BrightPath Neuro Ltd

Effective Date: 26 March 2025

ICO Organisation Name: BrightPath Neuro Ltd

Registration Reference: ZB878672

1. Introduction

At BrightPath Neuro , we are committed to protecting your privacy and ensuring full compliance with UK data protection laws. This Privacy Policy explains how we collect, use, and protect your personal information when you engage with our services, website, or digital platforms. By using our services, you agree to the terms outlined below.

2. Who We Are

BrightPath Neuro Ltd is a specialist neurodevelopmental assessment and support provider for children, adolescents, and adults.

Registered Office: East Sussex Contact

Email: [email protected]. uk

ICO Registration: ZB878672

3. What Information We Collect

We may collect the following types of data:

Personal Information: Name, contact details, DOB, NHS number

Health Information: Clinical notes, diagnoses, assessment reports

Parent/Guardian Information: For child and adolescent assessments

Technical Data: IP addresses, browser info (where applicable)

4. Use of Genie AI

We use

Genie AI a secure, UK-compliant artificial intelligence tool, to assist with:

Clinical document generation

Summary creation

Communication templates

Your personal data:

Is never used to train general AI models

Remains confidential and securely processed

Can be excluded from AI support if you choose to opt out

Clients may

opt in or out of Genie AI use at any time by contacting us.

5. Clinical Tools & Internal Quality Assurance

We use assessment tools from Person and other regulated providers. All tools are:

Internally quality assured Used only by qualified clinicians

Reviewed under our clinical governance process, including regular audit and peer review

6. How We Use Your Data

We process your data to:

Provide accurate assessments and reports

Communicate with you and manage bookings

Comply with clinical and regulatory requirements

Maintain internal quality standards and service development

7. Lawful Basis for Processing

We rely on the following legal bases under the UK GDPR:

Consent – where required (e.g., marketing, AI use)Contract – for delivery of our services

Legal obligation – for safeguarding and compliance

Legitimate interests – for service improvement and internal audit

Health or social care purposes – for special category data

8. Data Sharing and Security

We may share your data with:

Clinicians and professionals involved in your care

Referrers or healthcare partners (with consent)Regulatory bodies (as required by law)

Your data is stored on encrypted, GDPR-compliant servers, with access restricted to trained staff.

9. Your Rights

You have the right to:

Access your personal data

Request corrections or deletions

Withdraw consent at any time

Object to or restrict certain processing

Complain to the Information Commissioner’s Office (ICO)

To make a request:

[email protected]

10. Data Retention

We retain clinical records based on national guidelines:

Adults: 8 years from last contact

Children: Until their 25th birthday or 8 years after last contact

Some anonymised data may be retained for audit and research purposes.

11. Cookies and Website Usage

Our website may use cookies to enhance user experience and gather analytics. You can manage your cookie preferences via your browser settings. For full details, please refer to our Cookies Policy.

12. Policy Updates

We may update this Privacy Policy from time to time. Updates will be published on our website and, where necessary, communicated directly.

13. Contact Us [email protected]

🔐 ICO Registration Number: ZB878672