Privacy Policy

1. Data controller

NDPathway is operated by Noble Meleka Ltd (company number pending), registered in England and Wales. For data protection queries, contact our Data Protection Lead at [email protected].

2. What data we collect

We collect different data depending on how you use the service:

• Screening responses — answers you give during our online screeners. These are processed in your browser and are not stored on our servers unless you explicitly choose to save your results. • Account data — email address and hashed password if you create an account. • Employer enquiry data — name, email, company name if you contact us through the employer enquiry route. • Usage data — anonymised analytics (page views, feature usage) collected via privacy-respecting analytics. No advertising trackers are used.

3. Special category data

Some data you share with us (such as screening responses or information about neurodivergent conditions) may constitute special category data under UK GDPR Article 9. We process this data on the lawful basis of your explicit consent (Article 9(2)(a)). You can withdraw consent at any time by contacting [email protected] or deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. How we use your data

We use your data to:

• Provide screening results and recommendations • Match you with assessment clinics if you request this • Support Access to Work applications if you use that service • Match you with support workers if you request this • Respond to employer enquiries • Improve and maintain the platform

We do not sell your data to any third party. We do not use your data for profiling or automated decision-making.

5. Lawful basis for processing

We process your personal data under the following lawful bases:

• Consent (Article 6(1)(a)) — for screening data and special category health data • Legitimate interests (Article 6(1)(f)) — for anonymised analytics and platform improvement • Contract (Article 6(1)(b)) — for providing services you have requested, such as clinic matching or support worker placement

6. Data sharing

We share your data only when necessary to provide the service you have requested:

• Assessment clinics — only if you choose to request a referral or booking • Support workers or support organisations — only if you request matching • Access to Work — only if you ask us to support your application

We may also share data if required by law or to protect the vital interests of any person.

7. Data retention

• Screening results — deleted 7 days after generation unless you save them to an account • Account data — retained while your account is active, deleted within 30 days of account closure • Employer enquiry data — retained for 12 months from last contact, then deleted • Anonymised analytics — retained indefinitely (no personal data)

8. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you • Rectification — correct inaccurate data • Erasure — request deletion of your data • Restrict processing — ask us to limit how we use your data • Data portability — receive your data in a machine-readable format • Object — object to processing based on legitimate interests • Withdraw consent — at any time, without affecting prior processing

To exercise any right, email [email protected]. We will respond within one month.

9. Cookies

We use strictly necessary cookies for authentication (session cookies). We do not use advertising or tracking cookies. If we introduce optional analytics cookies in future, we will obtain your consent before setting them.

10. International transfers

Your data is processed and stored within the UK and EEA. If any sub-processor requires transfer outside this area, we will ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

11. Complaints

If you are unhappy with how we handle your data, please contact us first at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users and posted on this page with an updated date.