MindQuest is operated by Creative Active Lives CIC, which is registered with the Information Commissioner’s Office (ICO). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy explains what data we collect, why we collect it and how we protect it.
What We Collect
Account holders
When a user creates an account, we collect the information necessary to set up and manage that account. This may include:
• Name
• Email address
• IP address
• Username or gamer tag
• Approximate location data where automatically generated by the website
• Any information provided within the user profile
Survey users
Where users complete wellbeing surveys or interactive tools, we may collect:
• Gamer tag or username
• IP address
• Responses provided within the tool
We only collect data that is necessary to provide access to the platform, maintain security and support the intended wellbeing use of the tool.
Comments
If comments are enabled on the site and a visitor leaves a comment, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to support spam detection and site security.
Media
If users upload images to the website, they should avoid uploading images that contain embedded location data (EXIF GPS). Visitors may be able to download and extract location data from publicly visible images.
Cookies
We use cookies to support basic website functionality and account access.
If you leave a comment, you may choose to save your name and email address in cookies for convenience. These cookies typically last up to one year.
When you visit the login page, a temporary cookie is set to check whether your browser accepts cookies. This cookie contains no personal data and is removed when you close your browser.
When you log in, cookies are used to store login details and display preferences. Login cookies usually last up to two days. If you select “Remember Me”, your login may persist for up to two weeks. Logging out removes login cookies.
If you edit or publish content, a temporary cookie may store the post ID. This contains no personal data and expires automatically.
Embedded Content
Some pages may include embedded content such as videos or images hosted on third party platforms. Embedded content behaves in the same way as if you visited the third party website directly. Those websites may collect data about you, use cookies or monitor interaction in line with their own privacy policies.
Who We Share Data With
We do not sell personal data.
We do not use personal data for advertising.
We only share personal data where:
• It is necessary for secure website operation, such as spam detection services
• It is required by law
• There is a safeguarding obligation
If you request a password reset, your IP address may be included in the reset email for security purposes.
How Long We Keep Data
Comments and their metadata may be retained to allow automatic recognition and moderation of follow up comments.
For registered users, we store personal information within their user profile for as long as the account remains active.
Users can view, edit or request deletion of their personal data at any time, except for usernames where system restrictions apply.
We may retain certain information where required for legal, safeguarding or security purposes.
Your Rights
Under UK GDPR, you have the right to:
• Request access to the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Request restriction of processing
• Object to processing in certain circumstances
To make a request, contact [insert email address].
You also have the right to lodge a complaint with the Information Commissioner’s Office.
Data Security
We take data security seriously. Access to personal data is restricted to authorised personnel only. Appropriate technical and organisational measures are in place to protect against unauthorised access, misuse, loss or alteration of data.