Brain X Movement

Privacy Policy

Introduction

This privacy policy (“Privacy Policy”) has been implemented on behalf of BrainX Movement Limited (referred to as “BrainX” or “we”, “us” and “our”). It is designed to help you understand the personal data we collect from you, why we collect it, what we do with it and how you can update, manage, export and delete your personal data.

BrainX respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we look after your or your child’s personal data when you visit our website or engage us to provide services to you or to your child. We will only collect your or your child’s data where it is required for us to fulfil our services to you or your child or required by the law.

BrainX is the controller and responsible for your and your child’s personal data, we have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your or your child’s legal rights, please contact us at privacy@brainxmovement.com

The Types Of Personal Information We Collect  

Personal data is information that relates to an identified or identifiable individual, and it could be as simple as a name or a number, or could include other identifiers such as an IP address, a cookie identifier, or other factors. It does not include data where the identity has been removed (anonymous data).

It is important that the personal data we hold about you or your child is accurate and current. Please keep us informed if your or your child’s personal data changes during your relationship with us.

We collect personal data in order to provide our services to you or to a child that you wish to benefit from our services; maintain communications with you; and/or in order to comply with applicable law. Please note that if we have requested personal data from you and you decide that you do not want to share certain personal data with us, then this may prevent us from: (i) providing our services to you or your child; or (ii) entering into a contract to provide services to you or your child. In these circumstances we will ensure we notify you when reasonably possible to do so.

We collect different types of personal data for different reasons, including:

Customer Data (Adult 18+):

  • Identity Data includes first name, last name, marital status, title, date of birth, gender and/or preferred pronouns.
  • Biometric Data includes any videos or images.
  • Health Data includes personal data related to the physical or mental health of a natural person, for example dyslexia or ADHD.
  • Contact Data includes billing address, email address and/or telephone numbers.
  • Financial Data includes bank account and/or payment card details.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Customer Data (Child 13 years and above):

  • Identity Data includes first name, last name, title, date of birth, gender and/or preferred pronouns.
  • Biometric Data includes any videos or images.
  • Health Data includes personal data related to the physical or mental health of a natural person, for example dyslexia or ADHD.
  • Contact Data includes, to the extent applicable, email address and/or telephone numbers.
  • Financial Data includes, to the extent applicable, bank account and/or payment card details.
  • Technical Data includes, to the extent applicable, internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Customer Data (Child 12 years and under):

  • Identity Data includes first name, last name, title, date of birth, gender and/or preferred pronouns.
  • Biometric Data includes any videos or images.
  • Health Data includes personal data related to the physical or mental health of a natural person, for example dyslexia or ADHD.
  • Contact Data includes, to the extent applicable, email address and/or telephone numbers.
  • Technical Data includes, to the extent applicable, internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.

Parent/Guardian Data:

  • Identity Data includes first name, last name, marital status, title, date of birth, gender and/or preferred pronouns.
  • Contact Data includes billing address, email address and/or telephone numbers.
  • Financial Data includes bank account and/or payment card details.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Other than as set out above, and always only when you voluntarily provide such information, we do not collect special category personal data and you must not upload data relating to criminal convictions and offences; medical data or any other special category data to any form on our website, regardless of whether it relates to you or your child.

How We Get The Personal Data And Why We Have It

Most of the personal data we process about you, or if we are providing services to a child, is provided to us directly by you or your parent/guardian for one of the following reasons:

  • when we are contacted on our website;
  • when a registration form is completed on our website;
  • when registering for one of our webinars;
  • when attending a meeting or video conference, event or webinar that we host or attend;
  • when we are contacted via social media sites such as LinkedIn;
  • when we are contacted via phone;
  • when we are contacted via email;
  • when details are provided to us at an event; and
  • when we are provided with details in order to set up a contract for the provision of our services.

We may also receive personal data indirectly, from the following sources:

  • from our third-party lead generation providers in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material; or (ii) where we have a legitimate interest in sending our marketing material and our legitimate interest does not override the data protection interests or fundamental rights and freedoms of you or your child; and
  • from our third party partners in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material, or (ii) where we have a legitimate interest in sending our marketing material and our legitimate interest does not override the data protection interests or fundamental rights and freedoms of you or your child.

We take reasonable measures to ensure that when we receive personal data indirectly: (i) the third party providing personal data to us has the necessary lawful basis to share your personal data with us; and (ii) we use any such data in compliance with terms and conditions set out by the third party providing it to us.

Why We Collect Your Or Your Childs Data

We use personal data in order to, where applicable:

  • Respond to any questions or requests;
  • Communicate with you and provide any further information about our services;
  • Maintain a relationship with you, particularly where you purchase our services;
  • Undertake our contractual obligations to you, particularly where you subscribe to our services;
  • Provide our services to you;
  • Manage any complaints or claims relating to our services we provide to you;
  • Include you in webinars;
  • Subject to applicable law and your marketing preferences, undertake direct marketing, advertising and public relations activities, in connection with BrainX, our services (including to make recommendations about our services, events and webinars;
  • Where necessary, comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of BrainX; and
  • Help us conduct our business more effectively and efficiently, or improve our services.

In all circumstances we only use your or your child’s personal data for the purpose it was collected unless we reasonably believe that we need to use such personal data for another, related purpose, and it is legally possible to do so. If we need to use your personal data for any other purpose we will notify you and let you know the lawful basis on which we propose to rely.

Lawful Basis For Processing Personal Data

Under the General Data Protection Regulation 2018 (“GDPR”), the lawful bases that we normally rely on for processing personal data, detailed above, are:

  • Consent. You are able to withdraw your consent at any time. You can do this by contacting privacy@brainxmovement.com.
  • Contractual Obligation. Where processing is necessary for the performance of our contractual obligations to you.
  • Legitimate Interest. Where we have a legitimate interest in processing your personal data, if this is the case we will inform you of what our legitimate interest is at the time of collecting your personal data.
  • Vital Interest. Where it is in your or your child’s interest for us to process your or your child’s personal data.

We may need to process your or your child’s personal data in order to comply with applicable laws, in these circumstances we have a legal obligation to process your data, but we will inform you if this is the case.

In the event we store any Special Category Data (as defined by GDPR) the lawful basis for processing is determined by the category of personal data being processed. In the event this relates to Special Category Data you provide us when speaking to us and we make a record of such data, we rely on your consent to process such personal data.

Where we undertake direct marketing, all of our direct marketing campaigns are conducted in accordance with applicable law; we only do so with your consent and/or where we have a legitimate interest to do so, but in any event, you have the option to opt out of any direct marketing at any time by clicking the unsubscribe link in our marketing material. BrainX has performed a legitimate interests assessment in respect of its direct marketing activities to former, existing, and prospective customers. In summary, BrainX has a legitimate interest to market its services to existing customers as they already receive services directly from us and may benefit from other services that we provide. Former customers may be likely to purchase our services after receiving marketing materials as they become aware of the additional benefits that follow up services could bring them. In addition, we have a legitimate interest in marketing its services to prospective customers to promote brand awareness.

We do not knowingly intend to send marketing communications to children ages 12 years and under. We actively encourage all our staff, to assess whether promotional offers might be attractive to children and young people and if so, will ensure clear information is provided to try and deter children aged 12 years and under from providing their personal data without parent or guardian consent.

In the event we send marketing communications to children aged 13 years or older, we conduct a data protection impact assessment (“DPIA”), to establish whether our processing will result in a high risk to the rights and freedoms of the data subject. We ensure the processing is fair and complies with all the data protection principles.

To the extent that we record any video conferences/calls/meetings of your voice or image (biometric data), we will only do so with your explicit consent before such recordings are made.

Once we receive your request/enquiry for our services, we may call you to confirm your details and/or requirements.

In the event you provide us with a testimonial to be published on our website, any personal data contained in such testimonial, including the use of your image, shall only be used with your explicit consent and such consent may be withdrawn at any time, at which point we would remove your testimonial, or any personal data relating to such, from our website.

Sharing Your Personal Data

We only share personal data if it is necessary to do so in order to provide our services to you or your child or enhance our relationship with you. Whenever we share personal data with a third party provider we ensure that this is done so in accordance with applicable data protection laws by implementing appropriate measures to maintain the security and confidentiality of personal data, and to ensure that personal data is used in accordance with this Privacy Policy. We may share personal data with the following categories of recipients:

  • third-party service providers that: (i) provide data processing services; or (iii) process personal data for other purposes detailed in this Privacy Policy. These include but are not limited to:
  • IT service providers, for example GSuite;
  • professional advisors, for example insurers, lawyers and other applicable professional bodies;
  • CRM service providers, for example Hubspot; and
  • marketing service providers;
  • to any law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary, for example to exercise, establish or defend our legal rights, or we are compelled to disclose such personal data to comply with the law;
  • to a potential purchaser (and its agents and advisors) in connection with a proposed merger or acquisition of any part or all of our business, provided that the purchaser may not use your personal data for any purpose other than for the purposes detailed in this Privacy Policy; or
  • to any other person you have consented to us to share personal data with.

In all circumstances that we share personal data with a third party we only do so to the extent that it is required for them to provide their services to us. At all times personal data must be processed in accordance with (i) this Privacy Policy; and (ii) any additional data protection terms, incorporated into the agreement that we have with them, which are no less stringent than the protection afforded by this Privacy Policy.

In the event we need to share personal data relating to an individual under the age of 18, we conduct a data protection impact assessment (“DPIA”), to establish whether our processing will result in a high risk to the rights and freedoms of the data subject. We ensure the processing is fair and complies with all the data protection principles.

How We Store Your Personal Data And For How Long

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

We are required by law to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years.

In some circumstances you can ask us to delete your data: see your legal rights below for further information.

International Data Transfers

In order to provide our services to it may be necessary to transfer personal data to a country that is different to the country in which we collected the personal data, and such country may not apply the same level of data protection.

We perform transfer impact assessments (each a “TIA”) in respect of the transfer of personal data outside the European Economic Area to “third countries”. In this context, “third countries” are countries that the EU has not issued recognition of a country’s adequacy of its data protection laws to ensure that a data subject gains a similar level of protection that a person would receive under GDPR. The purpose of a TIA is to evaluate whether the legislation in the third country might prevent the non-EU Data importer of personal data from complying with GDPR requirements. A TIA requires a diligent assessment of all circumstances of the transfer in question, the laws and practices of the third country of destination and any relevant contractual, technical or organisational safeguards put in place.

In the event we need to share personal data relating to an individual under the age of 18, we conduct a data protection impact assessment (“DPIA”), to establish whether our processing will result in a high risk to the rights and freedoms of the data subject. We ensure the processing is fair and complies with all the data protection principles.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. For more information about the cookies we use, please see our the cookie banner in the corner of the site.

Data Security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Data Protection Rights

Under data protection law, you and your child have rights including:

Right of access - You have the right to ask us for copies of your or your child’s personal information.

Right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure - You have the right to ask us to erase your or your child’s personal information in certain circumstances.

Right to restriction of processing - You have the right to ask us to restrict the processing of your or your child’s personal information in certain circumstances.

Right to object to processing - You have the the right to object to the processing of your or your child’s personal information in certain circumstances.

Right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights or rights on behalf of a child. If you make a request, we have one month to respond to you.

Updates To This Privacy Policy

This Privacy Policy is current as of the date set forth below. Changes to this Privacy Policy will be posted on our website, along with information on any material changes. We reserve the right to update or modify this Privacy Policy at any time and without prior notice. Any modifications will apply only to the personal data we collect after the posting of the Privacy Policy. If we make material changes to how we collect, use and disclose the personal data we have previously collected about you, we will endeavour to provide you prior notice, such as by emailing you or posting prominent notice on our website, and where required by applicable law provide you with the opportunity to opt out.

How To Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@brainxmovement.com

If you are unhappy with how we have used your data, you can also complain to the ICO. BrainX Movement Limited ICO Number: CSN1884504


The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF


Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk 

BrainX Movement Logo

© BrainX Movement Limited . All Rights Reserved. BrainX Movement Limited is registered in England and Wales (15682151). Registered office: East Lodge, Kartway House, Hereford, United Kingdom, HR1 4AE. Licenced on the Data Protection Register (CSN 1884504).

The information on this website is targeted at consumers in the UK. Calls to you and telephone calls may be recorded for quality and training and regulatory purposes.

We take care to make sure that the information and material is accurate and up-to-date. However, errors and omissions may occur, and you should not take the accuracy of the information and material for granted or rely upon it as a statement or representation of fact.