Privacy Policy.

Effective Date: 6th May 2025

Data Controller: Rosalind Brooks | Neurodivergent Solutions

Contact: hello@neurodivergentsolutions.co.uk

1. Introduction

This privacy policy explains how I collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and my professional obligations as a registered occupational therapist (HCPC).

2. Who I Am

I am a HCPC-registered occupational therapist providing services to individuals and organisations, including 1:1 occupational therapy sessions, training, and consultancy.

3. What Personal Data I Collect

Depending on the services provided, I may collect:

For 1:1 Clients:

  • Name, contact details, date of birth

  • Health and medical history

  • Occupational needs, assessments, and goals

  • Notes and observations from sessions

  • Emergency contact information

  • GP or healthcare provider details (if relevant)

For Corporate Clients/Participants:

  • Organisation contact information

  • Names/emails of participants (if needed for registration or certificates)

  • Feedback from training sessions

I only collect the minimum information needed to provide a safe and effective service.

4. How I Use Your Data

Your data is used to:

  • Provide occupational therapy services or training

  • Monitor progress and evaluate outcomes

  • Manage appointments, invoices, and communication

  • Meet legal, regulatory, and professional requirements

I will always ask for your consent before sharing information unless I am required to do so by law or to protect someone’s safety.

5. Legal Basis for Processing

Under UK GDPR, my legal bases include:

  • Consent: You have given clear consent to process your data

  • Contract: Data processing is necessary to provide the agreed service

  • Legal Obligation: To meet regulatory and professional standards

  • Vital Interests or Safeguarding: To protect someone’s life or wellbeing

  • Legitimate Interests: In specific circumstances, e.g. maintaining business records

6. How I Store Your Data

Your data is stored securely and may be held in encrypted digital systems and/or locked physical files.

I use [e.g. password-protected systems, encrypted storage, GDPR-compliant platforms like [insert names if applicable]].

Session notes and clinical data are retained for a minimum of 7 years (or until a child turns 25), in line with HCPC guidelines.

7. Sharing Your Information

I will not share your data with third parties without your explicit consent, except:

  • If I am legally required to do so

  • To protect you or others from serious harm

  • For professional supervision (in an anonymised form)

I will never sell or use your data for marketing without your permission.

8. Your Rights

You have the right to:

  • Access your data

  • Request correction of inaccurate data

  • Request erasure of your data (where appropriate)

  • Object to processing or withdraw consent

  • Request restriction of processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

9. Contact

If you have questions or concerns about how your data is handled, please contact:

Rosalind Brooks

Email: hello@neurodivergentsolutions.co.uk

10. Updates to This Policy

This privacy policy may be updated periodically. The latest version will always be available on request or via https://www.neurodivergentsolutions.co.uk/.