We understand that the privacy of all of our donors, supporters, volunteers and service users is important to them and that they care about how their personal data is used. In this Privacy Notice, we refer to them all those individuals as "you" for convenience.

Neuroharmony is committed to protecting the privacy and confidentiality of personal data. This Data Protection and GDPR Policy outlines how we collect, use, and process personal data in compliance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

1. Data Controller

Neuroharmony is the Data Controller responsible for ensuring that personal data is processed in accordance with applicable data protection laws.

2. Data Protection Officer (DPO)

A designated Data Protection Officer is responsible for overseeing the implementation of this policy and ensuring compliance with data protection laws. The DPO can be contacted at [email protected]

3. Lawful Basis for Processing Personal Data

Neuroharmony will only process personal data when there is a lawful basis for doing so. The lawful bases include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by the data controller or a third party.

4. Types of Personal Data Processed

Neuroharmony may process the following types of personal data, depending on the nature of its interactions with individuals:

• Contact details (e.g., names, addresses, email addresses, phone numbers)
• Financial information (e.g., bank details for donation processing)
• Personal information (e.g., age, gender, occupation)
• Special categories of data, where applicable and with explicit consent

5. Purposes of Processing Personal Data

Personal data may be processed by Neuroharmony for the following purposes:

• Administration of charity programs and services
• Communication with supporters, donors, and beneficiaries
• Fundraising activities
• Compliance with legal obligations
• Internal record-keeping

6. Data Subject Rights

Individuals have the following rights regarding their personal data:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making, including profiling

Requests to exercise these rights should be submitted to the Data Protection Officer.

7. Data Security

Neuroharmony will implement appropriate technical and organisational measures to ensure the security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

8. Data Breach Response

In the event of a data breach, Neuroharmony will promptly assess the risk to individuals and, if required, notify the Information Commissioner's Office (ICO) and affected individuals in accordance with GDPR requirements.

9. Data Retention

Personal data will be retained only for as long as necessary for the purposes for which it was collected and in accordance with legal requirements.

10. International Data Transfers

Any transfer of personal data outside the UK will be done in compliance with applicable data protection laws, ensuring an adequate level of protection for the rights and freedoms of data subjects.

11. Review and Update

This Data Protection and GDPR Policy will be reviewed regularly and updated as necessary to ensure ongoing compliance with data protection laws.