top of page

Privacy and Data Protection Policy

​1. Introduction

Brilliant Brain Dyslexia Services is committed to safeguarding the privacy and personal data of our service users, supporters, and staff. This Privacy and Data Protection Policy explains how we collect, use, store, and protect your personal data, in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

​

2. Purpose of the Policy

The purpose of this policy is to ensure that:

  • We handle personal data lawfully, fairly, and transparently.

  • We only collect and process data for specified, legitimate purposes.

  • Data is kept accurate, secure, and up to date.

  • We respect the rights of individuals regarding their personal data.

  • We comply with all legal obligations concerning data protection and privacy.

​

3. Scope

This policy applies to:

  • All staff, trustees, volunteers, and contractors of Brilliant Brain Dyslexia Services.

  • Any personal data we process about individuals who use our services, donate to us, or engage with us.

It covers all forms of data processing, including electronic, paper-based, and verbal communications.

​

4. What Information We Collect

We collect and process different types of personal information, including but not limited to:

  • Personal identification information: Name, address, phone number, email address.

  • Service-specific information: Details of dyslexia assessments, learning needs, and support services provided.

  • Financial information: Payment details for services or donations.

  • Communication preferences: Consent for receiving marketing or other communications.

  • Website data: Information gathered from cookies and other tracking technologies when you use our website.

​

5. How We Collect Your Data

We collect personal data through various means, including:

  • Directly from you when you fill out forms, contact us, or register for services.

  • Automatically when you interact with our website (e.g., cookies).

  • From third parties (e.g., referrals from educational institutions or professionals), where you have given consent.

​

6. Legal Basis for Processing Data

We process personal data on the following legal grounds:

  • Consent: When you provide explicit consent for us to process your data for specific purposes.

  • Contractual necessity: When we need to process your data to deliver our services or fulfill a contract.

  • Legitimate interests: When it is in our legitimate interest to process your data, without overriding your privacy rights.

  • Legal obligations: When processing is required to comply with the law (e.g., safeguarding or financial reporting).

​

7. How We Use Your Information

We use your personal data for the following purposes:

  • To provide dyslexia assessments, learning support, and educational resources.

  • To manage our relationship with you, including responding to inquiries and processing service bookings.

  • To send you updates, newsletters, and other communications, where you have opted-in.

  • To process payments or donations.

  • To improve our services through analysis of website data and user feedback.

  • To comply with legal and regulatory requirements.

​

8. Cookies and Website Usage

Our website uses cookies to:

  • Enhance user experience by remembering preferences.

  • Analyze how visitors use our website, enabling us to improve it.

You can manage your cookie preferences through your browser settings. However, disabling cookies may affect the functionality of our website.

​

9. Sharing and Disclosure of Data

We only share personal data with third parties in the following cases:

  • With your explicit consent.

  • When necessary to provide services (e.g., sharing with educational professionals or assessors).

  • When required by law (e.g., for safeguarding purposes or legal reporting).

  • With trusted third-party service providers (e.g., IT, payment processors), under strict GDPR-compliant agreements.

We do not sell or rent personal data to third parties.

​

10. Data Security

We are committed to protecting the security of your personal data. Measures we use to safeguard your information include:

  • Encryption of sensitive data.

  • Secure storage of both electronic and physical records.

  • Access controls that ensure only authorized personnel can access personal data.

  • Regular data protection training for staff and volunteers.

In the event of a data breach, we will follow legal procedures to notify affected individuals and the appropriate authorities as required by law.

​

11. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods may vary depending on:

  • Legal obligations (e.g., financial or safeguarding requirements).

  • The duration of our relationship with you as a service user, donor, or supporter.

When data is no longer required, it will be securely deleted or anonymized.

​

12. Your Data Protection Rights

Under data protection laws, you have the following rights regarding your personal data:

  • Right to access: You have the right to request copies of the personal data we hold about you.

  • Right to rectification: You can request corrections to inaccurate or incomplete data.

  • Right to erasure: You can ask for your data to be erased in certain circumstances (also known as the "right to be forgotten").

  • Right to restrict processing: You can request limitations on how we process your data.

  • Right to object: You can object to the processing of your data, especially for direct marketing purposes.

  • Right to data portability: You can request a copy of your data in a commonly used format to transfer to another service provider.

If you wish to exercise any of these rights, please contact us using the details provided in Section 15.

​

13. Children’s Data

When collecting or processing personal data from children (under 18), we ensure appropriate parental or guardian consent is obtained. We take additional steps to protect children’s data and ensure it is used responsibly.

​

14. Third-Party Service Providers

We use third-party service providers to process personal data on our behalf (e.g., IT services, payment processing). These providers are carefully vetted to ensure they comply with data protection laws and implement adequate security measures.

Where services are outsourced, we ensure that:

  • Data is only processed for specified purposes.

  • The service provider complies with GDPR.

  • Data protection agreements are in place.

 

15. Contact Information and Complaints

If you have any questions about this policy, concerns about your data, or wish to exercise your data rights, please contact:

Data Protection Officer
Brilliant Brain Dyslexia Services
Email: BrilliantBrainDyslexia@outlook.com

If you believe your data protection rights have been breached, you can also lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

 

16. Changes to This Policy

We regularly review this policy to ensure it meets legal requirements and reflects changes in our practices. Any significant changes will be communicated to users through our website or direct communications.

 

Date of Last Review: 14th September 2024
Next Review Due: 13th September 2025

​

Signed:

Karyn Cecchini Owner, and Data Protection Officer, Brilliant Brain Dyslexia Services

​

bottom of page