• Home
  • About
  • NeurOptimal®
  • Services
  • Contact
  • Blog
  • PRIVACY
  • More
    • Home
    • About
    • NeurOptimal®
    • Services
    • Contact
    • Blog
    • PRIVACY
  • Home
  • About
  • NeurOptimal®
  • Services
  • Contact
  • Blog
  • PRIVACY

At betta brain training (referred to as "we", "us", or "our"), we are committed to protecting your privacy and ensuring that your personal data is handled in a way that complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.bettabraintraining.co.uk (the "Website"), contact us, or engage with our neurofeedback services. We act as the data controller for the personal data we process. If you have any questions about this Privacy Policy or our data protection practices, please contact us at richard@bettabraintraining.co.uk. Our Data Protection Officer can be reached via the same e-mail. This policy is provided in a clear and concise manner to meet our transparency obligations under Articles 12-14 of the UK GDPR. It applies to all individuals whose personal data we process, including website visitors, clients, and potential clients.


1. Information we collect

We collect personal data to provide and improve our neurofeedback services, manage bookings, and operate our website. The types of data we collect depend on how you interact with us.


Personal data you provide directly

  • Contact information: name, email address, phone number, and postal address when you fill out contact forms, book appointments, or subscribe to      newsletters.
  • Health-related data: As a neurofeedback practice, we may collect sensitive special category data concerning your health, such as details about your medical history, symptoms, training purposes, session notes, neurofeedback results and feedback on your progress. This is only collected with your explicit      consent or as necessary for providing healthcare services.
  • Payment information: billing details, such as bank account or card information,      processed securely via third-party providers (we do not store full payment      details).
  • Other information: Any additional details you provide in communications, such as feedback or queries.


We do not collect data from children under 16 without verifiable parental consent, in line with UK GDPR requirements for children's data.


2. How We Use Your Information


We use your personal data for the following purposes, in compliance with data protection principles (e.g., lawfulness, fairness, transparency, purpose limitation). All processing is based on a lawful basis under Article 6 of the UK GDPR and, where applicable, Article 9 for special category data (health information).


Lawful bases for processing

  • Consent (Article 6(1)(a)): For marketing emails or non-essential cookies. You can      withdraw consent at any time.
  • Contract (Article 6(1)(b)): To fulfill bookings, provide neurofeedback sessions,      and manage client relationships.
  • Legal Obligation (Article 6(1)(c)): To comply with health and safety regulations, record-keeping requirements, or reporting to authorities (e.g., under the Health and Social Care Act).
  • Legitimate Interests (Article 6(1)(f)): To improve our services, analyze Website      performance, or prevent fraud, provided it does not override your rights.
  • Special Category Data (Article 9(2)(h)): Processing health data is necessary for      medical diagnosis, health care provision, or management of health services, as we are a healthcare provider. Explicit consent may also be obtained where required.


Specific Uses

  • Providing Services: To schedule and deliver neurofeedback sessions, track progress, and provide personalized care plans.
  • Communication: To respond to inquiries, send appointment reminders, or share updates on your treatment.
  • Website Functionality: To enable features like online booking or secure client      portals.
  • Marketing: With your consent, to send newsletters or promotional information about our services.
  • Research and Improvement: Anonymized health data may be used for internal quality improvement or aggregated research (never identifiable without consent).
  • Legal and Compliance: To fulfil regulatory obligations, such as safeguarding or      reporting notifiable diseases.


We will only use your data for new purposes if compatible with the original purpose or if we obtain your consent. In such cases, we will inform you.


3. Sharing Your Information


We do not sell your personal data. We may share it in limited circumstances:

  • Service Providers: With trusted third parties who process data on our behalf, such as:
    • Booking software
    • Secure payment processors (e.g., Stripe or PayPal).
    • Email service providers (e.g., Mailchimp for consented marketing).
    • Cloud storage for session notes. All processors are bound by data processing       agreements ensuring UK GDPR compliance.
  • Healthcare Partners: Anonymized or necessary health data may be shared with other healthcare professionals (e.g., your GP) for coordinated care, with your      consent.
  • Legal Requirements: If required by law, such as court orders, public health      reporting, or safeguarding concerns (e.g., to local authorities or the police).
  • Business Transfers: In the event of a merger or acquisition, data may be      transferred with safeguards.


We ensure all recipients comply with UK GDPR standards.


4. International Data Transfers

Our operations are based in the UK, and we do not routinely transfer data outside the UK or EEA. If we need to (e.g., for a cloud provider), we will:

  • Use UK adequacy decisions or approved safeguards like Standard Contractual      Clauses.
  • Ensure equivalent protection for your data.

Details of any transfers will be provided upon request.


5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption for health data storage and transmission.
  • Access controls (e.g., role-based permissions for staff).
  • Regular security audits and staff training on data protection.
  • Secure servers hosted in the UK.

In the event of a data breach, we will notify you and the Information Commissioner's Office (ICO) within 72 hours if required. Our incident response policy is available upon request.


6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined, or as required by law:

  • Contact and Marketing Data: Up to 2 years after last interaction, unless you      withdraw consent.
  • Health and Treatment Data: Minimum 8 years after treatment ends (or longer for minors until age 25), per NHS and professional guidelines, to support      ongoing care or legal claims.
  • Website Analytics: Anonymized data retained indefinitely; identifiable data for 12      months.

After retention periods, data is securely deleted, anonymized, or archived. You can request details of our retention schedule.


7. Cookies and Tracking Technologies

Our website does not use non-essential cookies (no consent required).


8. Your Rights

Under UK GDPR, you have rights regarding your personal data. We respond to requests free of charge within one month (extensions possible for complex cases):

  • Right to Access: Request a copy of your data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Delete data where no      longer needed (subject to legal exceptions, e.g., health records).
  • Right to Restriction: Limit processing in certain cases.
  • Right to Data Portability: Receive data in a structured format.
  • Right to Object: Oppose processing based on legitimate interests or for      marketing.
  • Right to Withdraw Consent: At any time, without affecting prior processing.
  • Rights re Automated Decisions: We do not make solely automated decisions with significant effects.

To exercise rights, contact us at richard@bettabraintraining.co.uk. We verify identity to prevent unauthorized access. If unsatisfied, complain to the ICO at www.ico.org.uk.


9. Complaints and Oversight

If you believe we have not handled your data correctly, contact us first. You may also complain to the ICO:

  • Website:      www.ico.org.uk
  • Helpline:      0303 123 1113
  • Address:      Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or law. Significant changes will be notified via email or Website notice. Continued use of our services constitutes acceptance. For further information, visit the ICO's guidance on privacy notices at www.ico.org.uk. This policy complies with ICO recommendations for transparency in handling health data. 

Copyright © 2025 betta brain training.