Got a question?

Use the Ask Brook 24/7 tool to answer your query or search FAQs

Find a service

Search for your nearest Brook sexual health service here

Privacy and confidentiality

All young people have a right to confidential sexual health advice and services.

Confidentiality at Brook

At Brook we offer a confidential service. This means that we do not talk about your visit to anyone outside Brook without your permission unless you or another young person are in serious danger. If you have any worries or questions about confidentiality, don't hesitate to ask us.

The information on this page will tell you what that means when you are using Brook's services. If you are involved with Brook in other ways then we have separate privacy statements. If you are a stakeholder, such as a supporter or if you receive our newsletter, you can read the relevant privacy statement. If you are a member of Brook staff, or are applying for a job with Brook, you can read the privacy statement.

Read general information about your rights when visiting other sexual health services.

At Brook we have a Caldicott Guardian, this is a senior staff memeber responsible for protecting the confidentiality of people's health and care information and making sure it is used properly. If you need to contact the Caldicott Guardian please email dataprotection@brook.org.uk.

How we use your information when visiting a Brook service

When you use a Brook service, whether that’s by attending a clinic or participating in education programmes, any information you provide will be given to Brook Young People (which is Brook’s full legal name). This means that Brook is the ‘Data Controller’  for your data and we are responsible for keeping it safe. You can find the contact details for Brook’s Data Protection Officer below.

Our promise of confidentiality relates to the organisation as a whole. To make sure that we provide you with the best care members of staff have to share information about you with other members of the Brook team.

When Brook works with another health service provider

Brook services often work together with another Health Service provider in a partnership arrangement. Should this be the case in the service you access, the information about you will be shared with them, but your rights to confidentiality remain exactly the same. You can ask your local service for information on any partners that your data will be shared with.

How will we contact you

We will not send test results or contact you at home unless you have given us your permission. That’s why we always ask if we can write to you at home. It's important that we have some way to contact you so we will always ask if there is another address we can use or some other way to contact you such as email or mobile phone.

We will never leave messages for you with someone else, or on voicemail, unless you have told us that was OK.

We may be able to send you a text with your STI test results. If we can do this at the service you are visiting, we will tell you first. Where we use an external SMS provider, we will make sure they won’t share your phone number or use it for anything else.

Will you contact my doctor?

We won’t tell your family doctor about your visit if you don’t want us to. You might be asked each time you visit us whether it’s OK for us to contact your doctor. If you don’t want your doctor to know you are a client of Brook we would encourage you to contact us if your doctor gives you any medicine just in case it interferes with any contraception we have given you.

Who can see my Brook record?

You can see your records but we won’t show them to anyone else without your permission – even your parents, guardian or carer. 

All our staff are specially trained to keep your confidentiality and they have all agreed to stick to our policies.

Are there any exceptions?

If you are or others are at risk of serious harm

If we believe that you, or another young person, are at risk of serious harm we may need to talk to other people outside of Brook so that you can get additional support to protect you. We will always discuss this with you first before talking to anyone else.

Violent or criminal behaviour

If a client behaves in a violent, aggressive or anti-social way or commits a crime against another Brook client, a member of staff or against Brook property we may have to call the police and give them the name of the client. We would not give the police any information about the reason for the client’s visit to us.

Required by law

Sometimes we may be required by law to share information about you. This may happen if the police or a court orders us to disclose information.


In some cases people who work for approved organisations who are also legally required to maintain your confidentiality may also have the right to see your records as part of their job. This can happen when an organisation like the Care Quality Commission inspects us to ensure the quality and safety of our services or if an inquiry has been ordered into the serious injury or death of a child or young person.

Female Genital Mutilation (FGM)

In England, if someone aged under 18 tells one of our doctors or nurses that they have experienced Female Genital Mutilation we have to tell the police.  We wouldn’t do that without telling you first.

STI Treatment

Sometimes we are contacted by STI testing providers to ask if specific people have come to us for treatment. If you have been to us for treatment and the testing provider gets in touch, we would confirm you had been treated. We would not provide any further information.

What information do we collect about you and why?

At Brook we want to provide you with the best quality care. To do this we need to keep records about you and the advice and treatment we have given you. The information in your records will include:

  • basic details about you, such as your name, date of birth and contact details;
  • contacts we have had with you, such as clinic visits;
  • notes about your health;
  • details of the advice and treatment (e.g. contraceptive pills) we have given you;
  • results of tests we have taken;
  • information about any risks to your safety.

We promise that:

  • we will only collect the information we need to provide you with the service you want and to keep you safe;
  • we will keep your information secure and protect it from being lost, damaged, or being seen by people who aren’t allowed to see it;
  • we will keep your information up to date and accurate – this means that you need to give us accurate information and let us know if your information changes;
  • we won’t keep your information for any longer than we need.

Sometimes information about you may be given to us by other organisations. This is the case if you are referred to Brook’s services, for example by another healthcare provider, or a school.  Sometimes information may be shared with us by other organisations if they are concerned that you are at risk of harm.

How your records are used

We will use your information to:

  • decide the best advice and treatment to give you;
  • check if you (or anyone else) is in serious danger;
  • assess the type and quality of care you have received.

We may use your information to:

  • investigate your concerns if you need to complain about our services;
  • refer you to another support service (in consultation with you);
  • check the quality of care we provide (this is known as clinical audit and involves us reviewing client records.  This is done in such a way that you can’t be individually identified);
  • investigate serious incidents (this is when we notice that something has gone wrong, or nearly went wrong, with the service we provide to you);

​We use information you give us to help us to plan our services to make sure we meet the needs of local young people, and also to report on our performance to the organisations who fund us and to the Department of Health. When we do this, we only use your information in a way that means you can’t be individually identified.

Sometimes Brook would like to use your information in other ways, but we will only ever do after contacting you, and only if you give your consent. This will include:

  • conducting health research and development;
  • communicating publically about the difference that we make to young people. This would never be done in a way that would identify individual young people without their explicit permission.

In addition to the staff who work in our clinics and education teams, our managers and our small team of data analysts may have access to your data. Everyone who works at Brook has signed an agreement to keep your information confidential.

How do we store your records?

Paper and electronic records

We store your information in computer systems and in paper records. Paper records are kept in locked cabinets. Electronic records are saved on a secure database.

When we work in partnership with another Health Service provider your electronic record will either be held on a secure database owned by that partner, or the partner will have access to Brook’s database.  This is so that the partners can provide you with the best possible care and help to keep you safe.  Where information is shared between partners in this way there will always be a contract in place, and both partners are required to keep your information confidential.

Our database of electronic records sits within our IT network. We outsource our IT support services to an external organisation. This company is based within the European Economic Area and they are also required to comply with UK data protection legislation to keep your information safe.

How long do you keep the records?

We follow NHS guidelines for retaining records.  This usually means that we keep your records for either 10 years after you last accessed our services or until your 25th birthday, whichever is longer. After that time they are securely destroyed.

Currently there is a national Inquiry into Child Sexual Abuse.  Organisations that hold records that may be of use to the Inquiry have been asked not to destroy any records that they have.  This means that at the moment, we are required to hold on to your records indefinitely.  This will change once the Inquiry tells us that it’s ok to start following standard procedures again.

All staff who have access to your records have been trained to work to the same confidentiality policy where your rights to confidentiality are adhered to.

Webchat and what we collect


If you live in an area where we provide a webchat service and you contact us using webchat, our service provider collects your IP address. IP addresses can sometimes be used to trace the location of someone’s computer. No one at Brook can see your IP address - unless we ask to because we’re very concerned about you. We won’t share your IP address with anyone else, unless you agree that we can share it, or there is an important reason why we should share it without your consent, such as if you or another young person is in immediate danger or harm.

At the end of a webchat, you can enter your email and have your webchat transcript sent to you. Your email address is not stored.

Identifying information

We ask for some basic information in every conversation (such as your age, gender and the first part of your postcode), but no one can identify you from this information. This helps us see who we’re helping and how we can improve our service. We may share this data outside of Brook, for example, to promote what we do to funders, or for research purposes. 

We won’t ask for identifying information (such as your name, date of birth or address) during a conversation except in exceptional circumstances if we think we would need to share it to keep you safe.

If you share identifying information with us and we’re worried about you, we may store this and potentially share this with someone outside Brook if we believe you or another young person is at immediate risk of harm. This information is stored securely and can only ever be seen by Brook staff who have agreed to our confidentiality policy. These documents will be kept for 10 years, or until your 25th birthday, whichever is longest. When we destroy these documents, they are destroyed in a way that means that no one else can read them.

We will only ever share identifying information about you if we think you or another young person is at immediate risk of serious harm. We will talk to you about this first and give you as much control over what happens next as we possibly can. We understand the sort of situations you might be in and we are here to listen to you and support you.

Asking for your data from webchat services

It’s not possible for us to send someone their message history or the demographic data we hold about them, because none of this is linked to identifiable information and so we can’t know for certain that it’s yours. Without this, we risk giving out the wrong information to someone. 

Your rights

You may have heard of the General Data Protection Regulations (GDPR). This legislation means that Brook is legally required to protect the information you give us.  We also need to tell you how and why we use your data (which we’ve done above), and you have certain rights in relation to your data.

The legal basis for Brook processing your information is ‘legitimate interests’. This means that Brook can legally process your information if we have a genuine and legitimate reason, and we’re not harming any of your rights and interests.  When you access a Brook service, our legitimate interest for processing your personal data is so that we can provide you with the healthcare services that you have asked for and need. Full details of how we use your information is available above.

Some of the information you share with us may be sensitive – for example information about your health. Brook is able to process your sensitive data as it is necessary for medical purposes, and the processing is undertaken by health professionals and others with a duty of confidentiality to you.

Under the GDPR, you have rights in relation to your data.  For example, you have the right to be informed about how we collect and use your data. This page is here to provide you with this information. You can also pick up a leaflet from your local service, or contact our Data Protection Officer if you need further information.

You also have the right to access your data. You can see the information we hold about you by making a request to access your data either at one of our reception desks, or by emailing dataprotection@brook.org.uk. In your email please tell us which Brook service you attend. We will then give you a form to fill in so that we can provide you with the right data. We will respond to your request within one month.

If you think that there are mistakes in your record, you have the right to request that these be corrected or noted.

Under the GDPR you have the right to object to the processing of your personal data. However, it’s essential that Brook keeps records about you in order to provide you with safe and effective care.  This means that if you object to Brook processing your data then unfortunately we won’t be able to provide you with our services.

Further information and contact

Brook Young People is registered with the Information Commissioner’s Office as a Data Controller (registration number ZA022088).

If you have any questions about the use of your data you can contact Brook’s Data Protection Officer at dataprotection@brook.org.uk or you can write to us at Data Protection Officer, Brook, 81 London Road, Liverpool, L2 8JA.

You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. It would be helpful if you contact Brook’s Data Protection Officer in the first instance so we can try to fix the problem.

If you remain dissatisfied, you may then wish to contact our supervisory authority, the Information Commissioner’s Office (ICO).  You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 0303 123 1113; www.ico.org.uk/concerns.

We will regularly review this privacy notice. Please do check this page for updates.

How to prevent people finding out you've visited this website

Every internet browser keeps a record of where you’ve visited on the internet (known as your browsing history) but if you don’t want someone to know you’ve been using the Brook website or Ask Brook, you can clear this.

How to clear your browser history in Safari:

On a computer:

  • Open the Safari menu. It could be an icon or a button
  • Choose History
  • Select Clear history and website data
  • From the drop-down menu, select how much history you want to delete
  • Click Clear history

On an iPhone or iPad:

  • Touch the bookmarks icon
  • Touch History
  • At the bottom, touch Clear and select how much history you want to delete

How to clear your browser history in Google Chrome:

On a computer:

  • In the top-right corner of the browser window, click the Chrome menu
  • Click History and Show full history
  • Click the button Clear browsing data. A dialogue will appear
  • From the drop-down menu, select how much history you want to delete. To clear your entire browsing history, select the beginning of time
  • Tick the boxes for the data that you want Chrome to clear, including Browsing history
  • Click the button Clear browsing data

On an Android device:

  • Open the Chrome menu. It could be an icon or a button
  • Touch History
  • At the bottom, touch Clear Browsing Data
  • Tick the box Clear browsing history. It may be ticked by default
  • Untick any other boxes that you don't want to delete
  • Touch Clear

On an iPhone or iPad:

  • Open the Chrome menu
  • Touch History
  • At the bottom, touch Clear Browsing Data
  • Touch Clear Browsing History
  • Confirm your choice
  • Touch Done

How to clear browser history in Internet Explorer:

  • Click on the Tools menu (this looks like a little cog)
  • Select Internet options in the dropdown and a box will appear offering you several choices, you will already be in the General section and that's where you want to be
  • In the section marked Browsing history make sure the Delete browsing history on exit box is checked and click on the Delete button
  • A box will pop up, asking you if you want to delete all items in your history, you can then select which items of your history you would like to delete and click Delete.
  • Click OK to close the Internet Options box.

How to clear your browser history in Firefox:

On a computer:

  • Click the menu button, choose History 
  • Click Clear Recent History
  • Select how much history you want to clear from the drop-down menu 
  • Click the arrow next to Details to select exactly what information will get cleared
  • Finally, click the Clear Now button. The window will close and the items you've selected will be cleared

About cookies

Cookies are small text files placed on your computer by websites you visit. They are widely used to make websites work more efficiently for visitors, and to provide information to the owners of the site. 

We use cookies on the Brook website to track how users navigate through the website. This helps us to evaluate and improve it and our online services.

Page last reviewed: May 2018
Next review due: May 2019