

    Books written by you are shared in the community but are edited and discussed with you by our team before publishing. These are not encrypted and although you can produce duplicate versions of them, you cannot delete them by yourself once published. It may not be possible to remove the books published to the community as other community members may be reading them.

    Therapeutic templates are only shared with your therapist and are encrypted.

    Some data may occasionally be held at our virtual or physical offices and on the servers of our service providers, representatives and agents - we share personal information with our service provider DropBox as a data back-up service provider. This relates to external referrals and communication with our external partners where referrals may have been made on your behalf. All online data is encrypted (coded which ensures your data is protected) and stored securely within the ZunTold platform as described above.

    How long your personal information will be kept

    We will not retain your personal information for longer than necessary for the purposes set out in this policy. We usually keep your personal data for 7 years after you have stopped using the service but different retention periods apply for different types of personal information and in some cases, we may need to keep it for longer, if we legally have to. Further details on this are available on request.

    When it is no longer necessary to retain your personal information, we will delete or anonymise it.

    Your rights

    You have the following rights, which you can exercise free of charge:

    The Right to be informed

    By providing you with this document we are giving you information on what data we collect from you and why

    Access

    You can ask about your personal data that we hold – this is called a ‘data subject access request

    Rectification

    The right to require us to correct any mistakes we have made in your personal information and to put this right

    To be forgotten

    The right to require us to delete your personal information - in certain situations as sometimes we can’t do this because we are required by law to hold it for a certain time

    Restriction of processing

    The right to require us to restrict processing of your personal information - in certain circumstances, e.g. if you contest the accuracy of the data.

    Data portability

    The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.

    To object

    The right to ask us to stop the processing of your personal information for a period of time if the data is not correct or if you disagree with our legal basis for using it.

    Not to be subject to automated individual decision-making

    The right not to be subject to a decision based solely on automated processing (including profiling) such as Artificial Intelligence that produces legal effects concerning you or similarly significantly affects you.

    More Information

    You can find out more about each of those rights by contacting us, or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation at

    https://ico.org.uk

    If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer:

    Elaine Bousfield on elaine@zuntold.com

    Or write to use at ZunTold, 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ

    And please:

  • let us have enough information to identify you (e.g. your full name and address);
  • let us have proof of your identity and address (a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.
  • Keeping your personal information secure

    We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

    Keeping your personal information secure

    We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

    How to complain

    We hope that we can resolve any query or concern you may raise about our use of your information.

    The data protection laws also give you right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner who may be contacted at ico.org.uk/concerns or by telephone: 0303 123 1113.

    Changes to this privacy policy

    This privacy notice was published on July 21st 2021. It will be reviewed annually.

    We may change this privacy notice from time to time outside of the annual review. When we do, if you've given us your email address as part of registering for our services, we will inform you via email.


    Cookie consent - We currently only use necessary cookies to make our site work. View our cookie and GDPR notice.
    Ok, got it!
    Read More