top of page

Privacy and Cookies Policy 

Privacy and Cookies Policy 

At The Toolbox we take the privacy and safety of our users very seriously. We have written this document to tell you:

1. about how we protect your personal data

2. and how we work to keep you safe​

What is Data Protection?
There is a law called the Data Protection Law which is there to ensure that we use your personal data lawfully, in order to protect it.

The Toolbox is called a data controller, our registered office is at:
Mindler Ltd
25 Wilton Road,
Telephone: 020 4574 6366

What information do we need to collect and why?

When you use The Toolbox we may need to collect some personal information from you - this is known as Personal Data.

We need this data to be able to provide a service to you. Our legal basis for processing this data is to provide healthcare services to you.

We also collect additional data, which is called ‘special category data’:

  • Your gender identity

  • Your ethnicity

  • Your diagnosis (if existent)

This data is collected under the legal basis ‘legitimate interest’.  It helps us to measure how we are performing as a service and to improve our service. This data is provided to the organisations who make our services available to you. Any data shared in this way is fully anonymous, non-identifiable data and is used to help inform the organisations about usage of the service, including, but not limited to:

  • Number of registrations

  • The Toolbox Site usage

  • Issues faced by service users

  • Outcomes achieved

Although this is personal data, it will NOT:

  • Identify an individual user or

  • Allow us to trace or find an individual

We do not ask you for any information that may identify you when you sign up.

The use of cookies in The Toolbox:
Our website uses cookies to distinguish you from other users of our website.  This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

We use the following cookies:

Strictly necessary cookies:

These are cookies that are required for the operation of our website.  They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. These are always used.

Analytical or performance cookies:

These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. You can choose whether or not to opt in.

Functionality cookies:

These are used to recognise you when you return to our website.  This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). You can choose whether or not to opt in.

Targeting cookies:

These cookies record your visit to our website, the pages you have visited and the links you have followed.  We will use this information to make our website more relevant to your interests.  You can choose whether or not to opt in.

Your Data - Your Rights
As the owner (aka ‘Data Subject’) of your personal data, you have certain rights under the General Data Protection Regulations (GDPR) to find out about our use of your personal data.

You have:

The Right to be informed - by providing you with this document, we are giving you the information about your data that is collected and held by us,

The Right of access - you can ask about your personal data that we hold - this is called a “data subject access request”,

The Right to rectification - you can tell us if the data we hold is wrong or incomplete and ask us to put it right,

The Right to erasure - you can request erasure of your personal data. This enables you to ask* us to delete or stop processing your data. (*There may be times when we can’t do this though because we are required by law to hold it for a certain time),

The Right to restrict processing - you can object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing,

The Right to data portability - you can ask us to securely transfer your personal data to another data controller,

The Right to object - you can ask us to stop the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.

If you think that we have failed to handle your data properly or have not allowed your rights listed above, you have the right to make a complaint to the Information Commissioner’s Office.

Your right to withdraw your consent
You have the right to withdraw consent if you have shared any personal data with us. You can withdraw your consent to share information at any time. You can request to withdraw your consent by sending a message to The Toolbox team.

Additional Information on how we improve our services
We may use the data we collect to measure how we are performing as a service and to improve our service. This information is always anonymised, therefore it could not be used to identify you.

We continuously try to improve our service, which may involve introducing new processes. In these circumstances, we carry out a risk assessment into the impact of this on your data.

Case studies
We may be asked by the organisations who pay for the service, to provide them with anonymous case studies of our work with service users. This is so they can see how well The Toolbox is performing in our role in supporting you.

Our team at The Toolbox also have to take part in ongoing training and development so that they can be best placed and trained to support you. This means that they sometimes also have to write case studies for their courses or training.

Whenever a case study is written, we never use any of your personal data. It will never be possible to identify you from these case studies.

Consent & Privacy Policy For Users Who Sign Up To Our Service

How we use what we know about you:

We record how you are getting on in The Toolbox and we use that to help us to help you. This is called your personal information, and we will keep it confidential and secure. 

Keeping you safe

If you start therapy with the Toolbox, we will tell your Doctor (NHS GP) so your records are kept up to date. 

If we are really worried about you (including if you are having thoughts of harming yourself) we may need to share your personal information with someone else to keep you safe. We will ask for your permission before doing so, and you may wish to talk to that person yourself before we speak to them. However, if the situation is very serious, such as an emergency, we may need to act without talking to you first. 

What age is The Toolbox suitable for?

The Toolbox is open to anybody aged between 10 to 18. If you’re younger than 12, you’ll need a parent or guardian in the room with you during therapy sessions.  ​

Emergency use of data and safeguarding 

We do not share your personal information with any third parties for any reason other than strictly in connection with your healthcare or well-being. If we believe that there are reasons for taking urgent action to protect you from harm we may need to share your personal information.

This could be your parent/guardian, your NHS GP, other health or social care organisations, or exceptionally the emergency services. We will usually seek your consent before doing so, but if the situation is serious we may need to take action without speaking to you first. 

Transferring your information outside the UK

Sometimes, we may need to send your personal data to a country outside the EU, EEA, or the UK. If we do this and the country doesn't have the same strong data protection rules, we will take special steps to keep your data safe and protected, just like it is within the EU, EEA, or the UK. This means we use proper legal and security measures to protect your data when it's sent to another country and to comply with the requirements set out in the Data Protection Act Chapter V. 

Storage of your personal information

The personal information is kept only for as long as it is needed to ensure we can provide the service to you effectively and keep our own records for healthcare reasons and in order to inform the NHS about your referral and progress and help with managing health services. At any time, you can ask to see what data we hold about you. 

Data Protection Officer

Mindler has a special person called a Data Protection Officer (DPO) to help with questions about your personal data. Our DPO is Bird & Bird DPO Services SRL. If you have any worries or complaints about how we use your personal data, the DPO can be contacted via email at


You can also write a letter to our DPO at this address: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium. 

If you are still not happy after talking to our DPO, you have the right to complain to the Information Commissioner’s Office (ICO), which is like a referee for data protection in the UK. Their website is However, we would really like to help you first, so please talk to us before going to the ICO.

This document was last updated on 2024-06-13. 

bottom of page