Privacy Policy

Scope

The Neuroverse is the data controller for personal data about clients, prospective clients, job applicants, current and former employees, event/training attendees, and newsletter subscribers. This privacy notice explains how we use their data, outlining the collection, use, and storage of data, and the responsible party for keeping it up to date.

We do not trade personal data for commercial purposes and will only disclose it if required by law, necessary to arrange your event/training attendance, or with your consent. The Neuroverse prioritises the privacy of its stakeholders, and this policy underscores our commitment to compliance with updated GDPR legislation.

Data Processing

We collect identifiable personal data or information that is specifically and voluntarily provided by visitors to our website, prospective clients, and partnerships contacting us directly. Identifying information, such as name, title, company address, email address, and telephone/fax numbers, may be collected for various purposes:

·       Registering for certain areas of the site

·       Inquiring for further information

·       Signing up for our newsletter

·       Distributing requested reference materials

·       Email communication through the website

Data collected may include, but is not limited to:

·       Name (personal or company)

·       Address (personal or company)

·       Date of birth

·       Contact numbers/emails

·       Emergency information/next of kin

·       Bank details

·       Passports and right to work status

·       National insurance number

This data is usually collected upon the first contact with the company, such as during onboarding. We do not use third parties to gather personal data. Personal and financial data are securely stored in encrypted systems, and physical documents are kept in locked filing systems. We retain personal data only for as long as needed in compliance with retention periods.

Our website does not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, nor does it host mailings on behalf of third parties.

How We Use Personal Information

Clients:

We use your Personal Data to meet contractual requirements, support our provision of a data protection service, and comply with legal obligations, such as tax purposes. We use your information for invoicing and tracking payments.

Prospective Clients:

We use your name, contact information, and information about your business activities to follow up on inquiries via email, phone, or the contact us page on our website.

Workshop/Course Attendees:

When you book a workshop, we collect your name, email address, contact telephone number, and payment details for administering the workshop. Information is retained for 12 months.

Visitors to Our Website

We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. This information is processed in a way that does not identify individuals.

Unsubscribe

Visitors can unsubscribe from mailing lists or any registrations by following instructions on the appropriate webpage or in communications. For assistance, visitors may contact us at info@unlockingtheneuroverse.co.uk.

Cookies

Cookies are small text files placed on your computer by websites. To manage cookies, visit www.aboutcookies.org or www.allaboutcookies.org. Most web browsers allow control of cookies through settings.

Legal Basis for Data Processing.

Before The Neuroverse collects any data, we ensure that we have the legal basis to do so. Following GDPR legislation there are six grounds in which we can process your data; outlined below are the grounds we use. 

 Will ensure that we first have consent before collecting or processing your data. We will do this by only collecting personal data from the individual and no third party. Individuals will have to give us permission to hold their data, and they will be made aware as to the reasons behind us collecting such data. 

We may also collect data for contract purposes. This will be for our employees, individual clients and organisations. We will collect personal data from them to be able to draw up contracts and configure terms and conditions for our business with them. This will protect both us, and the organisation. 

We will collect your data for legitimate and vital interest. This can mean interests such as knowing individuals next of kin for their health and safety, having organisations and individual bank details to give and receive payment, and individuals’ personal addresses for bank statements or sending deliveries. 

We will collect your data for legal obligation. This includes employees right to work and employees’ dates of birth so we can comply with national minimum wage and organisations data so we can be sure we trade under the correct legal standards. 

This is not an extensive list of how we may process your data, The Neuroverse hold the right to change this at any time. In these situations, this privacy notice will be updated.

When do we share personal data?

The Neuroverse does not and will not share any personal data with any third part unless the individual has given us permission to do so. For individual and organisational data, this may be shared within the organisation to carry out necessary processes. Data will only be shared with departments and individuals on a need-to-know basis, and confidentiality will remain at the utmost importance across the whole organisation.

Where do we store and process personal data? 

The data we collect will usually be stored in encrypted software, for this data we have the following guidelines for employees.

These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

  • When not required, sensitive paper or files should be kept in a locked drawer or filing cabinet.

  • Employees should make sure sensitive paper and printouts are not left where unauthorised people could see them, for example on a printer or unattended on a desktop.

  • Sensitive data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion, and malicious hacking attempts:

  • Data should be protected by strong passwords that are changed regularly and never shared.

  • If data is stored on removable media (e.g. CDs or data sticks), these should be kept locked away securely when not being used.

  • Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service.

  • Servers containing personal data should be sited in a secure location, away from general office space.

  • Data should be backed up frequently. Those backups should be regularly tested.

  • Data should under no circumstances be saved directly to personal laptops or other mobile devices such as tablets or smartphones.

Personal data is of no value to The Neuroverse unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption, or theft:

  • When working with personal data, employees should ensure their computers are always locked when left unattended. 

  • Personal data should not be shared informally. It should never be sent by non-compliant webmail, as this form of communication is not secure. 

  • Personal data must be encrypted before being transferred electronically outside of those email domains approved within the organisation. 

  • Personal data should not be transferred outside of the European Economic Area except where appropriate safeguards have been put in place or the country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 

  • Employees should under no circumstances save copies of personal data to their own computers. Such data should always be accessed and updated via approved IT equipment.

How long do we keep your personal data for?

GDPR requires that organisations not keep any personal data for longer than is legally required. Therefore, once our business has been conducted with an individual, we will ensure we delete their information before the end of the stated retention period. This is usually up to two years from last contact. In terms of organisational data, we may keep this for longer than individuals’ personal data after last contact, this is in case we wish to do business again in the future. 

Your rights in relation to personal data

The Neuroverse respects the rights of individuals and their access to personal data. To access the data we holds on you, you can carry out a subject access request.

All individuals who are the subject of personal data held by the organisation are entitled to: 

  • ask what information the organisation holds about them, how it is used and why.

  • ask how to gain access to it.

  • be informed how to keep it up to date. 

  • be informed how the organisation is meeting its data protection obligations.

The Neuroverse has a central procedure for dealing with all requests for access to personal information. All requests will be dealt with by the business within 40 days of receipt of the request from the individual in writing, together with a £10.00 access fee. Any requests received must be passed immediately to the Finance Team, whether from employees or external sources. 

Your Rights

As an individual whose personal data is processed by SYLO | Beyond HR. you have these rights

  • The right to be informed, which is what this privacy policy is for.

  • The right to access what data we hold about you.

  • The right to object to direct marketing – either use the unsubscribe option or contact us directly.

  • The right to object to processing carried out on the basis of legitimate interests.

  • The right to erasure (in some circumstances).

  • The right to data portability.

  • The right to have your data rectified if it is inaccurate.

  • The right to have your data restricted or blocked from processing.

If, at any time, you want to verify, update or amend your personal data please email info@unlockingtheneuroverse.com

You also have the right to lodge a complaint about our processing with the UK’s Information Commissioner’s Office ( https://ico.org.uk).

How to Contact Us

For data inquiries, contact our internal information team at info@unlockingtheneuroverse.com. Additional information is available on our website www.unlockingtheneuroverse.co.uk.

Last Updated: February 2024

Next update: February 2025