Privacy Policy

Privacy & Cookie Policy

Last updated: January 2026

STM27 Group Ltd, trading as SaveTheMind (“we”, “us”, “our”), is committed to protecting your privacy and handling your personal data in a transparent, secure, and lawful manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are registered with the Information Commissioner’s Office (ICO) under registration number ZC048496.

1. Who We Are

Data Controller: STM27 Group Ltd (T/A SaveTheMind)
Responsible Clinician & Data Lead: Dr Saad Lakhani
Email: enquiry@savethemind.co.uk
Telephone: 020 3355 1524

Please view our Compliance page regarding how our Doctors act as clinically independent to our limited company

If you have any questions about this policy or how your data is handled, please contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

a) Website Usage Data

  • IP address

  • Browser type and version

  • Device and operating system information

  • Pages visited and time spent on our website

This data is collected via cookies and similar technologies and is used to understand how our website is used and to improve performance.

b) Enquiry and Contact Data

When you contact us via our website forms, email, or telephone, we may collect:

  • Your name

  • Email address

  • Telephone number

  • Any information you choose to include in your enquiry

Website form submissions are delivered directly to our enquiry email inbox. We do not operate a separate CRM, portal, or dashboard for enquiries.

Access to this inbox is restricted to selected clinicians and authorised administrative staff only, on a strict need-to-know basis.

c) Clinical and Consultation Data

If you engage our services, we will collect and process additional personal and special category data (including health information) for the purposes of assessment, treatment, reporting, and clinical record-keeping.

Clinical information is handled under enhanced confidentiality and security measures appropriate for healthcare data. These measures are set out in a separate internal clinical data handling document, which governs access controls, storage, retention, and security safeguards in line with UK GDPR and professional healthcare standards.

Key points:

  • Clinical data is accessible only to authorised clinicians and approved administrative staff on a strict need-to-know basis.

  • Clinical information is processed and stored separately from our website infrastructure.

  • Website developers, marketing providers, and third-party service suppliers do not have access to clinical records.

Further information about how clinical data is handled can be requested from us at any time.

3. Cookies

Our website uses cookies to ensure it functions properly and to help us understand how visitors interact with it.

Cookies may be used to:

  • Enable core website functionality

  • Analyse website traffic and performance

  • Improve user experience

You can control or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of the website.

4. Third-Party Website Provider (Add People)

Our website is built and maintained by Add People Ltd.

  • Add People may have limited technical access to website form submissions strictly for website maintenance, diagnostics, or support purposes.

  • They do not process enquiry data for their own purposes.

  • They do not have access to clinical records, consultation notes, or direct communications sent to us by email or telephone.

If you contact us directly (for example, by emailing us or calling us), Add People has no access to that information.

Add People’s own privacy policy can be viewed here:
https://www.addpeople.co.uk/privacy-policy/

5. How We Use Your Data

We use personal data to:

  • Respond to enquiries

  • Provide clinical services

  • Communicate with you about appointments or services

  • Maintain accurate clinical and administrative records under enhanced healthcare-specific safeguards

  • Comply with legal, regulatory, and professional obligations

Clinical records and health information are subject to additional protections beyond standard website and enquiry data, as set out in a separate internal document governing clinical data handling.

We do not sell your data and do not share it with third parties outside our organisation, except where required by law or where necessary for website operation as described above.

6. Data Retention

  • Enquiry emails are retained within our secure email system for as long as reasonably necessary to respond and manage follow-up.

  • Clinical records are retained in line with UK medical record retention guidance and professional standards, under enhanced safeguards set out in our separate clinical data handling document.

We regularly review stored data to ensure it is not kept longer than necessary.

7. Data Security

We take appropriate technical and organisational measures to protect your data, including:

  • Restricted access controls

  • Secure email and IT systems

  • Confidentiality obligations for staff and clinicians

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request rectification of inaccurate data

  • Request erasure of your data (where applicable)

  • Restrict or object to processing

  • Request data portability

Subject Access Requests (SARs)

You may submit a Subject Access Request at any time. We will respond within the statutory timeframe and in accordance with UK GDPR requirements.

To make a request, please contact:
enquiry@savethemind.co.uk

9. How to Complain to the ICO

We take data protection seriously and encourage you to contact us first if you have any concerns about how your personal data is handled. We will always aim to resolve issues promptly, transparently, and fairly.

If you remain dissatisfied after contacting us, you have the right to raise a complaint with the UK supervisory authority for data protection matters:

Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk
Telephone: 0303 123 1113

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

The ICO can provide independent advice and investigate complaints relating to the handling of personal data.

10. Changes to This Policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in legal requirements or our data handling practices. Any updates will be published on this page with a revised effective date.

We may update this Privacy & Cookie Policy from time to time to reflect changes in legal requirements or our data handling practices. Any updates will be published on this page with a revised effective date.