Privacy Policy

Last updated: 29 September 2025

This Privacy Policy explains how NEUROWELL HUB CIC (“we”, “us”, “our”) collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

NEUROWELL HUB CIC is the data controller. Our registered office is 5 Laburnum Road, Prenton, CH43 5RP.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

We will only collect what is necessary and relevant for the purposes described below.

3. How We Use Your Personal Data

We may use your personal data for the following purposes:

  • To provide, operate, improve and maintain our website, services, or products

  • To process your inquiries, requests, orders, support

  • To send administrative information, updates, notices, changes to policies

  • To manage your account (if applicable)

  • To send you marketing communications (only if you opt in or where permitted by law)

  • To comply with legal or regulatory obligations

  • To detect, prevent and address security issues or fraud

4. Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

  • Contract: processing necessary for performance of a contract or taking steps prior to entering a contract

  • Legitimate interests: where processing is necessary for our legitimate interests (unless overridden by your rights)

  • Consent: where you have given clear consent (e.g. for marketing communications)

  • Legal obligation: to comply with legal or regulatory obligations

  • Vital interests: to protect life in emergencies (rare)

Where we process special category data (e.g. health information), we will only do so if one of the additional conditions under UK GDPR is met (e.g. explicit consent, necessary for health or social care, etc.).

5. Disclosure of Your Data

We may share your personal data with:

  • Service providers, contractors, or agents who help us operate or manage the website or perform functions on our behalf

  • Third parties required by law or regulatory authority

  • Professional advisors (e.g. legal, auditors)

  • Any successor in the event of a merger, acquisition, or restructuring

We require such third parties to treat your data securely and only in accordance with our instructions and applicable law.

6. International Transfers

If we transfer your data outside the UK (or European Economic Area, where applicable), we will do so only if appropriate safeguards are in place (e.g. standard contractual clauses, adequacy decisions) to ensure your data is protected.

7. Data Retention

We will retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. When no longer needed, we will securely delete or anonymize it.

8. Security

We implement appropriate technical and organisational measures to safeguard personal data from unauthorized or unlawful processing, accidental loss, damage or destruction. However, no method of transmission or storage is entirely secure, so we cannot guarantee absolute security.

9. Your Rights

Under UK GDPR, you have certain rights regarding your personal data, including:

  • Right to access your data (subject access request)

  • Right to correct inaccurate or incomplete data

  • Right to erase or restrict processing (right to be forgotten)

  • Right to object to processing (including direct marketing)

  • Right to data portability (where applicable)

  • Right to withdraw consent (where processing is based on consent)

  • Right to lodge a complaint with the Information Commissioner’s Office (ICO)

If you wish to exercise any of these rights, contact us using the details below. We will respond within statutory time limits.

10. Automated Decision-Making / Profiling

We do not currently use automated decision-making or profiling to make significant decisions about you without human intervention. If we do in the future, appropriate safeguards will be in place, and you will be informed.

11. Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16 without parental or guardian consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version together with the “Last updated” date. Continued use of our site after changes means acceptance of the revised policy.

13. Contact Information

If you have any questions or concerns about this policy or our data practices, or wish to exercise your rights, please contact:

Email: info@neurowellhub.co.uk