Privacy Policy
Effective date: July 2025
Last updated: April 2026
The Neurodiversity Practice respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you visit our website, contact us, enquire about services, or engage with us for an adult autism assessment. This service is intended for adults aged 18 and over.
Who we are
The Neurodiversity Practice (“we”, “us”, “our”) is the data controller for the personal data described in this Privacy Policy.
Contact details
The Neurodiversity Practice
7 Bannaville
Ranelagh
Dublin
Ireland
Email: info@theneurodiversitypractice.ie
If you have any questions about this Privacy Policy or how your data is handled, please contact us using the details above.
What personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
Identity and contact data
Your name, date of birth, address, email address, telephone number, and emergency contact details.
Assessment and clinical data
Information relevant to an adult Autism assessment, including developmental history, educational and occupational history, mental health and medical history, neurodivergence-related experiences, screening questionnaire responses, clinician notes, collateral history, correspondence, and assessment outcomes.
Special category data
Because we provide a health-related professional service, we may process special category personal data, including data concerning health. (Homepage | Data Protection Commission)
Administrative and financial data
Appointment details, attendance records, payment information, invoices, and related business records.
Website and technical data
Basic technical information collected when you use our website, such as IP address, browser type, device information, and cookie preferences, depending on how the website is configured.
How we collect your data
We may collect personal data:
directly from you
through enquiry, contact, consent, and intake forms
during phone, video, and email communications
during appointments and assessment sessions
from questionnaires or screening tools you complete
from third parties you ask us to contact, or who provide relevant collateral history, where appropriate through our website, including cookies or similar technologies where used
Why we use your personal data
We may use your personal data to:
respond to enquiries and manage appointments
determine whether our service is suitable for you
provide adult Autism assessment services
prepare feedback, summaries, reports, letters, or recommendations where applicable
communicate with you before, during, and after assessment
process payments and maintain financial records
comply with legal, regulatory, ethical, insurance, and professional obligations
protect you or another person where there are serious safeguarding or safety concerns
establish, exercise, or defend legal claims
maintain the security and administration of our practice and website
Our legal bases for processing
Under the GDPR, we rely on one or more of the following legal bases, depending on the circumstances:
Contract: where processing is necessary to take steps at your request before entering into a contract, or to provide the service you have asked for
Legal obligation: where we must comply with tax, accounting, data protection, or other legal obligations
Legitimate interests: where processing is necessary for the secure and efficient running of our practice, service administration, IT security, record management, or the establishment, exercise, or defence of legal claims
Consent: where consent is the appropriate basis for a specific activity, such as certain optional disclosures
Vital interests: in exceptional circumstances where processing is necessary to protect someone’s vital interests Where we process special category data, including health data, we also rely on a condition under Article 9 GDPR. In most cases this will be that processing is necessary for the provision or management of health or social care services. In limited situations, we may also rely on explicit consent, vital interests, or the establishment, exercise, or defence of legal claims. (Homepage | Data Protection Commission)
If you do not provide personal data
If you do not provide information that is reasonably required for us to assess suitability, verify identity, carry out the assessment, or meet our professional obligations, we may not be able to offer or complete the service. The DPC notes that a privacy notice should explain whether providing data is necessary and the possible consequences of not providing it. (Homepage | Data Protection Commission)
Who we share your data with
We only share personal data where necessary, proportionate, and lawful. This may include:
secure service providers who help us operate the practice, such as email, cloud storage, website hosting, video consultation, online form, e-signature, payment processing, and accounting providers
legal, regulatory, professional, or insurance advisers where necessary
your GP, referrer, or another healthcare professional, where appropriate and usually with your agreement unless disclosure is otherwise permitted or required by law
public authorities, regulators, courts, or An Garda Síochána where required by law or where necessary to reduce a serious risk of harm.
We do not sell your personal data.
International transfers
We aim to use service providers that store and process data within the EEA where possible. If any provider processes personal data outside the EEA, we will only use them where appropriate safeguards are in place, such as an adequacy decision or approved contractual safeguards.
How long we keep your data
We keep personal data only for as long as necessary for the purposes for which it was collected, including clinical, legal, regulatory, insurance, tax, accounting, and professional purposes. Where it is not possible or appropriate to state one fixed period for every category of data, we apply retention criteria based on the type of record, the purpose for which it was collected, and any legal, professional, or insurance requirements that apply. We also review records periodically and securely delete or anonymise data when it is no longer required. This approach is consistent with the DPC’s transparency guidance, which allows a notice to state either the retention period or the criteria used to determine it, and with the storage-limitation principle. (Homepage | Data Protection Commission)
How we protect your data
We take reasonable technical and organisational measures to protect personal data. These may include password protection, access controls, secure devices and systems, secure cloud services, restricted access on a need-to-know basis, and secure disposal of records. If a personal data breach occurs that presents a risk to your rights and freedoms, we will deal with it in line with our legal obligations. The DPC states that notifiable breaches must generally be reported to the supervisory authority within 72 hours of becoming aware of the breach, and affected individuals must be informed without undue delay where the breach is likely to result in a high risk. (Homepage | Data Protection Commission)
Your data protection rights
Subject to the limits set by law, you may have the right to:
access your personal data
ask for inaccurate personal data to be corrected
ask for your data to be erased in certain circumstances
ask for processing to be restricted in certain circumstances
object to certain types of processing
receive certain personal data in a portable format
withdraw consent at any time where we rely on consent
These rights are not absolute, and there may be circumstances in which we are entitled or required to refuse part of a request. For example, we may need to retain certain records for legal, professional, insurance, or regulatory reasons. The rights listed here align with the DPC’s summary of the information that should be provided to individuals under Articles 13 and 14 GDPR. (Homepage | Data Protection Commission)
Clinical records and correction requests
If you believe factual information in your record is inaccurate, you may ask us to correct it. Where a record contains a professional opinion, it may not always be appropriate to alter that opinion, but we will consider adding a note or supplementary statement where appropriate.
Cookies and website tracking
Our website may use cookies or similar technologies. Where cookies are strictly necessary for the functioning of the website, they may be used without consent. Where cookies are not strictly necessary, including analytics cookies, we will ask for your consent before placing them on your device. We will also provide clear information about the technology used and the purpose of the data collected. (Homepage | Data Protection Commission)
Marketing communications
We do not send marketing emails unless we have a lawful basis to do so, usually your consent where that is required. You can opt out of marketing communications at any time.
Automated decision-making
We do not use solely automated decision-making or profiling to make decisions about your care or assessment. The DPC’s transparency guidance says individuals should be told whether automated decision-making is used. (Homepage | Data Protection Commission)
Complaints
If you have concerns about how we handle your personal data, we would appreciate the opportunity to address them first. You also have the right to raise a concern or make a complaint to the Data Protection Commission: Data Protection Commission
6 Pembroke Row
Dublin 2
D02 X963
Ireland Email: info@dataprotection.ie
The DPC says individuals can raise a concern through its online form and generally recommends contacting the organisation first before escalating the matter. (Homepage | Data Protection Commission)
Changes to this policy
We may update this Privacy Policy from time to time. The most current version will always be available on our website, and the “Last updated” date will show when changes were made.