Privacy Policy

Privacy Notice
Neurotherapy Services Ltd

Last updated: 25 May 2026

1. About this Notice

Neurotherapy Services Ltd ("NTS", "we", "us", "our") is a private provider of specialist neurological rehabilitation services, offering Neuropsychology, Neurophysiotherapy, Occupational Therapy, Speech and Language Therapy, and Rehabilitation Assistants. We operate from premises in East Kilbride and Edinburgh and deliver services in community, home, workplace, and online settings throughout Scotland.

This Privacy Notice explains how we collect, use, store, and protect personal information about our clients, prospective clients, referrers, and visitors to our website. It is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who is the Data Controller

Neurotherapy Services Ltd is the data controller for the personal information described in this Notice. This means we are responsible for deciding how and why your personal data is processed.

  • Registered company: Neurotherapy Services Ltd
  • ICO Registration Number: ZC105673
  • Registered office: 103 Strathmore House, 1 Cornwall Street, East Kilbride, G74 1LF
  • Contact for data protection matters: Julie Marshall, Office Manager — julie.marshall@neurotherapyservices.co.uk

3. The Personal Information We Collect

Depending on the nature of our involvement with you, we may collect and process the following categories of personal data:

Identification and contact information

  • Full name, date of birth, and address
  • Telephone numbers and email address
  • Next of kin and family contact details

Clinical and health information (special category data)

  • Medical history and rehabilitation records
  • Physical and mental health conditions
  • Assessment findings, treatment plans, and clinical correspondence
  • Standardised assessment material and test results

Service-related information

  • Details of your legal representatives, treating clinicians, and rehabilitation team
  • Employment information, where relevant to your care or vocational rehabilitation
  • Court information, where relevant to medico-legal instruction
  • Financial information, including Guardianship or appointee details where applicable
  • Payment information for fees due

Website information

  • Information you provide when submitting a contact or referral form
  • Technical information collected via cookies (see Section 11)

4. How We Collect Your Information

We collect personal information directly from you during assessment, treatment, and ongoing care. We may also receive information from third parties where you have given consent, including:

  • Referring clinicians or case managers
  • Solicitors instructing us in a medico-legal capacity
  • Insurers funding your treatment
  • Employers, where relevant to vocational rehabilitation
  • Family members or carers acting with your authority

5. Our Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases on which we rely are:

For personal data (Article 6 UK GDPR):

  • Article 6(1)(b) — performance of a contract: processing is necessary to deliver the assessment or treatment you have engaged us for.
  • Article 6(1)(c) — legal obligation: where we are required to retain or disclose information by law.
  • Article 6(1)(f) — legitimate interests: for example, administering our business, maintaining records, and pursuing payment for services rendered.

For special category data, including health information (Article 9 UK GDPR):

  • Article 9(2)(h) — processing is necessary for the purposes of medical diagnosis, the provision of health care or treatment, on the basis that all clinicians within NTS are registered with the Health and Care Professions Council (HCPC) and are subject to an obligation of professional secrecy, in accordance with Article 9(3) UK GDPR and Schedule 1 of the Data Protection Act 2018.
  • Article 9(2)(f) — establishment, exercise, or defence of legal claims: where we are instructed in a medico-legal capacity.

6. How We Use Your Information

We use your personal information to:

  • Provide assessment, therapy, and rehabilitation services
  • Communicate with you about your appointments and care
  • Liaise with your wider clinical, legal, or rehabilitation team, with your consent
  • Produce medico-legal reports where instructed
  • Maintain accurate clinical records
  • Process payments and manage our accounts
  • Meet our legal, regulatory, and professional obligations
  • Improve our services through internal audit and clinical governance

7. Who We Share Your Information With

We will only share your personal information where you have given consent, or where we are required or permitted to do so by law. Recipients may include:

  • Other clinicians involved in your care (with your consent)
  • Your GP or referring clinician, where appropriate
  • Solicitors or insurers instructing us in a medico-legal capacity
  • Regulatory bodies such as the HCPC, where required
  • Other regulators or public authorities, where there is a legal duty to disclose (for example, where there is a serious risk to your safety or the safety of others)
  • Our professional advisers (such as accountants, IT providers, and legal advisers), under appropriate confidentiality arrangements
  • HMRC and other authorities, where required by law

We do not sell your personal information, and we do not share it for marketing purposes.

8. Transfers Outside the UK

We store and process your personal information within the United Kingdom wherever possible. If any of our service providers (such as cloud storage or email providers) process data outside the UK, we ensure that appropriate safeguards are in place, in line with UK GDPR requirements.

9. How We Keep Your Information Secure

We have put in place appropriate technical and organisational measures to protect your personal information against accidental loss, unauthorised access, alteration, or disclosure. These include:

  • Restricted access to clinical records on a need-to-know basis
  • Secure, password-protected electronic systems
  • Encryption of data where appropriate
  • Confidential disposal of paper records
  • Staff training in data protection and confidentiality
  • Procedures for identifying, managing, and reporting data security incidents

In the event of a personal data breach, we will notify the Information Commissioner's Office and affected individuals where we are legally required to do so.

10. How Long We Keep Your Information

We retain personal information only for as long as is necessary for the purposes for which it was collected, and in line with the retention guidance issued by the relevant professional bodies and applicable Scottish health records guidance.

In general:

  • Adult clinical records are retained in accordance with the relevant professional body's recommendations.
  • Paediatric clinical records are retained until the client's 25th birthday (or 26th if the client was 17 at the conclusion of treatment), in line with NHS Scotland records management guidance.
  • Financial records are retained for a minimum of six years, in line with HMRC requirements.
  • Medico-legal records may be retained for longer periods, reflecting the timescales of legal proceedings.

Further detail is available on request by contacting Julie Marshall.

11. Cookies and Website Analytics

Our website uses cookies and similar technologies to function correctly, analyse site usage, and support our marketing activity. Cookies fall into the following categories:

  • Strictly necessary cookies — required for the website to function and cannot be switched off.
  • Analytics cookies — for example, Google Analytics, which helps us understand how visitors use our site.
  • Marketing cookies — for example, Meta and LinkedIn pixels, which support our advertising activity.

You can accept, reject, or manage non-essential cookies via the consent banner displayed when you first visit our site. You can also change your preferences at any time by [link to cookie preferences].

For further information, please see our Cookie Policy at [link].

12. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal information we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete information.
  • Right to erasure — to request deletion of your personal data in certain circumstances. This right is limited where we have a legal or professional obligation to retain clinical records.
  • Right to restrict processing — to ask us to limit how we use your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used format, where applicable.
  • Right to object — to processing where we rely on legitimate interests or for direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact Julie Marshall at the address above.

13. Complaints

If you have a concern about how we handle your personal information, we would encourage you to contact us in the first instance so that we can address it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Changes to this Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, services, or legal obligations. The current version will always be available on our website, and the date of the most recent update is shown at the top of this Notice.