Menu Close

Privacy and Cookie Policy

This page was last updated on August 20th 2021.

Privacy policy

Brain in Hand Limited is committed to protecting and respecting your privacy. Please read the following notice carefully so that you understand your rights in relation to this information, including how your information will be collected and processed.

We are a limited company registered in England and Wales with a registered office at Hampton House, 23 Longbrook Street, Exeter, EX4 6AB, contactable at dpo@braininhand.co.uk. For the purpose of the General Data Protection Regulation (‘GDPR’), we are the data controller of some of your information and the data processor of other parts. This is explained below.

In this notice, where we say ‘you’ or ‘your’, this means either you or any authorised person acting on your behalf. Where we say ‘we’, ‘us’ or ‘our’, this means Brain in Hand Limited. We may also abbreviate Brain in Hand to ‘BiH’.

The types of personal data we use

The personal data we collect or hold about you:

  1. will be provided by you directly when enquiring about or signing up for our service or provided by someone who enquires on your behalf or refers you to BiH. We call this your Identity Information in this document;
  2. will be created by your activity on your account, the website and mobile application, such as when you use BiH and how often; or through evaluation of your progress using BiH. We call this your Activity Information in this document;
  3. will come from you entering account content into your website, mobile application or supporting resources (e.g., your personal workbook). We call this your Private Information in this document; and/or
  4. will come from you through communication with BiH representatives, via Specialist Support sessions and records, or Response Service interactions. We call this your Sensitive Information in this document.

These four are listed below in more detail.

Identity Information

We may collect and use the following identity information about you via our referral or registration forms, or through interactions with BiH representatives: name, email address, mobile number, date of birth, personal description of your needs, circumstances or preferences, postal addresses, emergency contact details, contact details for your nominated supporters or support provider, details about your university and/or workplace.

We are the controller of this information, and our use of it is set out below. ('How we use your personal data'.)

Activity Information

This is information we collect from your use of our website and mobile application, such as the frequency at which (number of times per day) you use different features or pages of the website or app. With regard to each of your visits to our website and mobile application, we also automatically collect the following technical information:

  1. the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  2. Information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from the website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, mouse-overs, button presses, swipes, and methods used to browse away from the page), and any phone number used to call BiH; and
  3. Anonymised information relating to your individual progress towards goals or the impact BiH has had may also be collected; this may take the form of a verbal survey asked by a BiH representative, or an online written evaluation / questionnaire or feedback form which you complete.

We are the data controllers of this information and our use of it is set out below. ('How we use your personal data'.)

Private Information

We collect this when you input it into your account via our website (e.g., events, activities, problems and solutions) or utilise and share supporting resources (such as your Personal Workbook).

This information is your private information, and we have no right to use it. We are only a data processor – you are the data controller. If we want to use it (such as for a marketing campaign, case studies or research) we will ask you by way of a formal consent document and you are free to refuse. If you or your funder wants us to share this information with them or a 3rd party (e.g., a supporter) then we will ask for your consent to do so.

Sensitive Information

We collect this when we work with you, such as:

  1. a record of time spent with your Specialists (e.g., a timesheet, documenting the time, date and location of sessions completed or cancelled);
  2. contact with a Response Service, e.g., call recordings or text/email transcripts, and summary notes left by Responders on your account;
  3. contact with external safeguarding partners if required;
  4. contact with a Specialist, e.g., your Specialist Support Record content, session recordings if made, or other records kept by the Specialist, such as Risk Assessments;
  5. contact with a BiH representative, e.g., emails, text/chat transcripts or call recordings or notes; and/or
  6. data collected (notes, recordings, evaluation / questionnaire or feedback) relating to your individual progress towards goals or the impact BiH has had, where this information cannot be anonymised.

We are the data controllers of this information and our use of it is set out below.  However, we only use it to communicate and work with you or your funder, or to quality assure our service.  If we want to use it for any other purpose, we will ask for your permission as we would for Private Information as stated above.

How we use your personal data

Brain in Hand will process all personal data lawfully, fairly and in a transparent manner. In accordance with Article 6 and to comply with the accountability principle in Article 5(2) as outlined in the UK General Data Protection Regulations.  Brain in Hand processes personal data as follows:

In accordance with our contract with you or your funder, we will use your information to:

  • provide you with services; this includes delivery of one-to-one support sessions, face to face meetings, video meetings which maybe be recorded (if you are under 18 years of age or if you request this) and the delivery of Response Services;
  • personalise the content you receive to support you when using the service;
  • notify you about changes to our service;
  • provide you with user support;
  • enforce our terms, conditions and policies;
  • communicate with you; and
  • report your activity, progress and use of the services to your funder (this excludes all Information that is Private and Sensitive information).

It is in our legitimate interests to be responsive to you and your funder, and to ensure the proper functioning of our products and organisation, we use your information to:

  • produce anonymous statistics and reports as to the usage of our website and mobile applications (this excludes all Information that is Private and Sensitive information);
  • improve the website and mobile application and to ensure our content is presented in the most effective manner for you and your device;
  • administer the website and mobile application for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
  • keep the website and mobile application safe and secure
  • quality assure and evaluate service effectiveness and improve our service and its delivery to you and your funder.

Where Identity or Private information can be anonymised and aggregated (e.g. demographics / characteristics / categories) we may process this data to produce statistics and reports in our legitimate interest to evaluate, improve and promote the effectiveness of Brain in Hand.

If we want to use or share your Private and /or Sensitive Information in a way that could identify you, then we will seek your consent. For example, we might ask for consent so we could carry out a case study for marketing and publicity purposes (e.g., in the form of a short filmed interview or a written testimonial).

How we secure your personal data

At Brain in Hand, we strive to make our system as secure as possible; our aim is to protect your data and the data that we collect when you use our website, system, or other services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We protect all data, in particular data relating to our users and their use of the Brain in Hand system, in a number of ways and follow industry standards where possible.

Data retention

Any personal data that we collect from you (whether submitted directly or collected through your use of our system) will be reviewed on a regular basis to ensure that we only continue to store and process it under lawful grounds and for an appropriate time period.

Identity Information will be retained in full for two years after you cease to use our services.  Your name, contact details and dates of joining and ceasing will be kept for 7 years for external audit and quality purposes.

Activity Information provided through your use of our system will be held for 2 years after you cease to use the services and then may be held indefinitely in an aggregated and anonymised format to assist us in compiling usage information which helps to inform system development.

Private Information will be stored for up to 2 years after you terminate your use of our services for the purpose of being able to reactivate the licence if needed, or in order to respond to any complaints / queries that may arise.

Sensitive Information will be stored for up to 2 years after you terminate your use of our services in order to respond to any complaints / queries that may arise; timesheets and safeguarding data will be kept for 7 years for external audit purposes.

Your rights

Access to information

You have the right to access information that we hold about you. If you wish to receive a copy of the information that we hold, please contact dpo@braininhand.co.uk or write to us at the address above.

Changing or deleting your information

You can ask us at any time to change, amend or delete the information that we hold about you or ask us not to contact you with any further marketing information.  You can also ask us to restrict the information that we process about you.

You can request that we change, amend, delete your information or restrict our processing by emailing us at dpo@braininhand.co.uk.

Right to prevent automated decision making

You have a right to ask us to stop any automated decision making. We do not intentionally carry out such activities, but if you do have any questions or concerns, we would be happy to discuss them with you and you can contact us at dpo@braininhand.co.uk.

Transferring Personal Information

You have the right to request that your personal information is transferred by us to another organisation (this is called “data portability”). Please contact us at dpo@braininhand.co.uk with the details of what you would like us to do, and we will try our best to comply with your request. It may not be technically feasible, but we will work with you to try and find a solution.

Sharing Data

We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you or administer the working relationship with you, or where we have another legitimate interest in doing so.

We require third parties to respect the security of your data and to treat it in accordance with the law. We will only share your Identity and Activity Information with:

  • third party service providers and partners with whom we work to deliver our service to you (for example, specialist setup support partners, traffic light response service);
  • where required by our safeguarding policy;
  • your funding or purchasing organisations, with whom we work to evaluate service delivery and to improve our service and its delivery to you;
  • your support provider or place of use (delivery setting) where you have disclosed this to us, to improve our service and its delivery to you.

We can share your information, of whatever type, with:

  • regulators, law enforcement bodies, government agencies, courts or other third parties where we think it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
  • web hosting and cloud-based storage systems used to provide our service to you and administer our business activities.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We also require third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Export

We will not transfer Personal Data outside the EEA or to a third country in the absence of an adequacy decision by the European Commission made in accordance with GDPR Article 45.

Recordings

BiH maintains a specific policy relating to any recordings and transcriptions of our interactions with service users. You can view the full policy here.

Complaints

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at dpo@braininhand.co.uk and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office.

Contact

If you have any questions or comments about how we use your information, please email us at dpo@braininhand.co.uk. You can also write to Brain in Hand Ltd, Hampton House, 23 Longbrook Street, Exeter, EX4 6AB.

Cookies policy

Brain in Hand uses cookies on www.braininhand.co.uk (the 'Service'). By using the Service, you consent to the use of cookies. Our Cookies Policy explains what cookies are, how we use cookies, how third­-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

What are cookies?

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third ­party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be 'persistent' or 'session' cookies.

How Brain in Hand uses cookies

When you use and access the Service, we may place a number of cookies files in your web browser. We use cookies for the following purposes: to enable certain functions of the Service; to provide analytics; to store your preferences.

We use both session and persistent cookies on the Service. We may use essential cookies, for example, to authenticate users and prevent fraudulent use of user accounts.

We use cookies to enable our online live chat communication provided by Click4Assistance. Information about the types of cookies used and the data stored and processed by Click4Assistance can be found by clicking here.

Your choices regarding cookies

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

Where can you find more information about cookies

You can learn more about cookies and the following third-­party websites: