Privacy Policy
Clear guidance, accountability, and confidence in how we work
If you need the privacy policy in a different format, or if you have questions, just get in touch
This privacy notice explains how The Neurodivergence Project collects, uses, stores and shares personal data when you use our website, contact us, make a referral, access our services, buy products or courses, make a donation, sign up to communications, or otherwise interact with us through our website. It also explains your privacy rights and how to contact us about data protection matters.
01. Who we are
The Neurodivergence Project is a Charitable Incorporated Organisation registered with the Charity Commission for England and Wales. Our registered charity number is: 1214215. For the purposes of UK data protection law, we are the data controller for the personal data described in this policy.
| Contact point | Details |
|---|---|
| Website | www.neurodivergenceproject.org |
| info@neurodivergenceproject.org | |
| Telephone | 0300 302 0373 |
| Contact address | Lytchett House, 13 Freeland Park, Wareham Road, Poole, BH16 6FA |
| Data Protection Officer | Mr Liam Emanuel, Secretary Trustee |
| DPO email | liam.emanuel@neurodivergenceproject.org. |
02. Scope of this policy
This notice covers website users, participants, donors, customers, newsletter subscribers, referrers, parents and carers, professionals and other people who contact us or use our website services. It also covers personal data provided through contact forms, enquiry forms, referral forms, bookings, event registrations, shop checkout, donations, newsletter sign-up, surveys, testimonials and similar website interactions.
This notice does not cover staff, trustee, volunteer, sessional worker or contractor onboarding. Separate internal documents apply to those relationships, including onboarding, safeguarding and DBS checks.
Children and young people
Our website is intended for adults, parents and carers, professionals, supporters, donors, and children and young people who may use our resources. Children and young people under 18 do not complete our participant forms themselves. Where we collect information about someone under 18, this is provided by a parent/carer, GP, school, referrer or other professional.
03. The personal data we collect
Personal data means any information that identifies you, or could identify you when combined with other information. We may collect, use, store and share the following kinds of personal data:
- Identity data: name, title, date of birth, age or age range, participant details, parent/carer details and referrer details.
- Contact data: email address, telephone number, postal address, billing address and delivery address.
- Referral and enquiry data: information you provide when contacting us, making or supporting a referral, booking a call, registering for an event, asking for support, or using our services.
- Participant and support data: information about support needs, accessibility needs, reasonable adjustments, neurodivergence-related information, GP details, professional/referrer details and relevant service notes.
- Health and other special category data: health information, neurodivergence-related information, accessibility information and Equality, Diversity, Inclusion and Belonging monitoring information where relevant.
- Financial, donation and transaction data: order details, donation details, billing details, payment confirmation, payment references, donation history, Gift Aid information where applicable and related finance records. We do not store full card details.
- Marketing and communication data: newsletter preferences, marketing consent, unsubscribe records and records of messages we send to or receive from you.
- Images, video, stories and testimonials: photographs, videos, case studies, feedback, stories and testimonials where you provide them or consent to their use.
- Technical and website data: IP address, browser type, device information, pages viewed, cookie preferences, analytics information and security logs.
- Aggregated or anonymous data: statistical or demographic information used for service monitoring, reporting and improvement where it no longer identifies you.
Special category data
Some information we collect may be more sensitive under data protection law. This includes health information, neurodivergence-related information, accessibility information and some EDIB monitoring information. We only ask for this type of information where it is relevant to the service, referral, adjustment, safeguarding, monitoring or support being provided. EDIB monitoring questions are optional.
Where our forms ask for health, neurodivergence-related, accessibility or EDIB information, we ask people to confirm that they have read this privacy policy. Where data protection law requires consent or explicit consent, we will ask for this clearly. Depending on the context, we may also rely on another lawful condition under data protection law, for example where information is needed for safeguarding, vital interests, substantial public interest, equality monitoring, legal claims, or to provide appropriate support services.
Criminal conviction and offence information
We do not normally collect criminal conviction or offence information from website users, participants, donors, customers, newsletter subscribers or referrers. Where we carry out DBS checks or process criminal offence information for trustees, staff, volunteers, sessional workers or contractors, this is handled separately as part of our internal onboarding and safeguarding procedures.
04. How we collect personal data
We collect personal data in several ways, including:
- when you complete a website contact form, referral form, booking form, volunteer form, participant form, professional referral form, resource form, survey, event registration or testimonial form;
- when you sign up to our newsletter or ask to receive updates;
- when you buy products or courses, make a donation, or use checkout and payment pages;
- when you contact us by email, phone, WhatsApp or another communication route;
- when a parent, carer, GP, school, referrer or professional provides relevant information to us;
- when you attend our events, courses, coaching, support activities or groups;
- when you use our website, resource hub or cookie settings; and
- from our third-party systems and service providers where this is necessary to operate the website, services, donations, payments, events, communications, records and security.
05. How and why we use personal data
We only use personal data where the law allows us to. In practice, this means using information to provide services, support, bookings, events, purchases or referrals you have asked for, to communicate with you, to meet our legal responsibilities, and to run the charity safely, fairly and effectively.
| Purpose or activity | Types of data | Lawful basis and reason |
|---|---|---|
| Responding to enquiries and contact forms | Identity, contact, enquiry and communication data | Legitimate interests - so we can respond to enquiries and run the charity effectively - and contract where your enquiry relates to a booking, purchase or paid service. We may also rely on consent where you choose to provide optional information. |
| Managing referrals, support, coaching and participant services | Identity, contact, referral, participant, support, accessibility and relevant special category data | To arrange and provide support, coaching and related services. Depending on the circumstances, this may rely on contract, legitimate interests, legal duties, and an appropriate additional condition for sensitive information. Where explicit consent is required, we will ask for it clearly. |
| Receiving referral and support information for children and young people under 18 from a parent, carer, guardian, referrer or another appropriate adult or professional | Child or young person details, parent, carer, guardian, referrer or professional details, and relevant support or safeguarding information | We use this information to consider or provide support, make reasonable adjustments, protect welfare and meet safeguarding duties. Depending on the circumstances, this may include contract, legitimate interests, legal obligation, vital interests, or another appropriate condition for sensitive information. |
| Providing courses, events, bookings, products, downloads and customer support | Identity, contact, booking, order, transaction, communication and service data | Contract - to provide a booking, event, purchase, course, download or other service you have asked for - together with legitimate interests to manage the charity properly and legal obligations where we must keep related records. |
| Processing donations, fundraising records and donor administration | Identity, contact, donation, transaction, Gift Aid where applicable and communication data | Legitimate interests to manage supporter relationships and donations, consent where needed, and legal obligations for financial, tax, Gift Aid and accounting records |
| Sending newsletters, updates and marketing communications | Identity, contact, marketing preferences, consent and unsubscribe records | Consent for email marketing where required, and legitimate interests for service-related communications that are not marketing |
| Using photographs, videos, stories, testimonials and case studies | Images, video, audio, story, testimonial and consent records | Consent. In some cases we may also rely on legitimate interests where the use is fair, limited and expected. For children and young people, we take particular care to obtain appropriate consent. |
| Making reasonable adjustments and delivering services safely | Accessibility, support, health, neurodivergence-related and communication data | To provide appropriate support, make reasonable adjustments and deliver services safely. Depending on the circumstances, this may rely on legitimate interests, contract, legal obligation and an appropriate additional condition for sensitive information. Where explicit consent is required, we will ask for it clearly. |
| Safeguarding, emergency concerns, welfare concerns, complaints and legal duties | Relevant identity, contact, referral, support, safeguarding, health, communication and incident information | Where we need to protect someone, respond to a concern or comply with the law. This may rely on legal obligation, vital interests, substantial public interest, or another relevant lawful basis where appropriate. |
| Finance, administration, audit, insurance, compliance and governance | Identity, contact, financial, transaction, donation, order and communication data | Legal obligations and legitimate interests to run the charity responsibly, keep records, and meet audit, insurance and governance requirements |
| Operating, securing and improving the website | Technical data, usage data, cookie preferences, security logs and analytics data | Legitimate interests to operate, secure and improve the website, consent for non-essential cookies where required, and legal obligations where applicable |
| Anonymous or aggregated funder reporting, impact reporting and service monitoring | Aggregated, anonymous or de-identified statistics and outcomes | Legitimate interests. We use anonymous or aggregated information wherever possible. Identifiable information is only shared where there is a clear lawful reason, such as consent, safeguarding or a legal requirement. |
06. Newsletters and marketing
We may send newsletters, updates and marketing emails where you have opted in or where the law otherwise allows us to contact you. We use systems including Mailchimp, MailerLite and Infoodle depending on the purpose of the communication. You can unsubscribe using the link in our emails or by contacting us.
Opting out of marketing will not stop us from sending necessary service, donation, order, booking, safeguarding, legal or administrative communications.
07. Cookies and similar technologies
Our website uses necessary cookies to make the website and online shop work properly, accessibility cookies to remember accessibility settings, analytics cookies to help us understand how the website is used, and marketing cookies or pixels to help us understand the effectiveness of advertising and content. This may include tools such as Google Analytics, Google Ads and Meta Pixel.
Non-essential cookies are only used where consent is required and has been given through the cookie banner. You can also control cookies through your browser settings. Some necessary cookies cannot be switched off because the website or shop may not work properly without them.
08. Photos, videos, stories and testimonials
We may use photos, videos, stories or testimonials on our website, social media, newsletters, fundraising materials, funder reports, printed materials, press materials or at events, but only where this is appropriate and consent has been obtained through the relevant sign-up, booking, referral or consent process. For children and young people, we take particular care to obtain appropriate consent from a parent, carer, guardian or other authorised adult.
You can ask us to remove a post, image, story or testimonial at any point. We will act on reasonable requests where we can, although we may not be able to recall materials that have already been printed, shared by others, or archived outside our control.
09. Who we share personal data with
We only share personal data where necessary, proportionate and lawful. Access inside the charity is limited to people who need it for their role, such as trustees, staff, volunteers, sessional workers, contractors, finance/admin team members and safeguarding leads.
External organisations and people
Where needed, we may share relevant personal data with:
- GPs, schools, referrers, emergency contacts and, where appropriate, parents, carers or guardians, as well as local authorities, safeguarding agencies and emergency services;
- funders, where reporting is required. We use anonymous or aggregated information wherever possible;
- accountants, auditors, insurers, HMRC, the Charity Commission, legal advisers and other professional advisers;
- IT providers, website providers, cloud storage providers, communication platforms, payment providers, event platforms and other service providers who help us operate the charity; and
- regulators, courts, law enforcement or other public authorities where required by law or where there is a serious safeguarding, welfare or legal concern.
Service providers and systems
We use a range of systems and suppliers to run our website, communications, services, shop, donations, accounting and administration. These may include Microsoft, Google, Infoodle, Krystal Hosting, WhatsApp, Meta, WooCommerce, Stripe, PayPal, Fundraise Up, Mailchimp, MailerLite, Xero and Eventbrite.
Payment card details are handled securely by payment providers such as Stripe and PayPal. The Neurodivergence Project does not store full card details. Fundraise Up is used as a fundraising and donation platform and may hold donor details where relevant.
Safeguarding and emergencies
Where we have a legal duty or a serious safeguarding, welfare or emergency concern, we may use or share relevant personal information to protect a person, prevent harm, respond to concerns, comply with the law, or work with appropriate agencies.
We may use WhatsApp for practical communications, such as volunteer groups or participant travel groups. We do not routinely use WhatsApp to share sensitive information, but it may be used where necessary in an emergency or where there is another clear and appropriate reason.
Third-party links
Our website may include links to third-party websites, plug-ins and applications. Clicking those links or enabling those connections may allow third parties to collect or share information about you. We do not control third-party websites and are not responsible for their privacy policies.
10. International transfers
Some of our suppliers or systems may store or process personal data outside the UK. Where this happens, we take steps to make sure appropriate safeguards are in place. This may include relying on UK adequacy regulations, approved contractual protections, or other lawful safeguards.
11. Data security
We use appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, alteration or disclosure. We limit access to personal data to people and service providers who need it for a legitimate role or purpose. They are expected to protect the information and use it only as instructed or as the law allows.
We have procedures to deal with suspected personal data breaches. Where legally required, we will notify affected individuals and the Information Commissioner’s Office.
12. Data retention
We do not keep personal data for longer than we need it. How long we keep information depends on why it was collected, the type of record involved, and any legal, safeguarding, funding, insurance or accountability requirements.
| Record type | Typical retention approach |
|---|---|
| General enquiries | Usually up to 5 years after the enquiry is dealt with, unless a longer period is needed for safeguarding, complaints, legal or service reasons. |
| Referral, support and coaching records | Usually up to 7 years after last contact, unless safeguarding, legal, complaint, funding, insurance or accountability reasons mean longer. |
| Donor, fundraising, finance, shop and order records | Usually at least 6 years, or longer where required for tax, accounting, Gift Aid, audit, legal or regulatory reasons. |
| Newsletter records | Until you unsubscribe, withdraw consent, or the mailing list is cleaned, unless we need to keep a suppression record to respect your unsubscribe request. |
| Photos, videos, stories, testimonials and consent records | Until no longer needed or consent is withdrawn, unless there is a legal or accountability reason to keep a record of consent, withdrawal or previous use. |
| Website analytics and cookie information | In line with our Cookie Policy and cookie settings, unless information is anonymised or aggregated. |
| Safeguarding, welfare and serious incident records | Kept securely for as long as needed for safeguarding, legal, insurance, regulatory or accountability reasons. This may be longer than ordinary service records. |
13. Your legal rights
Depending on the circumstances, you may have the following rights under data protection law. These rights do not all apply in every situation, but they may include:
- the right to be informed about how we use your personal data;
- the right to request access to the personal data we hold about you;
- the right to ask us to correct inaccurate or incomplete personal data;
- the right to ask us to erase personal data in certain circumstances;
- the right to ask us to restrict how we use personal data in certain circumstances;
- the right to object to certain uses of personal data, including direct marketing;
- the right to ask for certain personal data you have provided to us to be given to you in a usable electronic format;
- the right to withdraw consent where consent is the lawful basis for processing; and
- the right to complain to the Information Commissioner’s Office.
If you want to exercise your rights, please contact our Data Protection Officer using the details in section 1. We may need to ask for information to confirm your identity before responding. We normally respond to valid requests within one month, but this may take longer if the request is complex or if you make multiple requests.
You do not usually have to pay a fee to exercise your rights. We may charge a reasonable fee or refuse to comply where a request is clearly unfounded, repetitive or excessive.
14. Automated decision-making
We do not make decisions about you using solely automated systems that have legal or similarly significant effects, such as automatically accepting or rejecting referrals, support requests, coaching access, funding support or eligibility without human involvement.
15. Keeping your information up to date
Please tell us if your personal data changes during your relationship with us. It is important that the personal data we hold is accurate and current.
16. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our services, systems or legal duties. The latest version will always be available on our website. This policy was last updated on 23 April 2026.
17. Queries, requests and complaints
For data protection queries, requests or complaints, please contact our Data Protection Officer:
- Mr Liam Emanuel, Secretary Trustee and Data Protection Officer
- Email: liam.emanuel@neurodivergenceproject.org. Please also copy info@neurodivergenceproject.org where possible.
- Telephone: 0300 302 0373
- Address: Lytchett House, 13 Freeland Park, Wareham Road, Poole, BH16 6FA
If you are not satisfied with our response, you can complain to the Information Commissioner’s Office, the UK regulator for data protection. The ICO helpline is 0303 123 1113. The ICO postal address is Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also visit the ICO make a complaint page.
Sign Up to Our Newsletter
Remember you can unsubscribe at any time. Find out about how we use and store your personal data.