Privacy Policy

We want everyone who comes to us for support, or supports us, to feel confident about how any personal details they share will be looked after and used.

This policy provides information about what information is collected, how it is used and how we take care of it.

We will collect, store and use any information you provide in accordance with the Data Protection Act 1998 and General Data Protection Guidelines 2018 (GDPR). We will try to keep the data as accurate and up to date as possible and will not keep it longer than necessary. In some instances the law sets the length of time information has to be kept, but in most cases Bromley, Lewisham & Greenwich Mind will use its discretion to make sure we do not keep records for longer than necessary.

Information We Collect About You

The core information we will collect will be personal data, but may also include special category data.

Personal Data

Under the Data Protection Act 1998, Personal Data is defined as data that identifies a living person and/or includes any expression of opinion about that person. Personal data we might collect from you may include basic details such as your name, date of birth, email address, postal address and telephone number. It might also include any information about you in our files relating to any of our services you may have been referred to or accessed.

Special Category Data

Certain data is classified as Sensitive Personal Data under the Data Protection Act 1998.  For example racial or ethnic origin, religious or other beliefs of a similar nature, physical or mental health conditions and sexuality.

How We Use Your Information

We may use the information you provide for the following purposes:

  • Decision making regarding the most appropriate support
  • Direct provision of support and services
  • Provision of information you have requested, whether this is by direct contact or online
  • Anonymising data for reporting to funders and commissioners about the services

Sharing of Information

Occasionally, we may be required to share information internally within the organisation if you are accessing more than one service, and for the purposes of decision making and risk management. We may also need to share information with partner providers where the service or support is provided by more than one organisation, or with non-partners such as your GP. Where this is the case we will inform you.

The only exception would be where staff have reason to believe that an individual is in danger of harming themselves or others.  In such a situation, efforts will be made to persuade the person to contact statutory health or social services for help (this may include their GP or a mental health professional). If they are unwilling to do this, staff should seek agreement from the individual to make this contact on their behalf. If the individual cannot be contacted or refuses to give permission for Bromley, Lewisham & Greenwich Mind to contact the statutory authorities, staff may decide the concerns are sufficiently serious to contact the authorities themselves with their concerns.

Compliance with GDPR

GDPR requries us to have a legal basis for holding your data which we need to communicate to you.  For us this will either be that we have a legitimate interest in holding the data or that we have your consent to hold the data.  The privacy statement for each service clarifies which this legal basis is.


Keeping your personal information safe is very important to us. We have implemented appropriate physical, technical and organisational measures to protect the information we have under our control from improper access, use, alteration, destruction and loss.

Right to Access

You have a right to request a copy of the information that is held about you. This is known as a subject access request. This right means that,  under the Data Protection Act, you can make a request for copies of the information held about you by the organisation.

Subject Access Requests must be made in writing to the Data Controller (email requests are acceptable) and there may be a fee involved.

Once you have satisfied the Data Controller of your identity and any administration fees have been paid the organisation has one month to provide you with the information.

Third party requests, i.e. from insurers or solicitors, must be accompanied by a consent form signed within the last 6 months.

Our website

This section of the policy explains how we secure and use data relating to the website, what information (referred to as ‘this website’) collects and how the organisation, Bromley, Lewisham & Greenwich Mind (referred to as ‘we’, ‘us’ and ‘our’) uses that information.

Securing your connection to our website

This website uses a SSL (Secure Sockets Layer) security certificate to encrypt and protect connections to and traffic on the website. When you are on this website, in the address bar of your web browser, you should see at least one of the following to confirm the secure connection to this website:

  • A padlock symbol
  • The text ‘https://; before the website address
  • The words ‘Secure’ or ‘Secure Connection’

It is up to the visitor to this website to ensure their computing devices and software are updated to the latest versions to maximise security.


This website uses cookies to:

  • help us monitor and understand how people use the website
  • identify returning or repeat visitors
  • manage the security of this website
  • manage people logging in or out of the website.

You can block these cookies using the appropriate desktop and mobile apps for your software and system.

How visitors use this website

We use Google Analytics and page tagging techniques to understand how this website is used by visitors.

Find out more what information Google collects, how it uses and protects this information here. The link also provides information as to how you can opt-out of Google Analytics.

Google Analytics and this website can collect information such as:

  • visitor IP address, web browser, device(s) used
  • how people came to our website, time spent on web pages
  • whether a visitor is logged into a restricted part of the website
  • if a visitor has come to the website recently.

This information helps us:

  • make sure our website meets visitor and technological needs
  • know if we are providing information you need or find useful
  • make best use of our charity resources to promote what we do and support people who need our services.

Contacting us via the website

We can personally identify you if leave a comment, submit a form or click an email link when you use the website. This includes information such as your name, IP address, email address, telephone number and any other information you provide to us. We do try to keep the information we collect to the minimum needed to allow us to respond to your feedback, messages, comments or queries.

Subscribing to email notifications, newsletters and updates

We offer email subscription to our newsletter, marketing and updates about our services.

We only ask for your first name and email address and you can unsubscribe at any time using the link at the bottom of the emails you receive. The information you provide to us will only be used for the above purposes and not sold or rented to any third party individuals, organisations or companies.

We do use a third party, MailerLite, to provide this service. The company provide a secure service compliant with relevant data protection legislation. In addition to sending the emails, they provide analysis for us such as click rates, open rates, sharing and forwarding of emails received from us. This helps make sure we are providing information that is relevant to people subscribing and measure the effectiveness of our marketing and communications. 

Contact Us

If you would like to know more, or have any concerns about how your information is being processed, or would like to make a subject access request, please contact:

Data Controller
Bromley, Lewisham & Greenwich Mind
Anchor House, 5 Station Road, Orpington, Kent, BR6 0RZ
Tel: 01689 811222

Right to lodge a complaint

This can be done through our normal complaints procedure, details of which can be found in our Complaints Policy.

Download this Privacy Policy.