privacy

Neurodev Privacy Policy

Introduction

This Privacy Policy outlines Neurodev Limited "the Company") practices with respect to information collected from users who access our website at www.neurodev.co.uk ("Site") or otherwise share personal information with us (collectively: "Users").

Responsible authority within the meaning of data protection laws, in particular the General Data Protection Regulation (GDPR): Information Commissioner’s Office, with whom we are registered.

User Rights

You may request to:

1. Receive confirmation as to whether or not personal information concerning you is being processed and access your stored personal information, together with supplementary information.

2. Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format.

3. Request rectification of your personal information that is in our control.

4. Request erasure of your personal information.

5. Object to the processing of personal information by us.

6. Request to restrict processing of your personal information by us.

7. Lodge a complaint with a supervisory authority.

However, please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.

If you wish to exercise any of the above rights or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:

Name or title: Antoinette Phang

Email address: info@neurodev.co.uk

Postal address: 111 New Union Street, Coventry, CV1 2NT

Retention

We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined considering the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications, and anything else as required by applicable laws and regulations.

We may rectify, replenish, or remove incomplete or inaccurate information, at any time and at our own discretion.

Grounds for data collection:

Processing of your personal information (i.e. any information which may potentially allow your identification through reasonable means; hereinafter "Personal Information") We are only able to use your personal information for certain legal reasons set out in the data protection law. There are legal reasons under data protection law other than those listed below, in most cases, we will use your personal information for the following legal reasons.

Contract Reason: this is to perform our obligations to you under a contract we have entered with you. This is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject

Legitimate Interest Reason: this is where the use of our personal information is necessary for our (or third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedom, or interests.

Legal Obligation Reason: this is where we must use your personal information in to perform a legal obligation by which we are bound; and

Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons

It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this then we may be prevented from supplying the [services] OR [other] to you [(for example, if you move address and do not tell us, then any correspondence may be delivered to the wrong address.

Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information, in which case, we will confirm that reason to you.

We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:

(a) if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and

(b) for some of the purposes we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.

Purpose Legal Reason(s) for using the personal information

To enrol you as a customer

Contract Reason. Legitimate Interests Reason (to offer you other services and/or digital content which helps us to develop our business)

To deliver your agreed care plan, which includes advising you of any updates in relation to your intervention or treatment care plan, includes taking payment from you,

To ensure the smooth running and correct operation of our website Legitimate Interest Reason (to ensure our website runs correctly)

To understand how customers and visitors to our website use the website and interact with it via data analysis legitimate interest Reason (to improve and grow our business, including our website and to understand our customer’s needs, desires, and requirements.

Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together whether other personal information and you are not identifiable from that combined data, we are able to use this.

Under data protection laws we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) which we told you about. If we want to use your personal information for a different purpose which we do not think is compatible with the purpose(s) which we told you about then we will contact, you to explain this and what legal reason is in place to allow us to do this.

When you use the Site, you consent to the collection, storage, use, disclosure, and other uses of your Personal Information as described in this Privacy Policy.

We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.

What information do we collect?

We collect two types of data and information from Users.

The first type of information is unidentified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“Non-personal Information”). We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).

The second type of information Personal Information , which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:

• Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID) and other information which relates to your activity through the Site.

• Identity Information- This is information relating to your identity such as your name (including any previous names and any titles which you use), gender, marital status, and date of birth.

• Contact Information- This is information relating to your contact details such as e-mail address, addresses, telephone numbers

• Account Information- This is information relating to your account with us (including username and password)

• Payment Information- This is information relating to the methods by which you provide payment to us such as (bank account details, credit, or debit card details) and details of any payments including amounts and dates which are made between us.

• Transaction Information- This is information relating to transactions between us such as details of the goods, services and or digital content provide to you and any return details.

• Survey Information- This is the information which we have collected from you or which you have provided to us in respect of surveys and feedback.

• Special Information- Certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and includes genetic information and biometric information.

• Special information- Race, ethnic origin, politics, religion, genetics, biometrics, health, sex life, sexual orientation. Past medical history, physical health history, developmental history, medications, allergies, psychiatric disclosure, drug and alcohol history, forensic history, Criminal convictions.

• Registration Information- when you register with our site you will be asked to provide us certain details such as full name, email or physical address, employment status or education, disabilities, GP details, next of kin and other information.

• Marketing Information- This is information relating to your marketing and communications preferences.

• Website, Device and Technical Information- This is information about your use of our website and technical data which we collect including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device.

How do we receive information about you?

We receive your Personal Information from various sources:

• When you voluntarily provide us with your personal details in order to register on our Site;

• When you use or access our Site in connection with your use of our services;

From third-party providers, services and public registers (for example, traffic analytics vendors).

A range of different methods may be used to collect data which may include the following methods:

Direct interactions with us in person, by post, phone, email or otherwise. You may give us your Identity, contact and financial Information. When you get in touch, you may be asked for some basic personal information such as your name, email address and telephone number as well as some more sensitive information about the difficulties you are seeking support for.

Automated technologies or interactions with our website, by using the web enquiry form, and the online booking system on this website. You may give us Identity, contact and financial Information.

Third parties or publicly available sources (third parties may be used in processing Identity, contact and financial categories of personal data).

When you start to receive a therapeutic service from us the information you share during sessions will be recorded in session notes and on our secure electronic records.

If you are being referred by a third party such as your GP, School, Psychiatrist, or your medical insurer, they might provide us with information like this on your behalf.

We may also receive Website, Device and Technical information automatically from technologies such as cookies which are installed on our website.

How is the information used?

With whom do we share the information? We may need to share your personal information with other organisations or people. These organisations include:

1. Other companies in our group (who may act as joint data controllers or as data processors on our behalf, such as GP’s, Schools, and other health professionals.

2. Third parties who are not apart of our group. These may include IT Support services, payment providers, administration providers, marketing agencies (others) who are based in the UK.

3. Regulatory bodies. We may disclose your data to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk. This may include Identity, Contact and Transactional data

4. Our advisors such as lawyers, accountants, auditors, insurance companies, based in the UK.

5. Our Bankers and Credit Reference Agencies, who are based in the UK.

6. Any organisations which propose to purchase our business and assets in which case we may disclose your personal information to the potential purchaser.

7. Third party marketing. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in. This may include Identity, Contact and Marketing data.

8. Our suppliers. We may disclose your data to third parties that are involved in the fulfilment of our services to you. This may include Identity, contact and transactional data.

9. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts, which set out the responsibilities and obligations of us and them, including in respect of security of personal information.

10. If you do not want us to share your data with third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the address detailed 111 New Union Street, Coventry West Midlands CV1 2NT or sending us an email info@neurodev.co.uk.

We do not rent, sell or share Users’ information with third parties, except as described in this Privacy Policy.

We may use the information for the following:

• [To enable us to provide our services to you, to communicate with you and to meet our contractual commitments to you. This may include Identity, Contact, Financial and Transactional data.:]

• Where we need to comply with a legal obligation. This may include Identity, Contact and Transactional data.

• If there is technical information and when responding to any customer service issue you may have.

• To communicate with you and to keep you informed about our latest updates and services.

• To serve you advertisements when you use our Site (see more under "Advertisements");

• To market our websites and products (see more under "Marketing");

• For statistical and analytical purposes, intended to improve the Site.

In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies and subcontractors.

In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our trusted third-party providers, who may be located in different jurisdictions across the world, for any of the following purposes:

• Hosting and operating our Site;

• Providing you with our services, including providing a personalised display of our Site;

• Storing and processing such information on our behalf;

• Serving you with advertisements and to assist us in evaluating the success of our advertising campaigns and help us retarget any of our users;

• Providing you with marketing offers and promotional materials related to our Site and services;

• Performing research, technical diagnostics or analytics;

We may also disclose information if we have good reason to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help make sure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services.

The Site uses the following types of cookies:

a. 'session cookies' , which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed;

b. 'persistent cookies', which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in;

c. 'third-party cookies' , which are set by other online services who run content on the page you are viewing, for example by third-party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We use a tool which is based on the Snowplow Analytics technology to collect information about your use of the Site. The tool collects information such as how often users access the Site, which pages they visit when they do so, etc. The tool does not collect any Personal Information and is only used by our Site hosting and operating service provider to improve the Site and services.

Use of script libraries (Google Web Fonts)

In order to present our contents correctly and make them graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.

• Calling script libraries or font libraries automatically triggers a connection to the library operator. In theory, it is possible – but currently also unclear whether and, if so, for what purposes – that operators of corresponding libraries collect data.

• The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy.

Third-party collection of information

Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.

This Privacy Policy does not apply to the practices of companies that we do not own or control, nor to individuals whom we do not employ or manage, including any of the third parties which we may disclose information to as set out in this Privacy Policy.

How do we safeguard your information?

We take great care in implementing and maintaining the security of the Site and your information. We employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorised use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy].

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.

We have put in place security measures to prevent your data from accidental, loss or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.

In the event of a data breach, we will notify the ICO https://ico.org.uk/ and you if the breach results in any likelihood of loss or damage to you.

Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorised access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.

Transfer of data outside the EEA

Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

YOUR RIGHTS UNDER DATA PROTECTION LAW

11. Under data protection laws you have certain rights in relation to your personal information, as follows:

(a) Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.

(b) Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.

(c) Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.

(d) Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.

(e) Right to data portability: this right allows you to request us to transfer your personal information to someone else.

(f) Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation which means that you want to object to us processing your personal information. In certain circumstances you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).