Legal

Privacy notice

This notice explains how Neurominds collects, uses and protects your personal information, including the health information we handle as part of an assessment.

Draft template — this must be reviewed and approved by a suitably qualified professional before publication. It is not legal advice.

Neurominds is committed to protecting your privacy and handling your information responsibly, in line with UK data protection law (the UK GDPR and the Data Protection Act 2018). This notice describes what we collect, why, and the rights you have over your information.

Who we are

Neurominds is the data controller for the personal information described in this notice. Our clinical work is led by HCPC-registered Clinical Psychologists, Dr Ryan Little and Dr Pardis Hashemzadeh.

Registered name, trading details, registered address and registration numbers: [details to confirm]. HCPC registration numbers: [HCPC reg. no. to confirm]. Information Commissioner's Office (ICO) data protection registration: [ICO registration to confirm].

What information we collect

We collect information you provide to us and information generated during your assessment. This may include:

  • Identity and contact details, such as your name, date of birth, email address, phone number and postal address.
  • Referral and intake information, including the reasons you are seeking an assessment and relevant background or developmental history.
  • Special category health data, including questionnaire responses, clinical interview notes, assessment scores, any diagnoses, and reports we produce. This is more sensitive information that we treat with additional care.
  • Information from third parties where relevant and with an appropriate lawful basis, for example a GP, a family member or another professional who supports your assessment.
  • Technical and usage information collected when you use our patient portal or website, as described in our cookies notice.

Our lawful basis

For general personal information, we rely on Article 6 of the UK GDPR. The lawful bases we rely on include the performance of a contract or steps taken at your request, our legitimate interests in running the clinic safely and effectively, and compliance with our legal obligations.

For special category health data, we rely on Article 9 of the UK GDPR. This is usually your explicit consent under Article 9(2)(a), and the provision of health care under Article 9(2)(h), which permits the processing of health data by, or under the responsibility of, a professional subject to a duty of confidentiality.

How we use your information

We use your information to:

  • Assess your suitability for an assessment and arrange appointments.
  • Carry out and record your assessment, including questionnaires, interviews and scoring.
  • Produce and share your report and any related correspondence with your agreement.
  • Communicate with you about your care and respond to your enquiries.
  • Meet our professional, clinical governance, safeguarding and legal obligations.
  • Maintain the security and proper functioning of our systems.

Who we share it with

We do not sell your information. We share it only where necessary and with an appropriate lawful basis. This may include:

  • Your GP or other professionals involved in your care, with your consent.
  • Carefully selected service providers who process information on our behalf under written contracts, such as our assessment platform, secure hosting, email and document storage. Current processors: [processors to confirm].
  • Regulators, professional bodies or authorities where we are required to do so by law, or to protect someone from serious harm.

Where it's stored and for how long

Your information is stored on secure systems. Where information is hosted or processed, including any storage location and any transfers outside the UK with appropriate safeguards: [storage location to confirm].

We keep clinical records in line with professional and legal retention requirements, and securely delete or anonymise them when they are no longer needed. Our retention periods: [retention to confirm].

Your rights

Under UK data protection law you have rights over your personal information, including the right to:

  • Be informed about how we use your information.
  • Access a copy of the information we hold about you.
  • Request that inaccurate information is corrected.
  • Request erasure of your information in certain circumstances.
  • Restrict or object to certain processing.
  • Data portability in certain circumstances.
  • Withdraw consent at any time, where we rely on consent, without affecting processing carried out before you withdrew it.

Some rights are qualified, particularly for clinical records we are required to retain. To exercise any of these rights, please contact us using the details below.

How to complain

If you have any concerns about how we handle your information, please contact us first so we can try to put things right. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or by calling the ICO helpline. Raising a concern with us will not affect your care, and you can also see our complaints procedure.

Contact us

For any questions about this notice or your information, or to exercise your rights, please contact us. Data protection contact: [DPO/contact to confirm]. Email: [email to confirm]. Phone: [phone to confirm]. Postal address: [address to confirm]. You can also make an enquiry.

Last updated [date to confirm]