Cognition Care Ltd (“Cognition Care”, “we”, “our”, “us”) is an independent mental health provider registered in England and Wales (Company No. 15824475). We provide assessment, diagnosis, treatment, and support services for ADHD, autism, and general psychiatry.

We are:

• Registered with the Care Quality Commission (CQC) as a regulated healthcare provider.

• Registered with the Information Commissioner’s Office (ICO) under registration number ZB862099 as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

For any queries about this Privacy Notice, or to exercise your data rights, you can contact us at:
admin@cognitioncare.uk (please include “Data Protection” in the subject line).

This Privacy Notice explains how Cognition Care Ltd collects, uses, stores, and protects your personal information. It applies to:

• Patients and clients who use our services

• Parents, carers, or nominated representatives

• Referrers and healthcare professionals we liaise with

• Visitors to our website or individuals making enquiries

We are committed to protecting your privacy and handling your information in line with:

• The UK General Data Protection Regulation (UK GDPR)

• The Data Protection Act 2018

• The Caldicott Principles for confidentiality in health and social care

• Relevant healthcare and professional regulations, including those of the Care Quality Commission (CQC)

The type of information we collect depends on your relationship with Cognition Care. This may include:

• Basic details: name, date of birth, contact details, address

• Health information: medical history, current symptoms, family history, medication details, and relevant lifestyle factors

• Assessment materials: pre-appointment questionnaires, forms, test results, and consultation notes

• Communication records: emails, messages, telephone call notes, and video consultation logs

• Third-party details: your GP, pharmacy, or nominated representative (where you have provided consent)

• Administrative information: payment records, invoices, and finance applications (where applicable)

• Website data: online form submissions, cookies, and usage data (see Section 11)

Some of the information we collect is classed as special category data under UK GDPR, such as health and ethnicity data. This information is only processed where necessary for the provision of healthcare, safeguarding, or where you have given explicit consent, and is always subject to strict safeguards.

We only collect the minimum information needed to provide safe, effective care and to meet our legal and regulatory obligations.

We may collect data when you:

• Complete a contact form on our website

• Book an appointment or submit medical forms

• Speak with a clinician or administrator

• Use our services (e.g. assessment, coaching, prescriptions)

In some circumstances, we may also receive information from third parties — but only where this is legally required or necessary for your safety. For example:

• If another healthcare professional shares information with us (e.g. your GP or pharmacy), with your consent

• If a safeguarding authority, regulator, or court provides information we are legally obliged to record

• If we must act to protect you or others from serious risk of harm

We only ask for and record the minimum data needed to provide safe, effective care.

We use your personal information to:

• Provide safe and effective care — including assessments, reports, prescriptions, and ongoing treatment.

• Coordinate care with other professionals — for example, sharing information with your GP, pharmacy, or another provider, but only with your consent unless required by law.

• Maintain accurate clinical and administrative records — ensuring your information is up to date and available to those involved in your care.

• Manage appointments and communications — such as confirming bookings, sending reminders, or responding to your enquiries.

• Meet legal, safeguarding, and regulatory obligations — including duties under the Care Act 2014, Children Act 1989, CQC Regulations, and professional standards.

• Improve our services — by reviewing anonymised or aggregated data (never identifiable without consent).

We never sell, trade, or share your data with third parties for marketing or non-care purposes.

Under UK GDPR, we process your data using one or more lawful bases:

• Consent – when you agree to us processing your information (e.g. sharing records with your GP).

• Contract – when we need your information to deliver the service you’ve requested.

• Legal obligation – when we are required by law to retain or share certain records.

• Vital interests or safeguarding – in rare cases, to protect life or prevent harm.

• Legitimate interests – we may process limited non-clinical data (such as contact details for reminders, or anonymised service usage for audits) where it is necessary to support the safe and efficient running of Cognition Care. This basis will never be used for special category health data without your explicit consent or another lawful basis.

We only share your information when it is necessary, proportionate, and lawful.

This may include:

• Your GP or nominated healthcare professional – usually with your explicit consent, unless required by law (e.g. controlled drugs, safeguarding).

• Signature Pharmacy – all prescriptions issued via SignatureRx are dispensed through Signature Pharmacy. We share only the clinical details required for safe dispensing. Payment for medication is made directly to Signature Pharmacy, and Cognition Care does not access or store your financial data.

• Emergency services or safeguarding teams – if there is a risk of serious harm to you or others, or where required by law.

• Our secure clinical systems – such as Semble (patient records) and SignatureRx (e-prescribing).

• Regulators or insurers – where legally required for audit, compliance, or indemnity purposes.

• Humm Finance – if you apply for a finance agreement, your information is submitted directly to Humm. Cognition Care does not access or store your financial data, but we may receive confirmation of approval or decline.

• Secure digital tools – in some cases, we may use secure digital platforms (including AI-based drafting assistants) to support clinicians in preparing letters or documentation. These are used under strict governance and never replace clinician judgment. All outputs are reviewed by a clinician before being added to your record.

We will always aim to inform you before sharing information, unless doing so would increase the risk or we are legally prevented from doing so.

We never sell or share your data for marketing purposes.

All data is stored securely using encrypted, GDPR-compliant systems. We use:

• Semble – our clinical platform and electronic health record system.

• SignatureRx – for issuing prescriptions.

• Secure cloud storage and email systems (e.g. Microsoft 365, Squarespace forms) – for communication and administrative records.

Access to your information is strictly limited to authorised Cognition Care personnel involved in your care, or those supporting the safe operation of our services.

We apply the following safeguards:

• Role-based access controls – staff only see the information they need for their role.

• Encryption in transit and at rest – all records and communications are protected against unauthorised access.

• Audit trails – all access and changes to records are logged.

• Regular data protection training – all staff are trained on confidentiality, GDPR, and information security.

• Business continuity and backup systems – to protect your data in case of system failure.

We do not store your clinical records on staff devices. All records are kept securely within our encrypted cloud-based systems, which can only be accessed with secure logins.

We retain records in line with NHS and regulatory guidance (Records Management Code of Practice for Health and Social Care 2021):

• Adults – a minimum of 8 years after the last contact.

• Children and young people – until age 25, or 8 years after discharge, whichever is later.

• Mental health records – in some cases, may need to be kept for longer (e.g. if care extends into adulthood).

After these periods, records are securely and permanently deleted or anonymised.

We may also retain some information for a longer period where required by law, for example:

• Controlled drug records (in line with medicines legislation).

• Safeguarding records (where retention may be extended due to ongoing risk).

• Financial or tax records (in line with HMRC requirements).

We never keep your data longer than is necessary.

Under UK GDPR, you have the right to:

• Access – request a copy of the personal data we hold about you.

• Rectification – ask us to correct any inaccurate or incomplete information.

• Erasure – request deletion of your data where there is no legal or regulatory reason for us to keep it.

• Restriction – ask us to limit how your data is used in certain circumstances.

• Objection – object to the use of your data for specific purposes (e.g. marketing — though we do not use your data for marketing).

• Data portability – request that information you provided to us is transferred to another provider, where technically possible.

• Withdraw consent – where we rely on consent as the lawful basis for processing, you may withdraw this at any time.

• Complain – raise a concern with the Information Commissioner’s Office (ICO) if you believe your rights have been breached.

To exercise any of these rights, please email us at admin@cognitioncare.uk. We will respond within one month, in line with data protection law. Exercising your rights will never affect the quality of care you receive from Cognition Care.

Our website uses cookies to improve functionality, ensure security, and measure traffic.
We do not use advertising or tracking cookies, and we do not collect sensitive personal information via cookies.

You can manage or disable cookies through your browser settings at any time.

For full details of the types of cookies we use, how long they are stored, and how to control them, please see our Cookie Policy

If you have any questions about this notice or how we handle your data, please contact us:

• Email: admin@cognitioncare.uk

• Post: Cognition Care Ltd, 4b Ridgeway Court, Leighton Buzzard, Bedfordshire, LU7 4SF

• Phone: 020 3818 8008

We aim to respond to all enquiries within one month, in line with data protection law.

If you are unsatisfied with our response, you can raise a concern with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

This Privacy & GDPR Notice may be updated periodically to reflect:

• Changes in UK data protection law or other relevant regulation

• Updates to clinical systems or digital platforms we use

• Amendments to our internal governance and safeguarding processes

• Changes in how we provide or deliver services

The most current version will always be published on our website.

By using our website or engaging with our services, you acknowledge that you have read and understood this notice and agree to the way your information is collected, used, and stored.

Last reviewed and updated: 1 July 2025