This privacy statement describes how DAISY Psychology Services protects and makes use of the information you provide to us. It also informs you of your rights and our responsibilities in the processing and storage of your personal data.
Please contact us if you have any questions about this policy by emailing [email protected]
What information do we collect about you?
We routinely collect information to enable us to work with you safely and effectively. This information also allows us to arrange appointment times and invoice for services rendered in an efficient manner. This routine personal data includes:
• Name, Date of Birth, Gender, Address and GP Details of the young person being considered for an assessment.
• Name of the young person’s educational establishment (where relevant).
• Name(s), address (postal and email), and contact telephone numbers of individuals with parental responsibility.
During the course of our initial appointment and subsequent assessment sessions, we will inevitably also collect a significant amount of personal information relevant to determining whether a young person meets the criteria for a diagnosis of autism-spectrum condition. This information can include:
• Current and previous social and family circumstances.
• Current and previous psychological and physical health of a young person and relevant family members.
• Data acquired through the completion of questionnaires.
• Relevant professional reports from others services that are shared with our service.
How will we use the information about you?
The information that we collect is confidential and allows us to ensure we are an appropriate service for you. Personal data also helps us to arrange appointments, invoice for services rendered and to determine whether a young person meets the criteria for a diagnosis of autism-spectrum condition.
At the end of the assessment process, we will send a copy of the diagnostic report to the young person’s GP to allow an update of their medical record. With parental consent, a copy of the diagnostic report can also be sent to relevant third parties, including education. Where possible, we will always show you the content of written correspondence before sending any information.
Controlling information about you
Any personal information we hold about you as a ‘legitimate interest’ is stored and processed in accordance with The Data Protection Act (1998) and the General Data Protection Regulation (Regulation (EU) 2016/679); adopted on 27th April 2016 and enforced from 25th May 2018. DAISY Psychology Services are also registered with the Information Commissioner’s Office (ICO) who regulate secure and appropriate handling of private data.
Your personal information will be kept for the lifetime of your status as a client with us. After being discharged from our service, clinical data referring to adult clients will be kept for a minimum of five years and data referring to children until their 25th birthday. This is in accordance with the General Medical Council Guidelines and the Department of Health and Social Care.
You have the right to ask for your data to be destroyed after the minimum period of five years, but not before then. DAISY Psychology has the right to retain your data for the five year period so that it can respond effectively to any questions or complaints that may later be raised by you and/or your representatives. We are also able to refuse a request to destroy data if your personal information is needed in the defence or exercise of legal claims.
We will always hold your information securely:
• All paper-based records, including written notes and questionnaires, are kept secure in a locked filing cabinet. • Any personal information that is documented electronically is stored on a computer device using encryption and password protected systems. • Email correspondence is immediately uploaded onto a secure password protected database, following which the email is deleted. Where sensitive information is discussed within a email, the client will be referred to using a previously agreed anonymous form – usually their initials. • Data stored electronically is backed up on a daily basis.
To prevent unauthorised disclosures or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data protection breach, we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. We will also notify all individuals whose data may have been accessed to alert them to the breach and any associated risks.
Both during and following your contact with DAISY Psychology Services, we would be grateful if you could notify us at the earliest opportunity of any personal data changes, including change of name, address, contact details or GP. This will ensure our records are always up to date.
Accessing your information
All individuals who are the subject of personal data held by DAISY Psychology Services are entitled to:
• Ask what information the company holds about them and the reasons for this. • Ask how to gain access to personal information. • Be informed how to keep information accurate and up to date. • Be informed how the company is meeting its data protection regulations.
If you would like to request a copy of the data we hold about you, this is called a subject access request. These requests must be made in writing via email to [email protected]. We will aim to provide the relevant data within 30 days. We will always verify the identity of anyone making a subject access request before disseminating any information.
Disclosing data for any other reasons
In certain circumstances, the Data Protection Act (1998) allows DAISY Psychology Services to disclose personal information (including sensitive data) without first obtaining consent. These circumstances include:
• When our professional opinion is that there is risk of harm to the client or someone else.
• When obtaining consent could cause further harm to the client or someone else, and it is reasonable to process without consent.
• When it is not practical to obtain consent as attempting to do so might delay access to required help to protect vital interests of an individual.
• When personal information is requested by a Court of Law, Coroner’s Office or Professional Body.
• When the data subject has already made the information public, such as through the use of social media.
• When monitoring is required for equal opportunities purposes.
In these situations, we will ensure that any data requests are legitimate and only share information deemed relevant and necessary. We will take all reasonable steps to inform you of what information has been shared and to whom.