Privacy policy

Brainkind may collect the following types of personal information about you:

• Contact Information: Your name, address, email address, phone number, and other relevant contact details.
• Unique Identifiers and Reference Numbers: These may include what Brainkind have allocated to you and those that others have allocated to you, for example, NHS, NI and other numbers, where relevant
• Personal Characteristics: Such as date of birth, gender, education, religion and nationality, when specifically necessary for providing appropriate care and services.
• Health & Social Care Information: Information related to your health and social care, including medical history, education, activities, finances and next of kin details when relevant or necessary for the purposes of your care requirements.
• Emergency Contacts: Names and contact details of individuals to be contacted in case of an emergency.
• Photographs: This may be for ID validation and verification. With your consent, Brainkind may use your photo for publicity including newsletters (including digital newsletters), display walls, magazines (including e-magazines) and online or social media.
• Video: This may be via the installed CCTV system (which is overwritten every 30 days) in permitted zones or with your consent, recordings for clinical purposes for the provision of treatment and provision of care or training.
• Employment or Contract Information: If you are to join Brainkind and work as an employee or contractor, Brainkind may need additional sensitive information such as your health and criminal records. Pre-employment checks, equal opportunities data, photographs, ID, next of kin and financial information including where relevant, salary, bonuses, bank details, tax records etc.

Brainkind may collect your personal information through various means, including:

• Directly from You: When you provide information through our website, forms, or during interactions with our staff or on arrival to our premises.
• Third Parties: With your consent, Brainkind may collect information from authorised third parties, such as medical professionals, social workers, or other care providers, including referral details from commissioners supporting you, or family members (or guardians) to ensure your care is comprehensive and tailored to your needs.

Brainkind use personal information for the following purposes:

• Providing Health & Social Care Services: To deliver personalised and quality health & social care services to the people we support.
• Continuation of Care: To ensure that when the people we support arrive to, or move on from Brainkind, that the continuation of care is managed by receiving or providing details of any related treatment or care to or from other care providers.
• Employment, Training & development: To employ staff and train and develop skills  to appropriately provide our services to people who need our support and services.
• Communication: To inform about care needs, updates, and any relevant information for reporting or publication.
• Emergency Situations: To contact designated emergency contacts in case of urgent situations.
• Compliance: To meet legal, regulatory, and statutory requirements.
• Improvement: To enhance our services and understand the needs of the people we support better, including the improvement of individual care, improvement of diagnosis, improvement of patient safety.
• Research & development: To understand more about mental health and contributing factors, to develop new treatments, to evaluate government, NHS and Social Care Policies and to journal and publish case studies.
• Publicity & Marketing: To promote the activities of Brainkind and how it can extend its support to others in need.
• Audit & Reporting: To report to the authorities including care regulators, funders and the HMRC on our performance, updates, reviews, risks, incidents, finance position and liabilities.

• Brainkind is committed to ensuring personal information is only shared if there is a lawful basis to do so. Personal information may be processed in the capacity of a person we support/intend to support, a family member or relative of the person we support/intend to support, a representative such as a legal representative, a referrer, a donor, a supporter, a volunteer, a Trustee, a Patron, an Ambassador or Member, a Website visitor or someone Brainkind would look to make an enquiry with.
• Wherever possible, Brainkind will seek your consent but may also share your information if Brainkind have a legal obligation to do so or if Brainkind have carried out a legitimate interest assessment to share your information.
• There may also be times where Brainkind need to share your personal information to protect your vital interests and protect you from further or detrimental harm.
• Brainkind may also share your personal information with third parties who have a valid authority to request your information, such as a court order, lasting power of attorney or guardianship and other legally acceptable authorities.
• Brainkind may also share your information with organisations who have partnered or contracted services with based on a data sharing agreement to comply with the law.
• Brainkind may further share your information with regulatory bodies such as the Care Quality Commission, Care Inspectorate of Scotland, or Wales.
• Brainkind may also need to share your information with a range of NHS and/or Non-NHS Health and Social Care organisations whom you currently, or are going to, receive care (e.g., GPs, Hospitals, previous community-based or residential care homes, social services, or private healthcare organisations).
• Brainkind may need to share your information with Legal representatives, this may be Brainkind’s own or your own nominated representation.
• Brainkind may need to share information with Brainkind’s technology providers who support our systems and day to day operations.
• Brainkind intend to transfer personal information outside of the European Union, to some of our Technology providers. These transfers occur on the basis of the protection provided by the EU-US Privacy Shield.
• Brainkind may also need to share your information with Brainkind’s marketing partners, such as mailing houses to provide you with information regarding our services and / or future events (via telephone, postal or electronic marketing). Other Marketing Partners include Marketing Automation Partners, social media, Event Organisers and Design Agencies.

• Lawful Basis – The processing of your personal information is based upon the lawful basis that processing is necessary for the performance of a task carried out in the public interest and for the provision of health or social care as referred to in the GDPR Article 6(1) (e) and Article 9(2) (h). Brainkind may also need to process your personal information on the lawful basis that processing is necessary for the performance of a contract to which the data subject (you) is party, GDPR Article 6(1) (b) and that the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, GDPR Article 6(1) (f).
• Consent – Brainkind will obtain your permission where appropriate and prior to, Care and Treatment, Information Sharing, Use of Video, Marketing and Communications including Photo or Publication, for the inclusion of your information on our or other website(s), social media, press articles and/or case studies etc. (Brainkind will always obtain your fully informed, freely given, consent).
• Legal Obligation – For cases where you may have withdrawn consent from or objected to marketing, Brainkind also have a legal obligation to hold some personal data, albeit limited, in order to ensure no more marketing is sent to you.
• Legitimate Interests – Where Brainkind need to process your information under this lawful basis, Brainkind commits to carrying out a Legitimate Interest Assessment (LIA) to ensure that the information being processed is to support you whilst ensuring that the processing does not have a negative impact on you.

• Brainkind takes the security of your personal information very seriously.
• Brainkind implement appropriate technical and organisational measures to safeguard your data against unauthorised access, loss, or alteration.
• Access to your data is restricted only to authorised staff who require it to fulfil their duties.
• Brainkind is accredited with Cyber Essentials Plus certification to ensure high levels of data security.
• Brainkind is certified and publishes its Data & Security Protection assessment via the NHS DSPT (Data Security and Protection Toolkit).
• Brainkind maintains the appointment of a Data Protection Officer who can be reached using the email address dpo@brainkind.org
• Brainkind maintains the appointment of an Information Governance Officer who can be reached using the email dpo@brainkind.org

• Brainkind retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations.
• As part of the work Brainkind does with NHS contracts, it complies with the NHS Records Management Code of Practice published by NHS England.

• Brainkind does not make any decisions in relation to your personal information, solely by automated means without any human involvement (e.g. Brainkind do not conduct automated decision making).
• Neither does Brainkind conduct any automated processing of personal information to evaluate certain things about you (e.g. Brainkind do not conduct profiling).

Brainkind believe in your right to control your personal data. As a data subject, you have the following rights:

• Right to Access: You can ask us for confirmation if Brainkind are processing your personal information. If Brainkind are, you have the right to know what data Brainkind hold about you and receive a copy of it. This way, you can be aware of how your information is being used and ensure its accuracy.
• Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data Brainkind have about you. If you notice any errors in your information, let us know, and Brainkind will make the necessary updates promptly.
• Right to Erasure (Right to be Forgotten): If you believe Brainkind no longer need your personal data for the purposes it was collected or processed, you can request its deletion. However, this right is not absolute and depends on specific circumstances, such as if Brainkind have a legal obligation to keep certain data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This way, you can move, copy, or transfer your information easily to another organisation if you wish.
• Right to Object: In some cases, you may object to the processing of your personal data if you believe it infringes upon your rights or legitimate interests. Brainkind will review your objection and, unless Brainkind have compelling legal grounds to continue processing, Brainkind will respect your request.
• Right to Restrict Processing: You have the right to request the temporary restriction of processing your personal data under certain circumstances. This means Brainkind will store your data but not use it until the issue is resolved.
• Right to Withdraw Consent: If you have previously given us consent to process your data, you can withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: If you believe Brainkind are not handling your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint. Please send an email with the details of your complaint to dpo@brainkind.org and Brainkind will investigate and respond to within one month. You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK’s data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website: ico.org.uk .

To exercise any of your rights as a data subject, or if you have any questions regarding your personal data, please contact us using the details provided in the section Contact Us below of this Privacy Policy. Brainkind will respond to your requests promptly and ensure that your rights are respected throughout the process.

• Brainkind is committed to upholding your rights and ensuring that your personal data is processed in a fair and transparent manner.
• Brainkind will never use your data in ways that could harm your privacy or violate your rights.
• Our staff are trained to handle your requests and concerns regarding your data privacy with care and attention.

• Brainkind website may use cookies and similar technologies to enhance your browsing experience.
• You can manage your cookie preferences through your browser settings.

• Brainkind does not sell or share your personal information with third parties for their marketing purposes.
• Brainkind may only disclose your data to trusted service providers who assist us in delivering our services.

Brainkind does not knowingly collect personal information from children without parental or legally authorised representative’s consent.

• Brainkind may update this Privacy Policy from time to time to reflect changes in laws or our practices.

• The most up to date version of the policy will be published and available on Brainkind website.

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at:

Brainkind

32 Market Place

Burgess Hill

West Sussex

RH15 9NP

Email: dpo@brainkind.org

Phone: 01444 239123

Thank you for entrusting Brainkind with your engagement. Brainkind is committed to ensuring the confidentiality and security of your personal information throughout our relationship.