Skip to main contentOpen Accessibility MenuAccessibility Menu

Privacy policy

Privacy policy

Brainkind (the operating name for The Disabilities Trust) is committed to protecting privacy and safeguarding the personal data you provide to us. This Privacy Policy outlines how Brainkind collects, uses, discloses, and manages your personal information.

Brainkind adheres to all applicable UK privacy and data protection laws, including but not limited to the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).


Brainkind is committed to protecting your personal information and privacy. We are certified Cyber Essentials Plus and certified as met standards with the NHS Data Security and Protection Toolkit.

We have security measures in place designed to prevent the loss of data, preserve data integrity, and to control access to the data and know that ensuring the accuracy and security of your personal information is essential to retaining your confidence and trust.

Purpose of this Privacy Policy

The purpose of this privacy policy is to describe, in cases where Brainkind is the Data Controller, why and how we collect and use your personal information and to provide information about your rights. It applies to personal information provided to us, both by individuals themselves or by others. We may use personal information provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

When collecting and using personal information, our policy is to be fair, lawful and transparent about why and how we process it.

What do we do with your personal information

  • Information We Collect

    Brainkind may collect the following types of personal information about you:

    • Contact Information: Your name, address, email address, phone number, and other relevant contact details.
    • Unique Identifiers and Reference Numbers: These may include what Brainkind have allocated to you and those that others have allocated to you, for example, NHS, NI and other numbers, where relevant
    • Personal Characteristics: Such as date of birth, gender, education, religion and nationality, when specifically necessary for providing appropriate care and services.
    • Health & Social Care Information: Information related to your health and social care, including medical history, education, activities, finances and next of kin details when relevant or necessary for the purposes of your care requirements.
    • Emergency Contacts: Names and contact details of individuals to be contacted in case of an emergency.
    • Photographs: This may be for ID validation and verification. With your consent, Brainkind may use your photo for publicity including newsletters (including digital newsletters), display walls, magazines (including e-magazines) and online or social media.
    • Video: This may be via the installed CCTV system (which is overwritten every 30 days) in permitted zones or with your consent, recordings for clinical purposes for the provision of treatment and provision of care or training.
    • Employment or Contract Information: If you are to join Brainkind and work as an employee or contractor, Brainkind may need additional sensitive information such as your health and criminal records. Pre-employment checks, equal opportunities data, photographs, ID, next of kin and financial information including where relevant, salary, bonuses, bank details, tax records etc.
  • How We Collect Your Information

    Brainkind may collect your personal information through various means, including:

    • Directly from You: When you provide information through our website, forms, or during interactions with our staff or on arrival to our premises.
    • Third Parties: With your consent, Brainkind may collect information from authorised third parties, such as medical professionals, social workers, or other care providers, including referral details from commissioners supporting you, or family members (or guardians) to ensure your care is comprehensive and tailored to your needs.
  • Purpose of Data Processing / Why we use personal information

    Brainkind use personal information for the following purposes:

    • Providing Health & Social Care Services: To deliver personalised and quality health & social care services to the people we support.
    • Continuation of Care: To ensure that when the people we support arrive to, or move on from Brainkind, that the continuation of care is managed by receiving or providing details of any related treatment or care to or from other care providers.
    • Employment, Training & development: To employ staff and train and develop skills  to appropriately provide our services to people who need our support and services.
    • Communication: To inform about care needs, updates, and any relevant information for reporting or publication.
    • Emergency Situations: To contact designated emergency contacts in case of urgent situations.
    • Compliance: To meet legal, regulatory, and statutory requirements.
    • Improvement: To enhance our services and understand the needs of the people we support better, including the improvement of individual care, improvement of diagnosis, improvement of patient safety.
    • Research & development: To understand more about mental health and contributing factors, to develop new treatments, to evaluate government, NHS and Social Care Policies and to journal and publish case studies.
    • Publicity & Marketing: To promote the activities of Brainkind and how it can extend its support to others in need.
    • Audit & Reporting: To report to the authorities including care regulators, funders and the HMRC on our performance, updates, reviews, risks, incidents, finance position and liabilities.
  • Sharing Personal Information

    • Brainkind is committed to ensuring personal information is only shared if there is a lawful basis to do so. Personal information may be processed in the capacity of a person we support/intend to support, a family member or relative of the person we support/intend to support, a representative such as a legal representative, a referrer, a donor, a supporter, a volunteer, a Trustee, a Patron, an Ambassador or Member, a Website visitor or someone Brainkind would look to make an enquiry with.
    • Wherever possible, Brainkind will seek your consent but may also share your information if Brainkind have a legal obligation to do so or if Brainkind have carried out a legitimate interest assessment to share your information.
    • There may also be times where Brainkind need to share your personal information to protect your vital interests and protect you from further or detrimental harm.
    • Brainkind may also share your personal information with third parties who have a valid authority to request your information, such as a court order, lasting power of attorney or guardianship and other legally acceptable authorities.
    • Brainkind may also share your information with organisations who have partnered or contracted services with based on a data sharing agreement to comply with the law.
    • Brainkind may further share your information with regulatory bodies such as the Care Quality Commission, Care Inspectorate of Scotland, or Wales.
    • Brainkind may also need to share your information with a range of NHS and/or Non-NHS Health and Social Care organisations whom you currently, or are going to, receive care (e.g., GPs, Hospitals, previous community-based or residential care homes, social services, or private healthcare organisations).
    • Brainkind may need to share your information with Legal representatives, this may be Brainkind’s own or your own nominated representation.
    • Brainkind may need to share information with Brainkind’s technology providers who support our systems and day to day operations.
    • Brainkind intend to transfer personal information outside of the European Union, to some of our Technology providers. These transfers occur on the basis of the protection provided by the EU-US Privacy Shield.
    • Brainkind may also need to share your information with Brainkind’s marketing partners, such as mailing houses to provide you with information regarding our services and / or future events (via telephone, postal or electronic marketing). Other Marketing Partners include Marketing Automation Partners, social media, Event Organisers and Design Agencies.
  • Lawful Basis for processing your data

    • Lawful Basis – The processing of your personal information is based upon the lawful basis that processing is necessary for the performance of a task carried out in the public interest and for the provision of health or social care as referred to in the GDPR Article 6(1) (e) and Article 9(2) (h). Brainkind may also need to process your personal information on the lawful basis that processing is necessary for the performance of a contract to which the data subject (you) is party, GDPR Article 6(1) (b) and that the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, GDPR Article 6(1) (f).
    • Consent – Brainkind will obtain your permission where appropriate and prior to, Care and Treatment, Information Sharing, Use of Video, Marketing and Communications including Photo or Publication, for the inclusion of your information on our or other website(s), social media, press articles and/or case studies etc. (Brainkind will always obtain your fully informed, freely given, consent).
    • Legal Obligation – For cases where you may have withdrawn consent from or objected to marketing, Brainkind also have a legal obligation to hold some personal data, albeit limited, in order to ensure no more marketing is sent to you.
    • Legitimate Interests – Where Brainkind need to process your information under this lawful basis, Brainkind commits to carrying out a Legitimate Interest Assessment (LIA) to ensure that the information being processed is to support you whilst ensuring that the processing does not have a negative impact on you.
  • Data Security

    • Brainkind takes the security of your personal information very seriously.
    • Brainkind implement appropriate technical and organisational measures to safeguard your data against unauthorised access, loss, or alteration.
    • Access to your data is restricted only to authorised staff who require it to fulfil their duties.
    • Brainkind is accredited with Cyber Essentials Plus certification to ensure high levels of data security.
    • Brainkind is certified and publishes its Data & Security Protection assessment via the NHS DSPT (Data Security and Protection Toolkit).
    • Brainkind maintains the appointment of a Data Protection Officer who can be reached using the email address
    • Brainkind maintains the appointment of an Information Governance Officer who can be reached using the email
  • Data Retention

    • Brainkind retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations.
    • As part of the work Brainkind does with NHS contracts, it complies with the NHS Records Management Code of Practice published by NHS England.
  • Automated Decision Making & Profiling

    • Brainkind does not make any decisions in relation to your personal information, solely by automated means without any human involvement (e.g. Brainkind do not conduct automated decision making).
    • Neither does Brainkind conduct any automated processing of personal information to evaluate certain things about you (e.g. Brainkind do not conduct profiling).
  • Your Rights

    Brainkind believe in your right to control your personal data. As a data subject, you have the following rights:

    • Right to Access: You can ask us for confirmation if Brainkind are processing your personal information. If Brainkind are, you have the right to know what data Brainkind hold about you and receive a copy of it. This way, you can be aware of how your information is being used and ensure its accuracy.
    • Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data Brainkind have about you. If you notice any errors in your information, let us know, and Brainkind will make the necessary updates promptly.
    • Right to Erasure (Right to be Forgotten): If you believe Brainkind no longer need your personal data for the purposes it was collected or processed, you can request its deletion. However, this right is not absolute and depends on specific circumstances, such as if Brainkind have a legal obligation to keep certain data.
    • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This way, you can move, copy, or transfer your information easily to another organisation if you wish.
    • Right to Object: In some cases, you may object to the processing of your personal data if you believe it infringes upon your rights or legitimate interests. Brainkind will review your objection and, unless Brainkind have compelling legal grounds to continue processing, Brainkind will respect your request.
    • Right to Restrict Processing: You have the right to request the temporary restriction of processing your personal data under certain circumstances. This means Brainkind will store your data but not use it until the issue is resolved.
    • Right to Withdraw Consent: If you have previously given us consent to process your data, you can withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
    • Right to Lodge a Complaint: If you believe Brainkind are not handling your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint. Please send an email with the details of your complaint to and Brainkind will investigate and respond to within one month. You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK’s data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website: .
  • How to Exercise Your Rights

    To exercise any of your rights as a data subject, or if you have any questions regarding your personal data, please contact us using the details provided in the section Contact Us below of this Privacy Policy. Brainkind will respond to your requests promptly and ensure that your rights are respected throughout the process.

  • Protecting Your Rights

    • Brainkind is committed to upholding your rights and ensuring that your personal data is processed in a fair and transparent manner.
    • Brainkind will never use your data in ways that could harm your privacy or violate your rights.
    • Our staff are trained to handle your requests and concerns regarding your data privacy with care and attention.
  • Cookies

    • Brainkind website may use cookies and similar technologies to enhance your browsing experience.
    • You can manage your cookie preferences through your browser settings.
  • Third-Party Disclosures

    • Brainkind does not sell or share your personal information with third parties for their marketing purposes.
    • Brainkind may only disclose your data to trusted service providers who assist us in delivering our services.
  • Children’s Privacy

    Brainkind does not knowingly collect personal information from children without parental or legally authorised representative’s consent.

  • Changes to the Privacy Policy

    • Brainkind may update this Privacy Policy from time to time to reflect changes in laws or our practices.
    • The most up to date version of the policy will be published and available on Brainkind website.
  • Contact Us

    If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at:


    32 Market Place

    Burgess Hill

    West Sussex

    RH15 9NP


    Phone: 01444 239123

    Thank you for entrusting Brainkind with your engagement. Brainkind is committed to ensuring the confidentiality and security of your personal information throughout our relationship.

Pattern used for background spacing