Privacy policy

Effective Date: 19 January 2026

 

  1. Who We Are

We are Mid Kent Mind, a local wellbeing charity providing counselling, training, and mental health and wellbeing support for children, young people, and adults.

We are committed to protecting your privacy and keeping your personal information safe.
This Privacy Notice explains how we collect, use, store, and share your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

  1. What Information We Collect

Depending on the service you use, we may collect the following information:

  • Personal details: name, date of birth, contact details, emergency contact information, GP details
  • Health and wellbeing information: mental health history, support needs, risk information
  • Equalities information: age, gender, ethnicity, disability (used to help ensure fair and accessible services)
  • Service information: referral details, attendance records, session notes, evaluations, feedback, and reasons for accessing services
  • Employment, placement, or volunteer applications: CVs, references, qualifications, and recruitment-related information
  • Banking and payment information: payments made for services provided or donations made via our website secure donation page

 

  1. How We Use Your Information

We use your information to:

  • Provide counselling, wellbeing, mental health support, training, and related services
  • Safeguard you and others, including where there are concerns about safety or risk
  • Manage referrals, appointments, and the delivery of our services
  • Communicate with you about services you are using or have requested
  • Monitor service quality, evaluate outcomes, and improve our services
  • Meet our legal, professional, contractual, and funding obligations, including sharing anonymised data with funders to demonstrate the impact of our work
  • When you are using our secure donation page or you set up a payment for a Mid Kent Mind service, your donation is processed by a third party payment processor who specialises in the secure online capture and processing of credit/debit card transactions.

Lawful bases for processing (UK GDPR)

We rely on the following lawful bases:

  • Consent: for newsletters, marketing communications, and certain optional services
  • Legal obligation: where required by safeguarding, employment, or other laws
  • Legitimate interests: to manage services, maintain records, ensure continuity of care, and improve our charity’s work

Special category (health) data

Where we process health and wellbeing information, we rely on UK GDPR Article 9, including:

  • Article 9(2)(h): processing necessary for the provision or management of health or social care services
  • Article 9(2)(g): processing necessary for safeguarding children and adults at risk

 

  1. Children and Young People

We provide additional protection for children and young people.

  • We assess a child or young person’s ability to consent to services in line with legal and safeguarding guidance.
  • Where required, parental or guardian consent will be sought.
  • Confidentiality is respected wherever possible, but information may be shared without consent where there is a safeguarding concern or legal requirement.

 

  1. Sharing Your Information

We only share your information when necessary and proportionate, including:

  • With professionals involved in delivering your care or support
  • With safeguarding or emergency services if someone’s safety is at risk
  • With other professionals, where consent has been given or a legal obligation applies
  • With funders, commissioners, or regulators (usually in anonymised or aggregated form)

We do not:

  • Sell or rent your personal information
  • Share your information for marketing purposes without your consent

 

  1. Data Security and Retention

We store your information securely and only keep it for as long as necessary.

Approximate retention periods include:

  • Service user records: up to 7 years after last contact
  • Children’s safeguarding records: until the child reaches age 25
  • Adult safeguarding records: at least 10 years after the last action, or longer where there is ongoing risk
  • Employment and volunteer records: up to 6 years after leaving

Access to records is restricted to authorised staff only.

 

  1. Records After You Leave Our Services

When you stop using our services, we do not immediately delete your records.

We retain records securely for a defined period so that we can:

  • Support you safely if you re-engage with our services
  • Maintain continuity of care and avoid you having to repeat your history
  • Meet safeguarding responsibilities
  • Respond to complaints, concerns, or legal requests
  • Comply with legal, professional, and regulatory requirements

Your records are closed and archived, with restricted access. They are only accessed if you re-engage with services or where there is a safeguarding, legal, or professional reason to do so.

We do not rely on consent to retain records after services end. Our lawful bases for retention are:

  • Legitimate interests (continuity of care and service management)
  • Legal obligations (including safeguarding)
  • Health and social care purposes under UK GDPR

Records are securely destroyed once the applicable retention period has passed.

 

  1. Your Rights

You have the right to update your communication preferences or contact details to any time you can do so by contacting out office.

Under data protection law, you have the right to:

  • Access your personal data (subject access request)
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (this right is limited where we must retain information for legal, safeguarding, or health and social care purposes)
  • Withdraw consent or object to certain types of processing
  • Request restriction of processing or transfer of your data

To exercise your rights, please contact:

Name / Role: Josie Ledger – Service and Compliance Manager
Email: josie.ledger@midkentmind.org.uk
Phone: 01622 692383
Address: Mid Kent Mind, 23 College Road, Maidstone, ME15 6YH

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data protection regulator:
Website: www.ico.org.uk
Telephone: 0303 123 1113

 

  1. Cookies and Website Use

Our website uses cookies to improve functionality and user experience.

  • Cookies may collect technical or usage data but do not directly identify you by name
  • You can disable cookies in your browser settings, though some features may not work correctly
  • Our WordPress website is hosted by Kayo Digital on a multi-tenant server. Please see their Privacy policy for more information.
  • Our newsletters are sent via Email Octopus, which tracks email opens and clicks. Please see their privacy policy for more information

Where website or email service providers process data outside the UK, appropriate safeguards are in place.

 

  1. Marketing and Communications
  • We adhere to the Privacy and Electronic Communications (EC Directive) Regulations 2003
  • You can choose whether to receive marketing emails from us
  • We will only send marketing communications where you have given consent
  • You can change your preferences or opt out at any time by contacting:
    community@midkentmind.org.uk or clicking unsubscribe in any marketing email.

 

  1. Safeguarding
  • Confidentiality may be broken if someone’s safety is at risk or where the law requires information to be shared
  • Wherever possible, we will inform you before sharing your information

 

  1. Automated Decision-Making

We do not make decisions about you based solely on automated processing.