top of page
Hands on Computer Keyboard
Combination Lock
Beautiful Smile

Privacy Policy

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the Government. 

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). 

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles. They must make sure the information is: 

​

  • used fairly, lawfully and transparently 

  • used for specified, explicit purposes 

  • used in a way that is adequate, relevant and limited to only what is necessary 

  • accurate and, where necessary, kept up to date 

  • kept for no longer than is necessary 

  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage 

 

There is stronger legal protection for more sensitive information, such as

​

  • race 

  • ethnic background 

  • political opinions 

  • religious beliefs 

  • trade union membership 

  • genetics 

  • biometrics (where used for identification) 

  • health 

  • sex life or orientation 

 

There are separate safeguards for personal data relating to criminal convictions and offences. 

​

Your rights 

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to

​

  • be informed about how your data is being used 

  • access personal data 

  • have incorrect data updated 

  • have data erased 

  • stop or restrict the processing of your data 

  • data portability (allowing you to get and reuse your data for different services) 

  • object to how your data is processed in certain circumstances 

 

You also have rights when an organisation is using your personal data for

​

  • automated decision-making processes (without human involvement) 

  • profiling, for example to predict your behaviour or interests 

.

1. What information we collect 
When you become a client, we request personal information about you such as your name, address, contact details, age, email address and alternative details such as a parent / carer if you are under 18 years old. You have the option to provide details of another person if they care and support you with your needs such as a partner if you want them to be contacted.  We require consent for anyone named on the client information form.  

We also ask about any diagnosis you may have or waiting an assessment for. 

Notes are made about your support sessions so that allocated staff can monitor progress and take over support sessions if your chosen support worker becomes unavailable. 
2. How we get your consent 
We will ask you to complete a client information form this will be emailed / posted to you if you have made contact with Neurodivergent Abilities asking for support.  

3. Who has access to your details 

Both directors and appointed CRB checked staff will have access to your file, all staff are Data protection trained and must follow staff policies that forbids them to open client files without being asked to do so. Failure to follow staff policies could result in disciplinary action.  

4. How we store data 

Data is stored in a personal file on a work only laptop that is password protected, at the end of each day laptops are locked away. 

5. Accessing your data. 

If you would like to access, update, or ask us to delete any personal information we have about you, register a complaint, or simply want more information please contact our Data Controller Officer at nd-abilities@outlook.com or by mail at: Neurodivergent Abilities 471 Foxhall Road Ipswich Suffolk IP3 8LW 
6. How long we hold your data 
We hold your data for the period of time we are supporting you should for any reason you chose to leave our support service we will delete any data we have on file. 

7. Disclosure 
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service. 
8. Safeguarding concerns 

We may pass your details on to social services should we have a safeguarding concern so that they can investigate the concern raised, 
9. Third Party Services 
Payment of invoices via bank transfer will involve a third party not covered under our privacy notice, or terms and conditions, please refer to your own banks policies and procedures / privacy notice. Please be aware that we are required to keep bookkeeping for a period of 6 years which may show payments from you. Directors will have access to this information and possibly an accountant working for Neurodivergent Abilities. Any third party working for Neurodivergent Abilities will be carefully accessed and must be following Data protection rules. 

10. Security 
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. 
11. Changes to this Privacy Policy 
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 
12. What we are doing to comply with Data protection 
Staff are data protection trained and must keep up to date with the latest updates and changes to the Data Protection Act.  

We keep policies and procedures up to date and ensure all staff are familiar with them and made aware of any updates. 
We document the compliance of third-party providers by reviewing contracts to ensure they comply with Data Protection. 

We supply staff with work only laptops that are password protected. 
For more information contact the main office via nd-abilities@outlook.com 

bottom of page