At Brook we offer a confidential service. This means that we do not talk about your visit to anyone outside Brook without your permission unless you or another young person are in serious danger. If you have any worries or questions about confidentiality, don't hesitate to ask us.
The information on this page will tell you what that means when you are using Brook's services. If you are involved with Brook in other ways then we have separate privacy statements. If you are a stakeholder, such as a supporter or if you receive our newsletter, you can read the relevant privacy statement. If you are a member of Brook staff, or are applying for a job with Brook, you can read the privacy statement.
Read general information about your rights when visiting other sexual health services.
When you use a Brook service, whether that’s by attending a clinic or participating in education programmes, any information you provide will be given to Brook Young People (which is Brook’s full legal name). This means that Brook is the ‘Data Controller’ for your data and we are responsible for keeping it safe. You can find the contact details for Brook’s Data Protection Officer below.
Our promise of confidentiality relates to the organisation as a whole. To make sure that we provide you with the best care members of staff have to share information about you with other members of the Brook team.
When Brook works with another health service provider
Brook services often work together with another Health Service provider in a partnership arrangement. Should this be the case in the service you access, the information about you will be shared with them, but your rights to confidentiality remain exactly the same. You can ask your local service for information on any partners that your data will be shared with.
How will we contact you
We will not send test results or contact you at home unless you have given us your permission. That’s why we always ask if we can write to you at home. It's important that we have some way to contact you so we will always ask if there is another address we can use or some other way to contact you such as email or mobile phone.
We will never leave messages for you with someone else, or on voicemail, unless you have told us that was OK.
Will you contact my doctor?
We won’t tell your family doctor about your visit if you don’t want us to. You might be asked each time you visit us whether it’s OK for us to contact your doctor. If you don’t want your doctor to know you are a client of Brook we would encourage you to contact us if your doctor gives you any medicine just in case it interferes with any contraception we have given you.
Who can see my Brook record?
You can see your records but we won’t show them to anyone else without your permission – even your parents, guardian or carer.
All our staff are specially trained to keep your confidentiality and they have all agreed to stick to our policies.
If you are or others are at risk of serious harm
If we believe that you, or another young person, are at risk of serious harm we may need to talk to other people outside of Brook so that you can get additional support to protect you. We will always discuss this with you first before talking to anyone else.
Violent or criminal behaviour
If a client behaves in a violent, aggressive or anti-social way or commits a crime against another Brook client, a member of staff or against Brook property we may have to call the police and give them the name of the client. We would not give the police any information about the reason for the client’s visit to us.
Required by law
Sometimes we may be required by law to share information about you. This may happen if the police or a court orders us to disclose information.
In some cases people who work for approved organisations who are also legally required to maintain your confidentiality may also have the right to see your records as part of their job. This can happen when an organisation like the Care Quality Commission inspects us to ensure the quality and safety of our services or if an inquiry has been ordered into the serious injury or death of a child or young person.
Female Genital Mutilation (FGM)
In England, if someone aged under 18 tells one of our doctors or nurses that they have experienced Female Genital Mutilation we have to tell the police. We wouldn’t do that without telling you first.
At Brook we want to provide you with the best quality care. To do this we need to keep records about you and the advice and treatment we have given you. The information in your records will include:
We promise that:
Sometimes information about you may be given to us by other organisations. This is the case if you are referred to Brook’s services, for example by another healthcare provider, or a school. Sometimes information may be shared with us by other organisations if they are concerned that you are at risk of harm.
We will use your information to:
We may use your information to:
We use information you give us to help us to plan our services to make sure we meet the needs of local young people, and also to report on our performance to the organisations who fund us and to the Department of Health. When we do this, we only use your information in a way that means you can’t be individually identified.
Sometimes Brook would like to use your information in other ways, but we will only ever do after contacting you, and only if you give your consent. This will include:
In addition to the staff who work in our clinics and education teams, our managers and our small team of data analysts may have access to your data. Everyone who works at Brook has signed an agreement to keep your information confidential.
Paper and electronic records
We store your information in computer systems and in paper records. Paper records are kept in locked cabinets. Electronic records are saved on a secure database.
When we work in partnership with another Health Service provider your electronic record will either be held on a secure database owned by that partner, or the partner will have access to Brook’s database. This is so that the partners can provide you with the best possible care and help to keep you safe. Where information is shared between partners in this way there will always be a contract in place, and both partners are required to keep your information confidential.
Our database of electronic records sits within our IT network. We outsource our IT support services to an external organisation. This company is based within the European Economic Area and they are also required to comply with UK data protection legislation to keep your information safe.
How long do you keep the records?
We follow NHS guidelines for retaining records. This usually means that we keep your records for either 10 years after you last accessed our services or until your 25th birthday, whichever is longer. After that time they are securely destroyed.
Currently there is a national Inquiry into Child Sexual Abuse. Organisations that hold records that may be of use to the Inquiry have been asked not to destroy any records that they have. This means that at the moment, we are required to hold on to your records indefinitely. This will change once the Inquiry tells us that it’s ok to start following standard procedures again.
All staff who have access to your records have been trained to work to the same confidentiality policy where your rights to confidentiality are adhered to.
If you live in an area where we provide a webchat service and you contact us using webchat, our service provider collects your IP address. IP addresses can sometimes be used to trace the location of someone’s computer. No one at Brook can see your IP address - unless we ask to because we’re very concerned about you. We won’t share your IP address with anyone else, unless you agree that we can share it, or there is an important reason why we should share it without your consent, such as if you or another young person is in immediate danger or harm.
At the end of a webchat, you can enter your email and have your webchat transcript sent to you. Your email address is not stored.
We ask for some basic information in every conversation (such as your age, gender and the first part of your postcode), but no one can identify you from this information. This helps us see who we’re helping and how we can improve our service. We may share this data outside of Brook, for example, to promote what we do to funders, or for research purposes.
We won’t ask for identifying information (such as your name, date of birth or address) during a conversation except in exceptional circumstances if we think we would need to share it to keep you safe.
If you share identifying information with us and we’re worried about you, we may store this and potentially share this with someone outside Brook if we believe you or another young person is at immediate risk of harm. This information is stored securely and can only ever be seen by Brook staff who have agreed to our confidentiality policy. These documents will be kept for 10 years, or until your 25th birthday, whichever is longest. When we destroy these documents, they are destroyed in a way that means that no one else can read them.
We will only ever share identifying information about you if we think you or another young person is at immediate risk of serious harm. We will talk to you about this first and give you as much control over what happens next as we possibly can. We understand the sort of situations you might be in and we are here to listen to you and support you.
Asking for your data from webchat services
It’s not possible for us to send someone their message history or the demographic data we hold about them, because none of this is linked to identifiable information and so we can’t know for certain that it’s yours. Without this, we risk giving out the wrong information to someone.
You may have heard of the General Data Protection Regulations (GDPR). This legislation means that Brook is legally required to protect the information you give us. We also need to tell you how and why we use your data (which we’ve done above), and you have certain rights in relation to your data.
The legal basis for Brook processing your information is ‘legitimate interests’. This means that Brook can legally process your information if we have a genuine and legitimate reason, and we’re not harming any of your rights and interests. When you access a Brook service, our legitimate interest for processing your personal data is so that we can provide you with the healthcare services that you have asked for and need. Full details of how we use your information is available above.
Some of the information you share with us may be sensitive – for example information about your health. Brook is able to process your sensitive data as it is necessary for medical purposes, and the processing is undertaken by health professionals and others with a duty of confidentiality to you.
Under the GDPR, you have rights in relation to your data. For example, you have the right to be informed about how we collect and use your data. This page is here to provide you with this information. You can also pick up a leaflet from your local service, or contact our Data Protection Officer if you need further information.
You also have the right to access your data. You can see the information we hold about you by making a request to access your data either at one of our reception desks, or by emailing firstname.lastname@example.org. In your email please tell us which Brook service you attend. We will then give you a form to fill in so that we can provide you with the right data. We will respond to your request within one month.
If you think that there are mistakes in your record, you have the right to request that these be corrected or noted.
Under the GDPR you have the right to object to the processing of your personal data. However, it’s essential that Brook keeps records about you in order to provide you with safe and effective care. This means that if you object to Brook processing your data then unfortunately we won’t be able to provide you with our services.
Brook Young People is registered with the Information Commissioner’s Office as a Data Controller (registration number ZA022088).
If you have any questions about the use of your data you can contact Brook’s Data Protection Officer at email@example.com or you can write to us at Data Protection Officer, Brook, 81 London Road, Liverpool, L2 8JA.
You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. It would be helpful if you contact Brook’s Data Protection Officer in the first instance so we can try to fix the problem.
If you remain dissatisfied, you may then wish to contact our supervisory authority, the Information Commissioner’s Office (ICO). You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 0303 123 1113; www.ico.org.uk/concerns.
We will regularly review this privacy notice. Please do check this page for updates.
Every internet browser keeps a record of where you’ve visited on the internet (known as your browsing history) but if you don’t want someone to know you’ve been using the Brook website or Ask Brook, you can clear this.
How to clear your browser history in Safari:
On a computer:
On an iPhone or iPad:
How to clear your browser history in Google Chrome:
On a computer:
On an Android device:
On an iPhone or iPad:
How to clear browser history in Internet Explorer:
How to clear your browser history in Firefox:
On a computer: