Privacy Policy

Last updated: 01/10/2025

1. Introduction
We (“we”, “us”, “our”) at www.brain-storm.uk value your privacy and are committed to protecting your personal data. This policy explains how we collect, use, store and share your personal information when you use our website www.brain-storm.uk and our services, in accordance with UK data-protection law (including the UK GDPR and the Data Protection Act 2018).

2. Data Controller
We are the data controller for the purposes of this policy.
If you have any questions about this policy or how we handle your data, please contact:
David Catchpole
Brainstorm
Unit 6, 11 Walters Close, Snodland, Kent, ME6 5GU
Email: support@brain-storm.uk
Telephone: 01634907169

3. What personal data we collect
We may collect the following types of personal data in connection with your use of our website and services:

  • Name, email address, telephone number, postal address (e.g., when you book a session or contact us)

  • Payment details (processed via secure third-party payment provider; we do not store full card details)

  • IP address, browser and device information, usage data (when you visit our website)

  • Any other information you voluntarily provide (for example via contact forms)

4. How and why we use your data (purpose & lawful basis)
We will use your personal data for the following purposes:

  • To provide and manage the services you request (such as your booking of a session) — lawful basis: contract performance.

  • To send you confirmations, receipts, and necessary administrative communications — lawful basis: contract performance or our legitimate interests of running our business.

  • To respond to your enquiries and communicate with you — lawful basis: our legitimate interests.

  • To improve our website, services and user experience — lawful basis: our legitimate interests.

  • To comply with legal obligations (for example accounting, tax, audit) — lawful basis: compliance with legal obligations.

If we rely on your consent (for example for marketing communications, if applicable), you will be given the opportunity to withdraw that consent at any time.

5. Cookies and tracking technologies
We use cookies and similar tracking technologies on our website to distinguish you from other users, to improve user experience and for analytics purposes. You can find full details in our Cookie Policy [link to cookie policy].
You will be given the opportunity to consent to non-essential cookies.

6. Who we share your personal data with
We may share your personal data with:

  • Third-party service providers acting on our behalf (e.g., payment processors, booking systems, email service providers) — strictly for the purposes of delivering our services.

  • Legal and regulatory authorities where required by law or to protect our legal rights.
    We do not sell your personal data to third parties for marketing purposes.

7. International transfers of personal data
If we transfer your personal data outside the UK or the EEA, we will do so only where appropriate safeguards are in place (for example standard contractual clauses) to ensure your data remains protected.

8. How long we keep your data
We retain your personal data only for as long as is necessary for the purposes set out above, and in any event in line with applicable legal and regulatory requirements (for example financial records retention). After that period your data will be securely deleted or anonymised.

9. Your rights
Under the UK GDPR you have certain rights in relation to your personal data. These include:

  • The right to access the personal data we hold about you.

  • The right to correct inaccurate or incomplete personal data.

  • The right to request the deletion of your personal data (in certain circumstances).

  • The right to restrict or object to certain processing of your personal data.

  • The right to data portability, in certain circumstances.

  • The right to withdraw consent where we rely on it.

  • The right to lodge a complaint with a supervisory authority. In the UK, that is the ICO: you can contact them at https://ico.org.uk or by phone. ICO+1

If you wish to exercise any of these rights, please contact us at the contact details above.

10. Security of your data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. However, no internet transmission is completely secure, so we cannot guarantee absolute security.

11. Links to other websites
Our website may include links to third-party websites. This privacy policy does not apply to those websites; we encourage you to read their privacy policies before providing any personal data.

12. Changes to this policy
We may update this privacy policy from time to time (for example when our practices or legal requirements change). The updated version will be posted on our website with a revised “last updated” date. We may also notify you of material changes. We recommend you review this policy periodically.

13. Effective date
This policy is effective from 01/10/2025.