Privacy Policy

Effective date: 9 October 2025

Last updated: 9 October 2025

Who we are

Healthy Minds Golf Club is a trading name of Florio Golf Ltd. (referred to as “we,” “our,” “us” or “HMGC”). Florio Golf Ltd. is a company incorporated in England.  The Platform offers mental‑health–related content, signposting to external resources and a mechanism for members of the public to share their own experiences. We do not provide clinical care and we do not create user accounts.

This Privacy Policy describes how HMGC collects and uses personal data when you visit our website, submit information via the contact form or story‑sharing form, or interact with our resource directory.  It also explains your rights and how to exercise them.  By using the Platform you consent to the practices described here.

Controller and contact details

Florio Golf Ltd. is the data controller for personal data processed via the Platform.  We take privacy seriously and comply with the data privacy regulations applicable to us including but not limited to the UK General Data Protection Regulation (UK GDPR).

Please insert your company address, company number and an email address for privacy enquiries here:

Company address: 24 Cherry Orchard, Whitstable CT5 3NH, England

Company registration number: 16546881

Contact email for privacy matters: hellofloriogolf@gmail.com

Scope of this policy

This policy covers personal data collected through:

  • Contact form: when you write to us with questions or feedback.
  • Story‑sharing form: when you submit a personal story for publication.
  • Browsing the site: when you view pages, click links or use the resource directory.
  • Cookies and analytics: when we collect basic technical information about how visitors use the site .

The policy does not cover information collected offline or information collected by third‑party sites that we link to.  Those sites have their own privacy policies.  Our Terms & Conditions explain how and why we provide external links and make clear that inclusion in the resource directory does not imply endorsement.

What data we collect

We collect only the minimum personal data necessary to operate the Platform, in keeping with the principle of data minimisation .  You may choose to share the following information:

  • Contact information: your name, email address and any other details you voluntarily provide when you contact us via forms on the platform.
  • Story submission details: the text of your story and optional information such as a story title, photos or video link. We ask you not to include identifying information about third parties without their consent. We will use your email only to contact you for follow‑up and to obtain your permission before publication.
  • Special category data: if you choose to describe your mental‑health experiences or other sensitive information, this constitutes “special category data” under the UK GDPR. We process such information only with your explicit consent, and you may withdraw that consent at any time. Sharing this type of information is optional.
  • Technical data: information about your device and browsing activity (IP address, browser type, operating system, pages visited and interactions). We collect this using cookies and analytics tools to understand how the site is used.
  • Resource directory usage: we do not ask you to enter any personal details to browse our signposting directory. We may record aggregated statistics about which links are clicked to improve the directory, but we do not track individual users.

We do not ask you to create an account or to provide payment information.  We do not collect geolocation data.  The Age Appropriate Design Code requires services likely to be accessed by children to turn geolocation off by default , and we comply by not using any location‑tracking features.

How we use your data

We only use your personal data for purposes that are clear, explicit and legitimate.  We do not use so‑called “nudge techniques” to persuade you to provide more data than is necessary.  Our purposes include:

  1. Responding to enquiries. If you contact us with a question or feedback, we use your contact details to respond.
  2. Assessing and publishing stories. If you submit a story, we will review it for suitability, contact you for clarification or edits, and publish it with your consent. We may edit for length, clarity and tone. We will not publish your name or personal details without prior consent.
  3. Managing the resource directory. We may record anonymised statistics (e.g., total clicks) to understand which signposts are useful and to improve the directory.
  4. Monitoring and improving our website. We use aggregated analytics data to understand traffic patterns, improve navigation, diagnose server problems and maintain security.
  5. Complying with law. We may process your data to comply with legal obligations, respond to lawful requests from authorities or to protect vital interests.

We will never sell your personal data or use it for unsolicited marketing.  We will not use your story for paid sponsorship without your permission.  If we collaborate with sponsors or partners elsewhere on the site, those relationships will be clearly marked and will not involve sharing your personal data without consent.

Legal bases for processing

Under the UK GDPR we must have a lawful basis to process personal data.  Depending on the context, we rely on:

  • Consent: when you submit a story or share special category data, you consent to our processing it. You can withdraw consent at any time by contacting us.
  • Legitimate interests: when you contact us, we use your details to respond and maintain our website. We have a legitimate interest in operating a functional signposting platform and understanding how it is used, provided these interests do not override your rights.
  • Legal obligations: we may process data to comply with law or regulatory requirements, including responding to legal requests.
  • Vital interests: if we reasonably believe that someone is at risk of serious harm, we may share information with appropriate services to protect them.

If we process special category data (e.g., information about your mental health), we do so only with explicit consent or where necessary to protect vital interests .

Children and young people

Our Platform is open to all ages.  We do not knowingly collect personal information from children under 13 without parental consent, in line with the Age Appropriate Design Code and international children’s privacy laws.  To determine whether parental consent is required, we may ask for the user’s age or rely on self‑certification.  If we learn that a user is under the relevant age and we do not have parental consent, we will delete the information.  We encourage parents or guardians to contact us if they believe a child has submitted personal data without their permission.

We design our service with high privacy settings by default for children: we minimise data collection, do not offer geolocation services, and avoid nudging users to disclose more information than necessary.  We do not profile children or use behavioural advertising.  We provide separate choices for additional elements of the service so that children can decide how much data to provide.

Story submission

Sharing a story is voluntary.  We encourage you to reflect on what you feel comfortable sharing and to respect the privacy of others. When submitting a story:

  • Anonymity: you may use a nickname if you prefer. We will not publish your email address or surname.
  • Consent for publication: by submitting, you give us permission to publish your story across our digital platforms and to edit it for clarity and length. We will contact you to confirm you are happy with any edits before publication .
  • Public nature and persistence: once a story is published, it becomes publicly accessible and may be read, shared or archived by others. Even if you later withdraw your story, copies may remain on third‑party websites or in public archives. Please consider this before including personal details. Do not include contact information, specific medical advice or personally identifiable information about other people without their permission.
  • Separate release and parental consent: we may ask you to complete a separate story‑release form that confirms you have the rights to the material and that you grant us permission to publish it in all media. If you are under 13, your parent or guardian must co‑sign the release. We will not publish your story until we have received this confirmation.
  • Sensitive information: if your story contains health details, we treat this as special category data and process it only with your explicit consent . You can ask us to remove your story at any time; however, copies may persist once the story has been published.
  • Licence and waiver: by submitting, you confirm that the story is your own original work and that you have permission to include any third‑party information. You grant us and our successors a perpetual, worldwide, royalty‑free licence to use, reproduce, distribute, adapt, translate, edit and publish the story for mental‑health awareness purposes in any media. To the extent permitted by law, you waive any moral rights you may have in the story. You agree to indemnify us against claims arising from your submission, including claims that the story infringes the rights or privacy of others. We do not pay for submissions.

We reserve the right to decline to publish stories that we deem inappropriate, offensive or potentially harmful.  We may edit stories to ensure they are consistent with our tone and community guidelines and to protect privacy.

Cookies and analytics

We use cookies and similar technologies to make the site work and to understand how it is used.  Cookies are small text files that help remember your preferences and improve functionality.  We categorise cookies as:

  • Strictly necessary cookies: required for basic functionality and security. These cannot be switched off.
  • Analytics cookies: used to compile anonymised statistics on website usage (e.g., number of visitors, pages viewed). We use services like Webflow Analytics. Analytics cookies do not identify you personally.
  • Preference cookies: used to remember settings such as cookie preferences.

When you first visit our site, you will see a cookie banner.  Non‑essential cookies (analytics and preferences) are disabled by default and will only be set if you consent.  You can withdraw or change your consent at any time using the Cookie Settings link available on each page or by adjusting your browser settings.  If you delete cookies or revisit the site, you may be prompted to update your choices.  More information about cookies and how to manage them can be found at www.allaboutcookies.org .

Third‑party services and links

We use third‑party service providers to operate the Platform.  These companies act as “processors” and only handle your data under our instructions.  For example, we may use:

  • Website hosting and analytics providers (e.g., our hosting company and Google Analytics) to deliver the site and generate usage reports. These providers process technical data on our behalf and may be located outside the UK/EEA. You can learn more about Google’s data practices in its privacy policy.
  • Email services (e.g. Google Mail) to communicate with you after you submit a story or contact form. These services store your email address so we can respond.
  • Form providers (e.g. Webflow) to collect story submissions and contact requests. Data entered into these forms is stored securely by the provider and transmitted to us.

We require our service providers to protect your data and only use it for the specified purpose.  We enter into data‑processing agreements with them and ensure they implement appropriate safeguards.  We will not sell or rent your information to third parties and will only share it when you give consent, when required by law, or to protect vital interests.

Our resource directory includes links to external websites.  We provide these links for information and convenience.  We do not control those sites and are not responsible for their privacy practices.  Any personal data you provide to third‑party sites is subject to their policies.

International data transfers

Our servers are located in the UK, but we may use service providers based outside your home country.  If you access the Platform from outside the UK, your information may be transferred to, stored and processed in other countries, including countries where data protection laws differ from those in your jurisdiction.  For example, analytics data may be processed in the United States.

Where we transfer personal data outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission. If you reside outside the UK/EEA, by using the Platform you consent to such cross‑border transfers.

Data security

We implement technical and organisational measures to protect your personal data against unauthorised access, disclosure or loss.  These measures include:

  • Secure infrastructure: our servers are protected by firewalls and located in secure data centres with controlled physical access.
  • Encryption: we encrypt data in transit using TLS/HTTPS and encrypt sensitive data at rest where feasible.
  • Access controls and training: only authorised staff and contractors who need your data to perform their duties have access.

We also encourage you to take steps to protect your own data, such as not sharing sensitive information publicly, using strong unique passwords (where applicable), logging out of shared computers and being cautious of unsolicited messages.

Despite our efforts, no method of transmission or storage is completely secure.  If we become aware of a data breach that may pose a high risk to your rights and freedoms, we will inform you and the relevant supervisory authority where required by law.

Data retention

We retain personal data only for as long as reasonable and necessary to fulfil the purposes described in this policy.  In practice:

  • Contact form data is maintained in our secure systems until you request for us to destroy it.
  • Story submissions are stored until your story is published or you withdraw it. After publication, we retain your story in our archives unless you ask us to remove it.
  • Analytics data is retained in aggregated form to analyse trends. Individual user identifiers are not collected.
  • Legal and compliance records will be retained for so long as required for bona fide compliance purposes or in accordance with law or regulation.

Once data is no longer needed, we securely delete or anonymise it in accordance with our documented retention schedule.  For special category data, we apply additional safeguards and limit retention.  Anonymised or aggregated analytics data and anonymised stories may be retained indefinitely for research and historical purposes because they no longer identify individuals.

Your rights

UK and EU data subject rights

Under the UK GDPR you have the following rights:

  1. Right to be informed: to know what personal data we collect and how we use it
  2. Right of access: to request a copy of the personal data we hold about you
  3. Right to rectification: to request correction of inaccurate or incomplete data
  4. Right to erasure (“right to be forgotten”): to ask us to delete your data when it is no longer needed or when you withdraw consent
  5. Right to restrict processing: to request that we stop using your data while we resolve a query or dispute
  6. Right to data portability: to receive your data in a structured, machine‑readable format
  7. Right to object: to object to processing based on legitimate interests or direct marketing
  8. Rights in relation to automated decision‑making: HMGC does not make decisions based on automated processing or profiling

You may exercise these rights free of charge by contacting us using the details below.  Please describe your request clearly and include any information that will help us locate your data (for example, the email address used in a form submission).  To protect your privacy, we may need to verify your identity before processing your request.  We will respond within one month or within the statutory timeframe if your request is complex.  If we refuse your request, we will explain why and tell you how to lodge a complaint with the UK Information Commissioner’s Office (ICO) or, if you reside in the EU, with your local supervisory authority.

U.S. privacy rights

If you are a resident of California or another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut or Utah), you may have additional rights, such as:

  • Right to know: to request information about the categories of personal data we collect and how we use and share it
  • Right to delete: to ask us to delete personal data (subject to exceptions)
  • Right to opt out of sale or sharing: we do not sell personal information, but you may opt out of any data sharing that is considered a sale under U.S. law
  • Right to non‑discrimination: we will not discriminate against you for exercising your privacy rights
  • Right to correct inaccurate personal information: to request correction of data
  • Right to limit the use of sensitive personal information: you may direct us to limit our use of sensitive data to what is necessary to provide goods or services

If you wish to exercise your U.S. privacy rights, please contact us via the email address provided above.  We will verify your identity and respond as required by law.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.  When we make material changes, we will update the “Effective date” at the top of the policy and may provide additional notice, such as a banner on the website.  Please check this page periodically for updates.

Contact us

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, or if you wish to exercise your rights, please contact us at:

Email: hellofloriogolf@gmail.com

Postal address: 24 Cherry Orchard, Whitstable CT5 3NH, United Kingdom

If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner’s Office (ICO).  The ICO’s website is available at https://ico.org.uk.  If you live in the European Union, you can also raise concerns with your national data‑protection authority; contact details are available via the European Data Protection Board’s website.

Looking for support?

If you’re looking for emergency information, crisis support or trusted mental health advice (for yourself or someone you care about) our Get Help section is ready when you are.
Get help