Privacy & Cookie Policy


About Fettle

Kerwex Human Resources Limited t/a Fettle is proper mental healthcare for employers and individuals who want to make a real impact on their lives and their organisation’s performance.

Combining a curated team of highly-qualified mental health professionals, personalised therapist matching by real humans, dedicated training & support for managers, and a hassle-free digital experience, Fettle is Ireland’s & Europe’s first mental healthcare solution that truly covers a broad spectrum of employee and individuals mental health needs.

What's this notice all about?

We want to be completely transparent about how we collect and use your personal data. This privacy notice exists to tell you exactly how we do this.

Personal data is anything that could identify an individual, either on its own or combined with other factors that could lead to identifying an individual.

Any time we make a decision on processing personal data, we do it according to this notice—in data protection law terms, this means we're acting as a Data Controller.

Our privacy notice covers the entire journey of the personal data we process when you use our services—from the moment it enters our system, until it's time for us to say goodbye, as well as the various stops it makes along the way.

The ways we process your data

Companies partnering with Fettle

When your employees use Fettle

What personal data do we collect, why do we collect it, and what's the legal basis for this?

When an employee or individual signs up for therapy sessions with Fettle, we'll need some basic information about them, such as their name and contact details, so that we can set up their sessions. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.

During therapy, we'll also be keeping notes on anything they tell us about their mental health, their reasons for booking therapy and their history with therapy, which only the mental health professionals can view. We'll only keep information that they willingly share with our therapists and that is relevant to their therapy, and rely on Article 9(2)(a) of the GDPR - Explicit Consent - to do this.

After therapy sessions, we keep anonymous records of attendance, usage details, and clinical outcomes to help improve our service, and to allow your company to track Fettle’s effectiveness. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.

When an employee books a check-in session, we'll keep notes on anything they tell us about their mental health so we can support them better if/when they book future sessions. Only our mental health professionals can see these. We'll only keep information that they willingly share with our therapists and that is relevant to their wellbeing, and rely on Article 9(2)(a) of the GDPR - Explicit Consent - to do this.

Where do we store it?

We use a tool called Victa for our therapists to take notes for employee therapy sessions. Victa stores data with Amazon Web Services which is GDPR ready and uses standard contractual clauses for the international transfer of data to the US. You can find more information about them here .

We also use a booking tool for individual clients called Acuity which is integrated to Zoom for the delivery of our online therapy sessions. Both Zoom and Acuity use standard contractual clauses for the international transfer of data to the US. You can find our more about how they process data here, zoom acuity

 

Payment Information

After you place an order on our website you will need to make payment for the Services you have ordered. In order to process your payment, we use Stripe, a third-party payment processor. Your payment will be processed by Stripe, which collects, uses’s and processes your information, including payment information, in accordance with their privacy policies. You can access their privacy policy via the following link: https://stripe.com/ie/privacy

Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.

 

 

How long do we keep your information for?

We only keep your personal data for as long as is necessary in order to use it as described above for business or legal purposes. We will also retain your personal data as long as necessary to deal with your queries and for as long as you might legally bring claims against us. We will take all necessary steps to ensure that data privacy is maintained for the period of retention.

All counseling records will be maintained as required by the applicable legal and ethical standards according to the various counseling and psychotherapy professions licensing boards (e.g. The Irish Association of Counselling and Psychotherapy), of the country in which the therapist resides. Recording of sessions is prohibited.  

 

 

 

When your company has partnered with Fettle

 

What personal data do we collect, why do we collect it, and what's the legal basis for this?

When your company starts working with us we collect regular feedback and usage data to better understand what your company needs from Fettle, and to tailor our service to your company in line with this.

For example, we’ll sometimes ask your benefits manager or relevant point of contact for feedback via online surveys to find out how we can improve Fettle

The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.

 

Where do we store it?

We use a software called Typeform to get your feedback. Typeform is hosted in Spain and you can find out more about them here

We will also store information that your company provides us with on Google Applications. 

Google Cloud servers are located in the US. Google will use EU Commission Standard Contractual Clauses (SCCs) for the transfer of data to the US and you can find out more about them, here.

 

What personal data do we collect, why do we collect it, and what's the legal basis for this?

When employees use our digital platform, we store information about their attendance, bookings, basic topics that come up in sessions, and clinical outcomes so that they can track your progress with Fettle. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.

This information will also be shared in an anonymous, aggregated form with the company’s benefits manager or relevant point of contact, so they can track Fettle’s effectiveness overall—but when we do this, it will never be attributable to the employee personally.

 

General

When you use our website

What cookies do we collect, why do we collect them, and what's the legal basis for this?

 

Cookies are small files which are placed on your computer when you visit a website and are saved in your browser’s history. They allow the website to recognise your device and store some information about your preferences or past actions.

When you use our website, there are two types of cookies that can be set:

First party cookies, which are placed and read by Fettle directly while you are using our website.

Third party cookies, which are not set by us, but by third parties such as Google Analytics and Hotjar Analytics.

Below is a list of the cookies we use and the purposes that apply to them:

  • Necessary cookies, which are essential to the operation of our website.

  • Analytics cookies, which generate anonymous statistics on how visitors use our website and can improve the browsing experience, for example by pre-filling information that has already been filled in.

  • Advertising cookies, which will direct you to Fettle ads on other sites you visit and track your engagement with those ads. Our advertising service providers may also collect non-identifiable information about your visits to our site.

You can choose not to store non-necessary cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer.

 

 

All Fettle employees adhere to strong security measures internally

  • We enable 2 factor authentication for all tools we use, or SSO with Google. This is strict company policy.

  • Every single employee uses a password manager with a unique and strong password

  • All our laptops are encrypted

  • Company policy is to immediately install any OS software updates

  • We tightly control who can access each tool we use, with a procedure to only provide access to tools if it’s 100% necessary

What are your rights?

Your personal data is yours, and your rights in relation to it (granted by the Data Protection Commissioner) include:

 

The right to be informed

You have the right to be informed about the collection and use of your personal data, why it's being processed, how long it'll be stored for, and who it'll be shared with.

 

The right of access

 

You have the right to ask us for copies of the data we store about you.

 

The right to rectification

 

You have the right to ask us to rectify personal information you think is inaccurate, or to complete information you think is incomplete.

 

The right to erasure

 

You have the right to ask us to erase your personal information in some circumstances.

 

The right to restrict processing

 

You have the right to ask us to restrict processing your personal information for a duration of time, in some circumstances.

 

The right to data portability

 

You have the right to ask us to transfer your personal information to another organisation, or to someone else, in some circumstances.

 

You don't have to pay anything to exercise your rights. If you wish to make a request about your personal data under your rights, contact us at hello@fettle.ie, +353 (0)1 912 0367. We'll respond to you within 1 month.

Our Data Protection Officer is Brendan O’Reilly. You can contact Brendan@fettle.ie

If you have any concerns about our use of your personal information, let us know by writing to us at hello@fettle.ie

If you're not satisfied with our response, or you're unhappy with how we have used your data, you can complain to the data protection commissioner. The DPC contact details are here