Effective from: 6th August 2025
1. WHO WE ARE
1.1 Paranimo Limited (Company Number 11992617) is a company incorporated in England and Wales with its registered office at 28 Salisbury Road, Farnborough, England, GU14 7AL. We operate two platforms: Paranimo and Matchifi.
1.2 This policy explains how Paranimo Limited ("We," "Us," or "Our") collects, uses, and protects personal data from users of our websites and platforms (collectively, "Platform"). The security and privacy of our users' personal data is central to our service and we want this document to give our users the confidence to use our platforms without concern or anxiety.
1.3 The UK Data Protection Act 2018 and UK GDPR set out the data protection rights for UK citizens. More information can be found here: https://ico.org.uk/for-organisations/guide-to-data-protection/
1.4 Our platforms comprise:
• Paranimo: Our mental health platform that matches qualified therapists with therapy clients
• Matchifi: Connects Clients with a wider range of independent Service Providers such as coaches, mentors, or other professionals
1.5 These platforms act as marketplaces to facilitate Service Providers providing their services to Clients, including through Business Customer schemes and reseller arrangements.
2. WHAT PERSONAL DATA WE COLLECT
2.1 Our General Principles
2.1.1 We keep personal data collection to the absolute minimum required to provide our service.
2.1.2 We only collect personal data for specified, explicit and legitimate purposes.
2.1.3 We will only use personal data for purposes stated herein, and will gain permission before making any change to those stated purposes.
2.2 Age Restrictions
2.2.1 We do not knowingly collect personal data from individuals under the age of 18 years old unless facilitated through a Business Customer explicitly configuring the Platform for such use.
2.2.2 If you are under 18 years of age you cannot use this service or give us your personal data unless authorised by an approved Business Customer scheme.
2.2.3 By using our services, you are confirming that you are at least 18 years old or have appropriate authorisation.
2.3 Data We Collect by User Type
2.3.1 End User Data (Clients)
(a) Required: Email address, password, and phone number for registration and communication.
(b) Optional: Display name (real name or pseudonym), additional profile details, preferences, availability, and any other profile information.
(c) We do not share email addresses with Service Providers without consent.
(d) The display name will be used to identify you in the Client list of your Service Provider, but you can remove your name from their list at any time by withdrawing your consent.
2.3.2 Service Provider Data
(a) Service Providers must provide more personal information to prove they are qualified to provide services effectively:
• Full name (viewable on public profiles)
• Email address, password, and phone number
• Professional Organisation Membership and Organisation ID
• Personal ID such as driving licence or passport (where applicable)
• DBS checks (where applicable)
• Insurance documentation
• Personal biographical information
• Availability preferences
• Optional: Profile images and video content
2.3.3 Business Customer and Administrator Data
(a) Business Customer Data:
• Organisation name and business registration details
• Primary contact information (name, email, phone number)
• Billing and payment information
• Subscription tier and platform configuration preferences
• Usage analytics and reporting data
• Scheme configuration data (funding limits, user allowances, platform settings)
(b) Administrator Data:
• Full name and job title
• Business email address and phone number
• User management permissions and access levels
• Audit trail of administrative actions
2.3.4 Reseller Data
(a) As all Business Customers have reseller rights, additional data may include:
• End-user introduction records
• Revenue and commission data
• Marketing and promotional materials
• Support interaction records
3. HOW WE COLLECT YOUR PERSONAL DATA
3.1 Personal data may be voluntarily given to Paranimo by you through the platforms, or as meta-data passed to us through standard online communication.
3.2 We may also receive personal data from:
• Referrals (email addresses only) where someone suggests you join the platform
• Professional organisations (for Service Provider verification)
• Business Customers, charities and unions (for Client onboarding with consent)
3.3 Additional data collection:
• Correspondence records if you contact us or other users through the platform
• Phone numbers for direct phone-based sessions (with consent)
• Manual registration initiation when Service Providers provide email to Paranimo representatives
3.4 We will never record any content from video call sessions.
3.5 Where information is supplied to us through third parties, we ensure by contract that GDPR compliant consent exists.
4. OUR LEGAL BASIS AND WHY WE USE YOUR PERSONAL DATA
4.1 Legal Basis
4.1.1 The legal basis for processing your information:
• Consent of the user
• Where necessary to perform our contract with you
• Legitimate interests for platform security, analytics, and business operations
4.2 Purpose by User Type
4.2.1 Service Provider Data
(a) Registration and login functionality (b) To advertise skills and experiences through publicly viewable profiles (c) Processing bookings and payments (including as disclosed agent) (d) Account and profile management (e) Self-billing invoice generation and commission calculations
4.2.2 Client Data
(a) Registration and login functionality (b) To show Service Providers your name (with permission) in advance of booking (c) Processing bookings and payments (d) Account management
4.2.3 Business Customer Data
(a) Platform access management and billing (b) Scheme administration and user management (c) Usage reporting and analytics (d) Customer support and technical assistance (e) Reseller activity management and commission processing
4.3 How We Process Your Data
4.3.1 Service Delivery
(a) Registration and login (b) Creating and managing profiles (c) Advertising booking availability (d) Managing calendars and bookings (e) Processing payments and generating invoices (f) Facilitating video calls (g) Commission calculations and payments
4.3.2 Agency Relationship Processing
(a) Where we act as disclosed agent for Service Providers, we process personal data for:
• Self-billing invoice generation
• Client billing on behalf of Service Providers
• Payment processing and commission deduction
• VAT compliance and reporting
4.3.3 Communications
(a) Service updates, maintenance notifications, and technical issues (b) Account security matters and verification requirements (c) Terms and policy changes requiring attention (d) Payment and billing matters (e) Platform improvements and feature updates (f) Support and assistance related to account usage (g) Compliance and regulatory matters
4.3.4 Analysis and Improvement
(a) Analysing user interactions to ensure functionality works effectively (b) Usage analysis to assess growth and inform business development (c) Ensuring service compatibility with devices and browsers (d) Assessing service effectiveness
5. WHO WE SHARE YOUR PERSONAL DATA WITH
5.1 General Principles
5.1.1 Sensitive personal data will not be shared with any third party unless you give permission except where obliged to do so by law, regulation, or legal process.
5.2 User-to-User Sharing
5.2.1 Only a Client's chosen Service Provider can see the Client's name (with Client permission).
5.2.2 Service Provider profiles are publicly available for marketing purposes.
5.2.3 Service Providers may see Business Customer organisation names when providing services to scheme members.
5.3 Business Customer Data Sharing
5.3.1 In accordance with our Terms of Service, certain personal data may be shared between Clients, Service Providers, and Business Customers for:
• Delivering services through funded schemes
• Managing user consent and access
• Customer support activities
• Invoicing and payment processing
• Compliance and audit purposes
• Safeguarding responsibilities
• Scheme administration
5.3.2 Administrator Access Rights: Business Customer Administrators can:
• View and manage users within their schemes
• Access usage reports and analytics for their organisation
• See Service Providers who have provided services to their scheme members
• Manage billing and subscription settings
• Access data necessary for safeguarding responsibilities
5.4 Reseller Data Sharing
5.4.1 As Business Customers have reseller rights, they may:
• Access data about End-Users they have introduced
• Receive commission and revenue information
• View performance analytics for their reseller activities
• Access support data for End-Users they manage
5.5 Agency Relationship Data Sharing
5.5.1 In our role as disclosed agent for Service Providers:
• Client billing information is shared for invoice generation
• Service Provider details are included in client invoices
• Payment and commission data is processed and shared
• VAT information is collected and processed as required
5.6 Third-Party Sharing
5.6.1 We may share personal data with third parties in these circumstances:
• Personal identifiers with third-party service providers required for core services
• Professional organisation membership verification
• Where necessary for protecting rights or safety of staff, partners, or users
• Where obliged by law, regulation, or legal process
• For legally compliant invoicing and VAT compliance
5.7 Third-Party Service Providers
Auth0: User authentication and authorisation services. Privacy policy: https://auth0.com/privacy/ (using EU servers).
Stripe: Payment processing. Privacy policy: https://stripe.com/gb/privacy.
Sendgrid (Twilio): Notification emails or chat system. Privacy policy: https://www.twilio.com/legal/privacy.
Courier: Notification emails. Privacy policy: https://www.courier.com/privacy-policy.
PlanetScale: Database hosting. Privacy policy: https://planetscale.com/legal/privacy.
Vercel: Hosting and blob storage for invoices. Privacy policy: https://vercel.com/legal/privacy-policy.
Whereby: Video conferencing. Privacy policy: https://whereby.com/information/tos/privacy-policy/.
For US-based providers, we ensure appropriate safeguards through Standard Contractual Clauses or other approved transfer mechanisms.
6. DATA CONTROLLER AND PROCESSOR RELATIONSHIPS
6.1 User Types
6.1.1 Our platforms serve several user types:
• Administrator: a person authorised by a Business Customer to manage a Scheme
• Business Customer: an organisation that buys access to the Platform for its staff, students or customers
• Client: an individual who receives services from a Service Provider through the Platform
• End User: Any user type on a Paranimo Limited platform
• Reseller: a Business Customer who promotes or resells access to the Platform
• Service Provider: A therapist using Paranimo, or an independent service provider using Matchifi
6.2 Data Controller and Processor Roles
6.2.1 Under UK data protection law, we have different roles depending on the type of data and the purpose for which it's processed.
6.2.2 When Paranimo Limited is the Data Controller:
(a) For our own business operations and platform development (b) For direct marketing to our users (with consent) (c) For platform security and fraud prevention (d) For compliance with legal obligations (e) For Service Provider verification and onboarding (f) For general platform analytics and improvement (g) For processing our own business relationships with Business Customers
6.2.3 When Paranimo Limited is a Data Processor:
(a) When processing Client personal data on behalf of Business Customers who fund their sessions (b) When processing data for Business Customer reporting and analytics (c) When facilitating data sharing between Clients and Service Providers with appropriate consent
6.2.4 When Paranimo Limited acts as Disclosed Agent:
(a) For Service Provider invoice generation and billing processes (b) For payment processing on behalf of Service Providers (c) For commission calculations and payments (d) Service Providers remain data controllers for their professional client relationships
6.2.5 When Business Customers are Data Controllers:
(a) For their own employees', students', or customers' data when they create schemes (b) For determining who has access to their funded schemes (c) For their own business purposes related to scheme management (d) For compliance with their own legal and regulatory obligations (e) For safeguarding responsibilities within their schemes (f) For reseller activities and End-User relationships they establish
6.2.6 When Service Providers are Data Controllers:
(a) For their own professional client relationships and records (b) For their own business operations and professional obligations (c) For their own marketing and professional development activities
6.3 Joint Processing Arrangements
6.3.1 In some circumstances, we may jointly process personal data with Business Customers, particularly for:
• User onboarding and access management
• Service delivery coordination
• Billing and payment processing
• Customer support activities
• Safeguarding responsibilities
6.4 Data Processing Arrangements
6.4.1 Where we act as a Data Processor for Business Customers, we:
• Process personal data only on their documented instructions
• Implement appropriate technical and organisational security measures
• Assist Business Customers in responding to data subject requests
• Notify Business Customers of any personal data breaches
• Return or delete personal data when our processing relationship ends
7. HOW LONG WE KEEP YOUR PERSONAL DATA
7.1 We retain information only as long as necessary to fulfil services or comply with applicable legislation, regulatory requests, and court orders.
7.2 This typically means 7 years, but users can change or delete personal information at any time.
7.3 Specific retention periods may apply for:
• Invoice and payment records (7 years for tax purposes)
• Professional verification documents (duration of service provision plus 7 years)
• Safeguarding records (as required by applicable regulations)
8. DATA STORAGE AND SECURITY
8.1 All customer data is stored in the cloud using:
• AWS services (EU-west-1 Ireland region). AWS GDPR information: https://aws.amazon.com/compliance/gdpr-center/
• Vercel blob storage for invoices
• PlanetScale Database hosting
8.2 We take appropriate administrative and technological measures to ensure personal data is protected:
• Data access limited based on ownership and sensitivity
• Staff have minimum necessary contact with personal data
• Industry-standard security practices
• Regular security monitoring and updates
8.3 We cannot guarantee absolute security of personal data. Additional personal data beyond registration requirements is optional and provided at your own risk.
8.4 In the event of a data breach impacting your personal data, we will notify you and the ICO promptly, as required by law.
9. DATA PROTECTION OFFICER
9.1 Given the nature and scale of our data processing activities, particularly processing special category data (mental health information) and systematic monitoring of users, we have appointed a Data Protection Officer (DPO).
9.2 Our DPO can be contacted at: Daniel.condliffe@paranimo.co.uk
9.3 You may contact our DPO directly regarding:
• Questions about our data processing activities
• Concerns about data protection compliance
• Requests to exercise your data protection rights
10. YOUR RIGHTS
10.1 Data Protection Rights
10.1.1 Your right to access: Request to see all personal data we hold about you.
10.1.2 Your right to rectification: Request correction of inaccurate data or completion of incomplete data.
10.1.3 Your right to erasure: Request deletion of your data under certain circumstances.
10.1.4 Your right to restrict processing: Request restriction of processing under certain circumstances.
10.1.5 Your right to portability: Request transfer of data to another organisation or directly to you.
10.1.6 Your right to object to processing: Object to processing under certain circumstances.
10.1.7 Your right to withdraw consent: Withdraw consent for data processing at any time via your account settings.
10.2 Who to Contact for Your Rights
10.2.1 Depending on who is the Data Controller for your specific data:
• Paranimo Limited (support@paranimo.co.uk or Daniel.condliffe@paranimo.co.uk) for data we control
• Your Business Customer for data they control related to your scheme access
• Your Service Provider for data they control related to your professional relationship
10.2.2 We will help direct your requests to the appropriate Data Controller where necessary.
10.3 Marketing Preferences
10.3.1 All marketing messages are opt-in. You can:
• Use 'unsubscribe' links in marketing emails
• Update preferences in your account
• Contact us directly to opt out
10.4 Regulatory Authority
10.4.1 Data protection in the UK is regulated by the Information Commissioner's Office (ICO): https://ico.org.uk
11. INTERNATIONAL TRANSFERS
11.1 Transferring data outside the UK/EEA (e.g., to US-based providers) is not standard policy. However, in the rare occurrence it does occur due to commercial needs, we ensure appropriate safeguards for data transferred through:
• Standard Contractual Clauses
• Data Processing Agreements with adequate protection measures
• Other approved transfer mechanisms under UK GDPR
12. ACCOUNT SECURITY
12.1 You are responsible for keeping your login credentials confidential.
12.2 We recommend:
• Using strong passwords and regular updates
• Enabling multi-factor authentication where available
• Signing out when not using the platform
• Securing your internet connection, especially in public environments
12.3 You are liable for all activities conducted through your account until you notify us of unauthorised access.
13. OTHER IMPORTANT INFORMATION
13.1 Third-Party Websites
13.1.1 Our privacy policy only applies to our platforms. Third-party websites linked from our platforms have their own privacy policies.
13.2 Policy Changes
13.2.1 Our privacy policy is under regular review and will be updated on this webpage.
13.2.2 We will notify you of material changes by email or platform notification.
13.3 Business Transfers
13.3.1 If Paranimo is acquired by a third party, they will need to obtain consent to change your acceptance of these policies, but personal data will be considered a transferable asset.
14. HOW TO CONTACT US
14.1 For questions about this privacy policy or to exercise your data protection rights:
Email: support@paranimo.co.uk
Phone: 0333 049 9994
DPO: Daniel.condliffe@paranimo.co.uk
14.2 Company Details:
Paranimo Limited
Company Number: 11992617
Registered Office: 28 Salisbury Road, Farnborough, England, GU14 7AL
________________________________________
COOKIE POLICY
Introduction
This Cookie Policy explains our use of cookies on Paranimo and Matchifi subdomains (e.g., app.paranimo.co.uk, therapist.paranimo.co.uk, admin.paranimo.co.uk). For questions, contact support@paranimo.co.uk.
What Are Cookies?
Cookies are text files stored by your browser to track visitor behaviour, authenticate logins, and manage permissions. Most browsers accept cookies by default, but you can adjust settings. Disabling them may impair Platform functionality.
How Do We Use Cookies?
We use strictly necessary cookies to ensure Platform security and functionality, including authentication and access control.
Third-Party Cookies
We use trusted third-party cookies:
• Stripe: Payment processing (see https://stripe.com/gb/cookie-settings)
• Auth0: Authentication (see https://auth0.com/docs/sessions-and-cookies/cookies)
• Vercel: Hosting and authentication support (see https://vercel.com/legal/privacy-policy)
• PlanetScale: Database operations (see https://planetscale.com/legal/privacy)
• Content Delivery Networks: Cached content delivery
Strictly Necessary Cookies
These cookies enable registration, login, and secure access. Accepting them is required to use the Platform; rejecting them prevents proper login and reduces support capabilities.
Managing Cookies
Adjust cookie settings via your browser or our cookie management tool on the Platform. Disabling cookies may block registration/login.
Browser guides:
• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information
• Edge: https://support.microsoft.com/help/17442
.png)