Privacy Policy
Oxford Neurodiversity Clinic (“We,” “Us,” or “Our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website oxfordneurodiversity.com (the “Website”). This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Information We Collect
We collect the following personal information:- Contact Form: When you submit our contact form, we collect your name, email address, phone number (if provided), and any additional details you include in your enquiry.
- Website Usage Data: We use Google Analytics to collect anonymised data about how you use our website, such as pages visited, time spent, and your approximate location (e.g., city-level data derived from your IP address). See Section 7 for more details on cookies and analytics.
2. How We Use Your Information
- Contact Form Data: We use this information solely to respond to your enquiry, which may involve contacting you via email or phone.
- Google Analytics Data: We use this anonymised data to understand how visitors interact with our website, improve its functionality, and enhance user experience.
3. Legal Basis for Processing
- Contact Form: We process this data based on your consent (provided by submitting the form) and our legitimate interest in responding to your enquiry.
- Google Analytics: We process this data based on your consent, which you provide via our cookie consent popup, and our legitimate interest in analysing website performance.
4. How We Store and Protect Your Information
- Storage: Contact form data is stored securely on our systems. Google Analytics data is stored by Google in accordance with their data protection policies (see Section 5).
- Security: We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse.
- Retention:
- Contact form data is retained only as long as necessary to respond to your enquiry, typically not exceeding 6 months, after which it is securely deleted unless further communication is required.
- Google Analytics data is retained for 26 months as per Google’s default settings, after which it is automatically deleted.
5. Sharing Your Information
We do not share your personal information with third parties, except:- Contact Form Data: With service providers acting on our behalf (e.g., email hosting services), who are bound by strict confidentiality and data protection agreements.
- Google Analytics: Usage data is shared with Google, which processes it on our behalf. Google is based in the United States, and data transfers are governed by Standard Contractual Clauses to ensure UK GDPR compliance.
- Legal Obligations: Where required by law or to comply with legal processes.
6. Your Rights
Under the UK GDPR, you have the following rights regarding your personal information:- The right to access the data we hold about you.
- The right to request correction of inaccurate data.
- The right to request deletion of your data.
- The right to withdraw consent or object to processing (e.g., opting out of cookies).
- The right to lodge a complaint with the Information Commissioner’s Office (ICO).
7. Cookies and Tracking
We use cookies and similar technologies to enhance your experience and analyse website usage:- Essential Cookies: Necessary for the website to function (e.g., maintaining your session).
- Analytics Cookies: Set by Google Analytics to track anonymised usage data (e.g., page views, visit duration). These are optional and enabled only with your consent via our cookie consent popup.