NeuroBridge® Privacy Policy

Effective Date: 13 June 2025
Version: 2.1

At NeuroBridge®, we take data protection seriously. This Privacy Policy sets out how we collect, use, share and safeguard your personal data in accordance with applicable legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to individuals who access our neuroinclusion support System and related services (the “System”), whether directly or as part of their organisation’s subscription.

This Privacy Policy works in conjunction with our Terms of Service, End-User Licence Agreement (EULA), Customer Order Form, Service Definition Document (SDD), and any applicable Framework Agreement(s) and Statement(s) of Work (SOW).

1. Who We Are

NeuroBridge® Limited is a UK-registered company (Company No. 14895457), operating as the data controller when we determine the purpose and manner of data processing for our System.

Our registered address is:
Suite 46, 24–28 St. Leonards Road, Windsor, Berkshire, SL4 3BB, United Kingdom
Email: support@neurobridge.co.uk

Where we act on behalf of your employer, we may also function as a data processor under data protection law.

2. What Information We Collect

When you interact with the NeuroBridge® System, we collect certain personal data to provide you with access and ensure proper functioning of the service.

• Personal Information: Name, email address (your company email), and any other personal details you choose to provide when registering or using the Platform.
• Account Information: Login credentials (username, password) and any preferences or settings within your account.
• Usage Data: Pages visited, modules accessed, time spent, search history, and learning progress.
• Device Data: IP address, browser type, operating system, and other technical data collected automatically when you access the Platform.
• Communications Data: Any enquiries, support tickets or feedback you provide.
• Anonymised Insight Data: Contributions towards aggregated usage trends across the client organisation, always anonymised.

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately.

3. How We Collect Your Data

We collect data through:

• Direct Input: When you register, update your profile, or submit queries.
• Automated Tracking: Via cookies, analytics tools, and system logs.
• Third Parties: In some rare cases, your account may be set up for you by request of your organisation. In such instances, your employer may share your contact details to set up your account. We never collect your data from any sources outside of your organisation or designated point of contact.

4. Why We Process Your Data

We process your data to:

• Provide secure access to the NeuroBridge® System and Licensed Materials
• Personalise your experience and track learning progress
• Support organisational reporting (in anonymised and aggregated form)
• Respond to user queries or support requests
• Meet our legal and regulatory obligations

We do not transfer your personal data outside the United Kingdom or the European Economic Area (EEA). All data is hosted on servers located within the UK or EU and processed in compliance with UK and EU data protection regulations

We do not use your personal data for any profiling or automated decision-making.

5. Legal Grounds for Processing

We rely on several lawful bases to process personal data, including:

• Contractual necessity – For core system access and service delivery.
• Legitimate interests – for internal security, anonymised reporting, and analytics.
• Explicit Consent – for all sensitive data or optional features like non-essential cookies or certain user inputs.
• Legal obligations – where compliance with statutory duties requires processing.

Where consent is our legal basis, you retain the right to withdraw it at any time.

6. Data Sharing

We only share your personal data where strictly necessary:

• With your employer: In anonymised, aggregated format unless there is an immediate risk of harm (see EULA Clause 5).
• With regulators or law enforcement: Where legally required.

We do not use any third-party processors for the NeuroBridge® System itself. All platform infrastructure, including authentication, data storage, and analytics, is fully operated within NeuroBridge’s internal systems. Where purchases or payments are made, these are handled via a separate domain and governed by independent terms and systems unconnected to the System. No payment or transactional data is stored or processed by the System.

We do not trade, sell or rent your personal data to ANY third parties.

7. Data Retention and Deletion

We only retain your personal data for as long as is necessary to provide our services, fulfil legal obligations, or support legitimate operational needs. Once your account is deactivated (typically when your employer subscription ends or your employment ceases), your data will either be anonymised completely or securely deleted in line with our internal retention policies.

8. Your Rights

You have several rights under UK GDPR, including:

• Accessing the personal data we hold about you
• Requesting correction of inaccurate information
• Asking us to erase your data when appropriate
• Restricting or objecting to how we process your data
• Receiving your data in a portable format
• Withdrawing consent, where applicable
• Lodging a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, email: support@neurobridge.co.uk. We aim to respond to all legitimate requests within one calendar month, in accordance with the UK GDPR.

9. Cookies and Analytics

Our System uses essential cookies to maintain security and session functionality. We may also use optional cookies to improve user experience or analyse usage trends, but only with your explicit consent. You can control your preferences via your browser or within the System.

10. Data Security

We use robust organisational and technical measures to protect your data:

• HTTPS and encrypted data storage
• Frankfurt based servers in compliance with GDPR
• All Personal or Sensitive Data is anonymised by default and protected through strict access controls, making it inaccessible to NeuroBridge personnel unless explicitly required and authorised under a support request.
• Regular security audits and threat monitoring
• Certified to Cyber Essentials (Certificate ID: db9f6aa9-b91f-4d00-aef5-1308251743ea, valid until April 2026)

We may send automated email reminders or nudges to support engagement with the System. These are generated without manual intervention and are never accessed by staff unless the user explicitly requests support. No individual-level behaviour or communications data is reviewed unless the user explicitly requests or grants access for support purposes. 

11. Linked Policies & Changes to This Policy

This Privacy Policy is designed to be read in conjunction with our related documents, including:

Service Definition Document (SDD)

Framework Agreement(s)

Scope of Work(s) (SOW)

We may update this Privacy Policy periodically to reflect changes in our System, services, or legal obligations. Where the changes are significant, we will notify you via the System or email. The most current version will always be available at: www.neurobridgeportal.com/privacy-policy

11. Contacting Us

If you have any concerns about this policy or wish to contact our Data Protection Officer, please reach out:

Data Protection Officer (DPO):
Josh Goodison (ICO-registered contact)
Email: support@neurobridge.co.uk (please include “FAO DPO” in the subject line)
Address: NeuroBridge Ltd, Suite 46, 24–28 St. Leonards Road, Windsor, SL4 3BB, UK

For technical data security questions or platform-specific matters, you may also contact:
Harry Fear, Chief Technology Officer
Email: support@neurobridge.co.uk