Privacy and cookie policy

This page was last updated on December 18th 2023.

Privacy policy

Brain in Hand Limited is committed to protecting and respecting your privacy. Please read the following notice carefully so that you understand your rights in relation to this information, including how your information will be collected and processed.

We are a limited company registered in England and Wales with a registered office at Broadwalk House, Southernhay West, Exeter EX1 1TS contactable at dpo@braininhand.co.uk. For the purpose of the General Data Protection Regulation (‘GDPR’), we are the data controller of some of your information and the data processor of other parts. This is explained below.

We may update this statement to reflect changes to our business, product, or service where relevant to the information we collect from you and how we use it.

In this notice, where we say ‘you’ or ‘your’, this means either you or any authorised person acting on your behalf. Where we say ‘we’, ‘us’ or ‘our’, this means Brain in Hand Limited. We may also abbreviate Brain in Hand to ‘BiH’.

The personal data we collect or hold about you:

  1. will be provided by you directly when enquiring about or signing up for our service or provided by someone who enquires on your behalf or refers you to BiH. We call this your Identity Information in this document;
  2. will be created by your activity on your account, the website and mobile application, such as when you use BiH and how often; or through evaluation of your progress using BiH. We call this your Activity Information in this document;
  3. will come from you entering account content into your website, mobile application or supporting resources (e.g., your personal workbook). We call this your Private Information in this document; and/or
  4. will come from you through communication with BiH representatives, via Specialist Support sessions and records, or Response Service interactions. We call this your Sensitive Information in this document.

These four are listed below in more detail.

Identity Information

We may collect and use the following identity information about you via our referral or registration forms, or through interactions with BiH representatives: name, email address, mobile number, date of birth, personal description of your needs, circumstances or preferences, postal addresses, emergency contact details, contact details for your nominated supporters or support provider, details about your university and/or workplace.

We are the controller of this information, and our use of it is set out below. ('How we use your personal data'.)

Activity Information

This is information we collect from your use of our website and mobile application, such as the frequency at which (number of times per day) you use different features or pages of the website or app. With regard to each of your visits to our website and mobile application, we also automatically collect the following technical information:

  1. the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  2. Information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from the website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, mouse-overs, button presses, swipes, and methods used to browse away from the page), and any phone number used to call BiH; and
  3. Anonymised information relating to your individual progress towards goals or the impact BiH has had may also be collected; this may take the form of a verbal survey asked by a BiH representative, or an online written evaluation / questionnaire or feedback form which you complete.

We are the data controllers of this information and our use of it is set out below. ('How we use your personal data'.)

Private Information

We collect this when you input it into your account via our website (e.g., events, activities, problems and solutions) or utilise and share supporting resources (such as your Personal Workbook).

This information is your private information, and we store and keep it safe under the terms of our contract with you. We are the data controller. If we want to use this information (such as for a marketing campaign, case studies or research) we will ask you by way of a formal consent document and you are free to refuse. If you or your funder wants us to share this information with them or a 3rd party (e.g., a supporter) then we will ask for your consent to do so.

Sensitive Information

We collect this when we work with you, such as:

  1. a record of time spent with your Specialists (e.g., a timesheet, documenting the time, date and location of sessions completed or cancelled);
  2. contact with a Response Service, e.g., call recordings or text/email transcripts, and summary notes left by Responders on your account;
  3. contact with external safeguarding partners if required;
  4. contact with a Specialist, e.g., your Specialist Support Record content, session recordings if made, or other records kept by the Specialist, such as Risk Assessments;
  5. contact with a BiH representative, e.g., emails, text/chat transcripts or call recordings or notes; and/or
  6. data collected (notes, recordings, evaluation / questionnaire or feedback) relating to your individual progress towards goals or the impact BiH has had, where this information cannot be anonymised.

We are the data controllers of this information and our use of it is set out below.  However, we only use it to communicate and work with you or your funder, or to quality assure our service.  If we want to use it for any other purpose, we will ask for your permission as we would for Private Information as stated above.

Brain in Hand will process all personal data lawfully, fairly and in a transparent manner. In accordance with Article 6 and to comply with the accountability principle in Article 5(2) as outlined in the UK General Data Protection Regulations.  Brain in Hand processes personal data as follows:

In accordance with our contract with you or your funder, we will use your information to:

  • provide you with services; this includes delivery of one-to-one support sessions, face to face meetings, video meetings which maybe be recorded (if you are under 18 years of age or if you request this) and the delivery of Response Services;
  • personalise the content you receive to support you when using the service;
  • notify you about changes to our service;
  • provide you with user support;
  • enforce our terms, conditions and policies;
  • communicate with you; and
  • report your activity, progress and use of the services to your funder (this excludes all Information that is Private and Sensitive information).

It is in our legitimate interests to be responsive to you and your funder, and to ensure the proper functioning of our products and organisation, we use your information to:

  • produce anonymous statistics and reports as to the usage of our website and mobile applications (this excludes all Information that is Private and Sensitive information);
  • improve the website and mobile application and to ensure our content is presented in the most effective manner for you and your device;
  • administer the website and mobile application for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
  • keep the website and mobile application safe and secure
  • quality assure and evaluate service effectiveness and improve our service and its delivery to you and your funder.

Where Identity or Private information can be anonymised and aggregated (e.g. demographics / characteristics / categories) we may process this data to produce statistics and reports in our legitimate interest to evaluate, improve and promote the effectiveness of Brain in Hand.

If we want to use or share your Private and /or Sensitive Information in a way that could identify you, then we will seek your consent. For example, we might ask for consent so we could carry out a case study for marketing and publicity purposes (e.g., in the form of a short filmed interview or a written testimonial).

At Brain in Hand, we strive to make our system as secure as possible; our aim is to protect your data and the data that we collect when you use our website, system, or other services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We protect all data, in particular data relating to our users and their use of the Brain in Hand system, in a number of ways and follow industry standards where possible.

Any personal data that we collect from you (whether submitted directly or collected through your use of our system) will be reviewed on a regular basis to ensure that we only continue to store and process it under lawful grounds and for an appropriate time period.

Identity Information will be retained in full for two years after you cease to use our services.  Your name, contact details and dates of joining and ceasing will be kept for 7 years for external audit and quality purposes.

Activity Information provided through your use of our system will be held for 2 years after you cease to use the services and then may be held indefinitely in an aggregated and anonymised format to assist us in compiling usage information which helps to inform system development.

Private Information will be stored for up to 2 years after you terminate your use of our services for the purpose of being able to reactivate the licence if needed, or in order to respond to any complaints / queries that may arise.

Sensitive Information will be stored for up to 2 years after you terminate your use of our services in order to respond to any complaints / queries that may arise; timesheets and safeguarding data will be kept for 7 years for external audit purposes.

Access to information

You have the right to access information that we hold about you. If you wish to receive a copy of the information that we hold, please contact dpo@braininhand.co.uk or write to us at the address above.

Changing or deleting your information

You can ask us at any time to change, amend or delete the information that we hold about you or ask us not to contact you with any further marketing information.  You can also ask us to restrict the information that we process about you.

You can request that we change, amend, delete your information or restrict our processing by emailing us at dpo@braininhand.co.uk.

Right to prevent automated decision making

You have a right to ask us to stop any automated decision making. We do not intentionally carry out such activities, but if you do have any questions or concerns, we would be happy to discuss them with you and you can contact us at dpo@braininhand.co.uk.

Transferring Personal Information

You have the right to request that your personal information is transferred by us to another organisation (this is called 'data portability'). Please contact us at dpo@braininhand.co.uk with the details of what you would like us to do, and we will try our best to comply with your request. It may not be technically feasible, but we will work with you to try and find a solution.

Sharing Data

We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you or administer the working relationship with you, or where we have another legitimate interest in doing so.

We require third parties to respect the security of your data and to treat it in accordance with the law. We will only share your Identity and Activity Information with:

  • third party service providers and partners with whom we work to deliver our service to you (for example, specialist setup support partners, traffic light response service);
  • where required by our safeguarding policy;
  • your funding or purchasing organisations, with whom we work to evaluate service delivery and to improve our service and its delivery to you;
  • your support provider or place of use (delivery setting) where you have disclosed this to us, to improve our service and its delivery to you.

We can share your information, of whatever type, with:

  • regulators, law enforcement bodies, government agencies, courts or other third parties where we think it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
  • web hosting and cloud-based storage systems used to provide our service to you and administer our business activities.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We also require third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will not transfer Personal Data outside the EEA or to a third country in the absence of

  • an adequacy decision by the European Commission made in accordance with GDPR Article 45.
  • additional contractual clauses or data addendums provided by the data processor.

If you have any questions about where data is stored please contact us at dpo@braininhand.co.uk

This section of the Brain in Hand privacy statement specifically describes how Brain in Hand Ltd collects and uses the information you have in your Google Calendar account via the optional integration with the Brain in Hand app. 

Data collection

It is your choice whether to connect your Google Calendar account to your Brain in Hand account or not.

If you choose to connect, we will store some information about your Google Calendar events in your Brain in Hand account so that you can see them in your Brain in Hand app. We will NOT transfer information from your Brain in Hand account to your Google Calendar account.

If you choose to connect it, we will store:

  • The calendar details - your calendar ID and the username (email address)
  • For each Google Calendar external event:
    • ID number
    • A URL for the source (only accessible to the user in a browser where the account is signed in)
    • Source account ID (the same as calendar ID above)
    • Event name/title
  • For each Google Calendar external event to which you have added Brain in Hand problems and/or solutions, we will also store:
    • Start and end date and time
    • Sequence ID and start/end dates (for recurring events)
    • Time zone of the event
    • Event description, if there is one
    • Event location, if there is one
    • Brain in Hand activity ID
    • Colour assigned to the event

We will NOT store:

  • Any other information about your Google Calendar events
  • Information about your contacts

You can choose to disconnect your Google Calendar from your Brain in Hand account at any time through your Brain in Hand mobile app.

Data use

If you choose to connect your Google Calendar account to your Brain in Hand account, we will use this data to:

  • show basic information about your Google Calendar events – name, date, time and location
  • allow you to add BiH Activities, Problems and Solutions to Google Calendar events
  • review Solutions (and the Google Calendar event associated with the Solution press) on your Brain in Hand Timeline.

If you later choose to disconnect your Google Calendar account from your Brain in Hand account:

  • for Google Calendar events which you HAVE NOT pressed a Solution for, all information about that event will be deleted from your Brain in Hand account
  • for Google Calendar events which you HAVE interacted with (e.g. by marking as Done, or pressing a Solution for) all information about that event will be deleted from your Brain in Hand Diary, but the Google Calendar event name will still be displayed on the relevant Timeline event to help your later reflection activities.

Limited use disclosure

Brain in Hand’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

BiH maintains a specific policy relating to any recordings and transcriptions of our interactions with service users. You can view the full policy here.

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at dpo@braininhand.co.uk and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office.

If you have any questions or comments about how we use your information, please email us at dpo@braininhand.co.uk. You can also write to Brain in Hand Ltd, Broadwalk House, Southernhay West, Exeter EX1 1T.

Cookies policy

Brain in Hand uses cookies on www.braininhand.co.uk (the 'Service'). By using the Service, you consent to the use of cookies. Our Cookies Policy explains what cookies are, how we use cookies, how third­-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third ­party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be 'persistent' or 'session' cookies.

When you use and access the Service, we may place a number of cookies files in your web browser. We use cookies for the following purposes: to enable certain functions of the Service; to provide analytics; to store your preferences.

We use both session and persistent cookies on the Service. We may use essential cookies, for example, to authenticate users and prevent fraudulent use of user accounts.

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

You can learn more about cookies and the following third-­party websites:

AllAboutCookies: http://www.allaboutcookies.org/

Get in touch

Have any questions? Want more information? Please contact us using the button below.