Privacy Notice

Last updated: 21st March 2025

‍

We at BeneTalk Ltd (“we,” “us,” “our”) take your privacy seriously. This notice explains how we handle your personal information when you use our mobile application SuperPenguin (“SuperPenguin”) or any related web dashboards, digital platforms, or services (collectively, the “Service”).

Please read this notice in conjunction with our Terms and Conditions, which provide additional guidance on acceptable use and the roles of different parties.

‍

1.1 Our Company

BeneTalk Ltd is a company registered in England and Wales under company number 09914647. Our registered office is Flat 7 Foxgrove House, Foxgrove Road, Beckenham, Kent, England, BR3 5AR.

‍

You can contact us by emailing speak@superpenguin.com with any privacy-related queries.

‍

1.2 NHS users and Non-NHS users

• NHS users: If you were referred by an NHS Organisation (“NHS Organisation”) that has a direct contract with us, that NHS Organisation is the Data Controller for your personal data, and we act as the Data Processor.
• Non-NHS users: If you are referred by any other organisation (or self-refer independently), we act as the Data Controller for your personal data.

Some of this information may be stored in a way that is not personally identifiable, in which case it ceases to be personal data under data protection law. Otherwise, we treat the information described here as personal data wherever there is a reasonable possibility that it can be used to identify you.We may collect the following categories of data to provide and improve the Service:

‍

• Identifiers: Name and email address.
• Usage data: Information about how you interact with the Service (e.g., content viewed, features used, crash logs).
• Device data: Device model, operating system version, browser type, unique device identifiers, and IP address.
• Geolocation: Approximate location (country/city).
• In-app responses: If you participate in questionnaires, surveys, or provide feedback.

We do not collect special category data (e.g., detailed health information) except where strictly relevant to your use of the Service—for instance, data relating to speech, language, or communication support, if you provide it.

We collect personal data in the following ways:

‍

1. Directly from you:

When you sign up or create an account.

• When you fill in questionnaires, surveys, or feedback forms within the Service.
• When you contact our support team or otherwise communicate with us.

‍

2.Automatically:

• Cookies and similar technologies if you access web-based parts of the Service.
• Analytics using tools such as Amplitude, which helps us understand usage patterns.
• Crash reports and error logs through services like Firebase, for diagnosing technical issues and improving performance.

You may choose to disable cookies in your browser settings, but doing so might affect certain features of the Service.

We use your personal data to:

‍

• Operate, maintain, and improve the Service, including troubleshooting, crash reporting, and testing.
• Customise content so that information is relevant to your needs.
• Communicate with you, for instance to notify you of updates, provide support, or inform you of changes to our Service.
• Conduct research on an anonymised or de-identified basis to improve care and support for people with speech, language, and communication needs.
• Comply with legal obligations, including public interest requirements in healthcare or data protection laws.

Depending on whether you are an NHS user or a Non-NHS user, we rely on different legal bases:

‍

• NHS users: Your NHS Organisation generally establishes the lawful basis (e.g., consent, provision of healthcare, public interest). We act on their instructions as a Data Processor.
• Non-NHS users: We rely on one or more of the following lawful bases:

Consent: For certain optional features or direct marketing.

Contract: Processing necessary to provide the Service you have requested.

Legal obligation: Where we must comply with a regulatory or statutory duty.

Legitimate interests: For improving our Service, provided such interests are not overridden by your data protection rights.

‍

‍

6.1 With your Referring Organisation

• NHS users: We share data only as directed by the NHS Organisation acting as the Data Controller.
• Non-NHS users: If you were referred by another organisation (e.g., local authority, private clinic), we may share aggregated or relevant usage data with them if necessary for service provision or support, subject to confidentiality obligations.

6.2 Service Providers (Sub-Processors)

We use third-party providers for hosting, analytics, notifications, and system administration (e.g., Firebase, Amplitude). These providers process personal data on our behalf and must follow strict data protection and security standards.

‍

6.3 Research and Development

We may share non-identifiable or anonymised data with external organisations, such as universities, for the purposes of research aimed at improving speech, language, and communication support. This will be done using secure methods, ensuring that any shared information cannot be linked to you as an individual.

‍

Additionally, if any findings are published (for example, in academic journals), these will contain only aggregated data or otherwise de-identified statistics that do not reveal personal details. We do not share any personally identifying information for research without your explicit consent, where required by law or applicable data protection regulations.

‍

6.4 Compliance and Legal Requests

We may disclose your data to law enforcement, government bodies, or other authorised third parties if required by law or if we believe it is necessary to protect our rights or the rights of others.

7.1 Retention Period

We keep your personal data for no longer than is necessary for the purposes for which it was collected. This varies based on your user type:

• NHS users: Retention policies may align with NHS guidelines and the contractual requirements set by the NHS Organisation.
• Non-NHS users: We typically retain data for a maximum of ten (10) years unless a longer period is required by law.

‍

7.2 Security measures

We use industry-standard technical and organisational measures to protect your personal data, including encryption in transit and at rest, secure server storage, and regular security assessments. We process all personal data in accordance with the Data Protection Act 2018 (”DPA”) and relevant data protection legislation, including the United Kingdom (”UK”) and European Union (”EU”) General Data Protection Regulation (”GDPR”), to ensure lawful, fair, and transparent handling of your information.

Depending on your jurisdiction and whether you are an NHS or Non-NHS User, you may have the right to:

• Request access to your personal data.
• Request correction of any incomplete or inaccurate data we hold.
• Request erasure of your data (“right to be forgotten”).
• Object to or restrict certain data processing.
• Data portability, where applicable.
• NHS users: You should direct these requests to your NHS Organisation. We will assist them in fulfilling your request.
• Non-NHS users: You may contact us directly at speak@benetalk.com.
  

We primarily store and process your data in the UK or the European Economic Area (EEA). However, some of our service providers may be located in other countries with different data protection laws. We ensure appropriate safeguards (e.g., standard contractual clauses) are in place for such transfers to protect your data in compliance with applicable standards.

The Service is aimed at users aged 16 and above, or those with parental/guardian oversight  as per DPA, EU and UK GDPR. Where a child is below the relevant age, the parent or guardian’s consent will be required. If we learn that personal data of a child has been processed without the proper consent, we will take steps to delete it.

We may revise this notice from time to time to reflect changes in our data practices or legal requirements. Any significant updates will be communicated via the Service or other appropriate means. Your continued use of the Service following such updates indicates acceptance of the revised notice.

If you have any questions about this notice or your personal data, please contact us at:

BeneTalk Ltd

‍

Email: speak@superpenguin.com

‍

Registered office: Flat 7 Foxgrove House, Foxgrove Road, Beckenham, Kent, England, BR3 5AR

‍

‍

By using the Service, you acknowledge that you have read, understood, and accepted the practices described in this Privacy Notice.