Data Processing and GDPR

Data Processing and GDPR

Last updated: March 2026

This page provides technical clarity on how MindHaven processes data and complies with UK GDPR. It is specifically intended for councils, institutions, and procurement review.

1. Data Protection Approach

MindHaven follows a data minimisation principle. We collect and process only data necessary to provide services. We do not engage in surveillance based modelling or behavioural profiling.

2. ComfortScore Methodology

ComfortScore is derived exclusively from open environmental and infrastructure data. It does not use personal tracking, does not analyse user behaviour, does not infer medical or health conditions, and does not build psychological profiles. It measures structural environmental characteristics only.

3. Personal Data Categories Processed

Where users create accounts or make bookings, we may process contact information, booking information, and voluntarily submitted accessibility notes. No special category health data is intentionally collected. If voluntarily provided, such information is processed solely to fulfil booking requirements.

4. Lawful Basis Under UK GDPR

Processing is based on Article 6(1)(b) contractual necessity, Article 6(1)(f) legitimate interest, and Article 6(1)(a) consent where applicable. Special category data is not systematically processed.

5. Data Security Measures

MindHaven applies secure hosting infrastructure, encrypted communication via HTTPS, access controls, role based data access, and regular security updates.

6. Data Retention

Data is retained only for operational purposes, legal compliance, and dispute resolution. Users may request deletion at any time.

7. Data Subject Rights

Users have the right to access personal data, rectify inaccurate data, request erasure, restrict processing, and object to processing. Requests may be submitted via email to hello@mindhavenuk.com

8. Institutional Partnerships

Where councils or institutions licence ComfortScore insights, no personal user data is transferred, aggregated and anonymised environmental analysis may be provided, and no identifiable individual data is shared. MindHaven does not act as a data broker.

9. Contact and Regulatory Authority

For data protection enquiries: hello@mindhavenuk.com

Supervisory authority: Information Commissioner’s Office, United Kingdom. https://www.ico.org.uk