Header background
Sign In Register

Privacy Policy

Last updated: November 3, 2025

1. Introduction

This Privacy Policy (together with our Member Terms and Conditions, Community Terms, and any other documents referred to in it) describes the type of information that we collect from you through the use of our services, or the use of our website https://neurobetter.org, how that information may be used or disclosed by us and the safeguards we use to protect it.

Our website and services may contain links to third party websites that are not covered by this Privacy Policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.

We have drafted this Privacy Policy to be as clear and concise as possible. Please read it carefully to understand our policies regarding your information and how we will treat it. By using or accessing our website or services, you agree to the collection, use and disclosure of information in accordance with this Privacy Policy. This Privacy Policy may change from time to time and your continued use of our website or services is deemed to be acceptance of such changes, so please check periodically for updates.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any comments on this Privacy Policy, please email them to privacy@neurobetter.org.

2. Who We Are

2.1 Our Details

  • Website: https://neurobetter.org
  • Legal Name: neurobetter
  • Status: Charity and company limited by guarantee, both registered in England and Wales
  • Charity Number: 1210347
  • Company Number: 15612856
  • VAT Number: GB467135676
  • ICO Registration: ZB688961
  • Registered Office: neurobetter, Ground Floor, Kings House, 101-135 Kings Road, Brentwood, Essex, CM14 4DR, United Kingdom
  • Privacy Enquiries: privacy@neurobetter.org
  • Data Protection Enquiries: dataprotection@neurobetter.org

2.2 Our Commitment

We respect your right to privacy and will only process personal information about you or provided by you in accordance with the Data Protection Legislation which for the purposes of this Privacy Policy shall mean: (i) the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), (ii) the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iii) any successor legislation to the UK GDPR or the Data Protection Act 2018 and other applicable privacy laws.

3. What We May Collect

3.1 Definition of Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

3.2 Categories of Personal Data

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, last name, username or similar identifier, date of birth (for age verification purposes)
  • Contact Data: Email address, postal address, telephone number
  • Financial Data: Payment card details (processed securely via our payment processors - we do not store full card details)
  • Transaction Data: Details about donations you have made, sponsored listings you have purchased, and other services you have used
  • Gift Aid Data: If you make a donation and wish this to be eligible for Gift Aid, we will collect your full home postal address and a declaration that you are a UK taxpayer, as required under the Income Tax Act 2007. For more information, see https://www.gov.uk/government/publications/charities-detailed-guidance-notes/chapter-3-gift-aid
  • Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform
  • Profile Data: Username and password, your interests, preferences, neurodivergence and mental health information you choose to share, feedback and survey responses
  • Usage Data: Information about how you use our website, services, and community features
  • Marketing and Communications Data: Your preferences in receiving marketing and communications from us
  • Community Content: Posts, comments, and interactions within our online community
  • Reviews and Ratings: Reviews and ratings you leave for healthcare providers and services
  • Counsellor Query Data: Information you provide when using our "Ask A Counsellor" service
  • Volunteer Data: Information provided when signing up as a volunteer, including skills, availability, and background check information
  • Age Verification Data: Verification status, date of verification, and date of birth. We do not store copies of identification documents
  • ID Verification Data: For identity verification purposes, we may store full name, date of birth, and full postal address (verified through third-party services such as Yoti)
  • Location Data: If you provide it, your locality, full postcode, or part postcode to enable you to access local services in your area
  • Cookies Data: Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our website. Please refer to our Cookie Policy for detailed information
  • Third Party Data: We may receive information about you if you use any of the other websites we operate or through the services we provide. We work with third parties (including business partners, service providers, analytics providers) and may receive information about you from them
  • Analytics: We use third-party analytics services to evaluate your use of the website, compile reports on activity, collect demographic data, and analyse performance metrics

3.3 Aggregated Data

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of members accessing specific features or to understand trends in mental health and neurodivergence within our community. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

3.4 Special Categories of Personal Data

Where we collect Special Categories of Personal Data about you (this includes details about your health, including mental health conditions and neurodivergence), we will only do so:

  • With your explicit consent;
  • Where it is necessary for the provision of our services to you;
  • Where it is necessary for reasons of substantial public interest (our charitable purposes of supporting people with mental health conditions and neurodivergence); or
  • Where you have manifestly made the information public (for example, by posting in our community).

We take extra care to protect this sensitive information and will only use it for the purposes you have consented to or as permitted by law.

3.5 Legal Basis for Processing

Under UK GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:

  1. Consent: You have given consent to the processing of your personal data for one or more specific purposes (for example, sharing sensitive health information in our community, or receiving marketing communications);
  2. Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (for example, providing you with membership services, processing sponsored listings);
  3. Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (for example, maintaining financial records for HMRC, Gift Aid compliance);
  4. Vital Interests: Processing is necessary to protect your vital interests or those of another person (for example, sharing information with emergency services if we believe someone is at immediate risk);
  5. Public Interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (our charitable purposes of supporting mental health and neurodivergent individuals);
  6. Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by your fundamental rights and freedoms, particularly where you are a child.

3.6 Providing Information About Others

If you provide personal information to us about another person (for example, recommending a service provider or referring a friend), you are responsible for ensuring that you have their consent to provide that data for the uses set out in this Privacy Policy and for bringing this Privacy Policy to their attention.

4. How We Collect and Use Your Data

4.1 Collection Methods

We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information through:

Direct Interactions: You may give us your information by filling in forms via our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • Create a member account
  • Complete your profile with information about your neurodivergence or mental health
  • Post content in our online community
  • Use our "Ask A Counsellor" service
  • Leave reviews or ratings for service providers
  • Add or recommend service providers to our directory
  • Make a donation (single or recurring)
  • Sign up as a volunteer
  • Request information or support
  • Enter a competition, promotion or survey
  • Contact us with feedback or questions
  • Subscribe to our newsletter or marketing communications

Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns through cookies and similar technologies.

Third Parties: We may receive personal data about you from third parties. For a complete, up-to-date list of all data processors and sub-processors we use, including details of what data they process, where it is stored, and links to their privacy policies, please see our Data Processors List.

4.2 How We Use Your Data

We use your personal data for the following purposes:

To Provide Our Services:

  • Create and manage your member account
  • Provide access to our Advice Hub content
  • Enable participation in our online community
  • Process and respond to "Ask A Counsellor" queries
  • Maintain and update our local services directory
  • Process reviews and ratings of service providers
  • Facilitate connections between members and local services
  • Process donations and administer Gift Aid
  • Manage volunteer applications and activities
  • Provide crisis signposting and support resources

To Communicate With You:

  • Respond to your enquiries and requests
  • Send service-related communications (account updates, security alerts)
  • Send fundraising and donation appeals (if you have consented)
  • Send newsletters and updates about our work (if you have subscribed)
  • Contact you about volunteer opportunities (if you have expressed interest)
  • For members under 18 who have provided email addresses: contact you when we begin offering services to under-18s

To Improve Our Services:

  • Understand how our website and services are used
  • Analyse trends in mental health and neurodivergence needs
  • Conduct research to improve our support offerings
  • Gather feedback through surveys
  • Develop new features and services

For Administrative Purposes:

  • Verify your age (you must be 18 or over to use our services)
  • Verify your identity (where required for certain features)
  • Process payments for sponsored listings
  • Maintain financial records and comply with Gift Aid requirements
  • Comply with legal and regulatory obligations
  • Enforce our terms and conditions and community guidelines
  • Prevent fraud and abuse
  • Respond to legal requests and prevent harm

For Marketing Purposes:

  • With your consent, send you information about our campaigns, events, and services
  • Promote our charitable work and fundraising activities

4.3 Existing Members and Marketing

If you are already our member, we will only contact you electronically about things similar to the services you have used or information you have requested, unless you have opted out.

4.4 New Members and Marketing

If you are a new member, you will only be contacted for marketing purposes if you agree to it.

4.5 Withdrawing Consent

You can withdraw consent for marketing or other optional processing at any time by contacting us at privacy@neurobetter.org. However, you acknowledge this may limit our ability to provide certain services to you.

4.6 Special Note on Counsellor Queries

Information you provide through our "Ask A Counsellor" service will be kept confidential and only shared with qualified counsellors who will respond to your query. This information is retained for 7 years for safeguarding and accountability purposes.

4.7 Community Content

Content you post in our online community may be visible to other members. Please be mindful about what personal information you choose to share publicly. We moderate content in accordance with our Community Guidelines but cannot guarantee the privacy of information you choose to make public.

5. Cookies

All cookies used by and on our website are used in accordance with current UK Cookie Law. Please refer to our separate Cookie Policy for detailed information about the cookies we use and how to manage them.

6. Data Retention

6.1 How Long We Keep Your Data

We will keep personal data only for as long as necessary for the purposes for which it was collected. The retention periods for different types of data are as follows:

  • Active Member Accounts: Until you request deletion
  • Inactive Member Accounts: 3 years from last login (we will send a warning email at 2.5 years)
  • Financial/Donation Records: 7 years (required for HMRC and Gift Aid compliance)
  • Counsellor Queries: 7 years (for safeguarding and accountability)
  • Community Posts (after account deletion): Anonymized by default; full deletion available on request
  • Reviews and Ratings (after account deletion): Anonymized by default; full deletion available on request
  • Volunteer Applications: 2 years if unsuccessful, 7 years if successful
  • Under-18 Email Addresses: 12 months
  • Age Verification Data: Verification status and date of birth retained for the life of your account
  • Security Logs: 12 months
  • Other Personal Data: In accordance with our legal obligations and legitimate interests, typically no longer than 7 years

6.2 Deletion and Anonymization

When personal data reaches the end of its retention period, we will:

  • Securely delete it from our active systems
  • Anonymize it so you can no longer be identified
  • Continue to retain it only where required by law (for example, financial records)

For more information about how we handle account deletion and data in backups, please contact us at dataprotection@neurobetter.org.

7. Where We Store Your Data and Security

7.1 Data Location and Transfers

Your data is primarily stored within the UK. If we need to transfer your data outside the UK or European Economic Area (EEA), we will:

  • Only do so where necessary for the provision of our services
  • Ensure appropriate safeguards are in place, such as Standard Contractual Clauses
  • Obtain your consent where required by law

For details about which data processors store data outside the UK/EEA and what safeguards are in place, please see our Data Processors List.

Your acceptance of this Privacy Policy shall be your consent permitting us to store or transfer data outside the UK where it is necessary for us to do so.

7.2 Data Security

Data security is of great importance to us. To protect your data we have implemented:

  • Suitable physical, electronic and managerial procedures to safeguard and secure data
  • Encryption for all payment transactions
  • Access controls limiting data access to employees, agents, contractors and third parties who have a business need to know
  • Confidentiality obligations for all individuals who process your personal data
  • Security measures such as firewalls and intrusion detection
  • Regular security assessments and updates
  • Procedures for dealing with suspected personal data breaches

7.3 Breach Notification

We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO of a breach where we are legally required to do so.

7.4 Your Responsibility

If we provide you with a password for your account, you must keep it confidential and secure. Please do not share your password with anyone.

While we implement strong security measures, please remember that no transmission of data via the internet can be completely secure. You should take suitable precautions when transmitting data to us via the internet.

8. Disclosing Your Information

8.1 When We May Disclose Your Information

We may disclose your information in the following circumstances:

  • Business Transfers: If we sell our organisation or assets, we can disclose your data to the potential buyer
  • Group Companies: We can disclose it to other organisations within our group (if applicable)
  • Legal Obligations: We can disclose it if we have a legal obligation to do so, or to protect other people's property, safety or rights
  • Fraud Prevention: We can exchange information with others to protect against fraud or credit risks
  • Emergency Situations: We may disclose information to emergency services if we believe someone is at immediate risk of harm

8.2 Third-Party Service Providers

We work with third-party service providers who process data on our behalf. For a complete list of these processors, including what data they process, where it is stored, and their privacy policies, please see our Data Processors List.

All third-party service providers are required to:

  • Process your data only in accordance with our instructions
  • Implement appropriate security measures
  • Comply with UK GDPR requirements
  • Use your data only for the purpose of fulfilling their contract with us

8.3 Counsellors

Information you provide through our "Ask A Counsellor" service will be shared with qualified counsellors who are bound by professional confidentiality obligations under BACP regulations.

8.4 Service Providers You Contact

When you contact a service provider through our directory, your contact information may be shared with that provider so they can respond to your enquiry.

9. Your Rights

9.1 Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data we hold (commonly known as a "data subject access request")
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request that we limit how we use your personal data
  • Right to Data Portability: Request transfer of your personal data to another service provider
  • Right to Object: Object to processing of your personal data where we rely on legitimate interests, or for direct marketing purposes
  • Rights Related to Automated Decision-Making: Rights regarding automated decision-making and profiling (see section 12 below)
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time

9.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within one month, though this may be extended by two months for complex requests.

9.3 No Fee Usually Required

You will not normally have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

9.4 Account Deletion

You can request deletion of your account at any time. Please note that:

  • Community posts will be anonymized by default (full deletion available on request)
  • Reviews will be anonymized by default (full deletion available on request)
  • Some data may be retained where we have a legal obligation to do so (for example, financial records)
  • Data in backups will be deleted in accordance with our backup retention policies

9.5 Opt-Out of Marketing

You can opt out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at privacy@neurobetter.org
  • Updating your preferences in your account settings

10. Children's Privacy

10.1 Age Restriction

Our services are intended for individuals aged 18 and over. You must be at least 18 years old to create a member account and use our services.

10.2 Under-18 Email Collection

We may collect email addresses from individuals under 18 who wish to be contacted when we begin offering services to under-18s. If you are under 18 and provide your email address:

  • We will only use it to contact you about age-appropriate services
  • We will retain it for a maximum of 12 months
  • You (or your parent/guardian) can request deletion at any time by emailing dataprotection@neurobetter.org

10.3 Parental Concerns

If you are a parent or guardian and believe we have collected personal data about your child inappropriately, please contact us immediately at dataprotection@neurobetter.org.

11. Links to Other Websites

Our website may contain links to third-party websites, including:

  • Healthcare providers and mental health services
  • Crisis support organisations (Mind, Samaritans, NHS)
  • Fundraising platforms
  • Social media platforms
  • Partner organisations

We are not responsible for the privacy practices of these websites. We advise you to read the privacy policy of any website you visit through links on our site. Our Privacy Policy applies only to information collected through neurobetter.org.

12. Automated Decision-Making and Profiling

12.1 Limited Use

We do not use your personal data for automated decision-making that has legal or similarly significant effects on you.

12.2 Profiling for Service Improvement

We may use profiling to:

  • Suggest relevant content and services based on your interests
  • Understand trends in our community to improve our support offerings
  • Personalise your experience on our website

Where we use your personal data for profiling purposes:

  • We will provide clear information about the profiling, its significance and likely consequences
  • We will use appropriate mathematical or statistical procedures
  • We will implement technical and organisational measures to minimise errors
  • We will secure all personal data to prevent discriminatory effects

12.3 Your Rights

You have the right to:

  • Object to profiling
  • Request human intervention in any automated process
  • Express your own point of view
  • Obtain an explanation of any decision made through profiling

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons.

13.2 Notification

When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Post the revised policy on our website
  • For significant changes, we may notify you by email or through a prominent notice on our website

13.3 Your Responsibility

Please check this page regularly to stay informed about how we protect your information. Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

14. International Users

Our services are primarily intended for users in the United Kingdom. If you are accessing our services from outside the UK, please be aware that your information may be transferred to, stored, and processed in the UK where our servers are located and our central database is operated.

By using our services, you consent to the transfer of your information to the UK and acknowledge that the data protection laws of the UK govern our handling of your personal data.

15. Your Agreement and Consent

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use and disclosure of your personal data as described herein.

If you do not agree with this Privacy Policy, you should not use our services.

16. Dispute Resolution

16.1 Good Faith Negotiation

We will use our best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Privacy Policy or any breach of it.

16.2 Ongoing Obligations

Any dispute shall not affect our ongoing obligations under this Privacy Policy.

16.3 Governing Law

This Privacy Policy and any dispute or claim relating to or connected with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction to hear any disputes or claims relating to or connected with this Privacy Policy.

17. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us:

Get help now if you're in a crisis, in danger, or feel like you need urgent help for your mental health.