Patient Privacy Notice

Who we are

We are Psych Health Limited, a provider of Clinical and Counselling Psychology services. We are registered in England and Wales under company number 6673730. Our registered office and correspondence address is:

Office 7, 35-37 Ludgate Hill, London, EC4M 7JN and our telephone number is 0203 821 1452.

Our email address is: admin@psyhealth.co.uk

Psych Health Limited will be what is known as the ‘Controller’ of the personal data that is provided to us about you or that you may provide to us. We hope that the information in this privacy notice will enable you to understand how and why we use your data but if you have any questions please do not hesitate to contact us.

Why we process your personal data

Depending upon the nature of your referral, we process your personal data for purposes of the provision of health or social care or treatment, preventative or occupational medicine, for medical diagnosis, or the assessment of your working capacity (“the Services”).

The Services may be provided to assist with the diagnosis or treatment of a medical or psychological condition or difficulty, may be related to a claim under permanent health (or other) insurance, or may be to assess your working capacity from an occupational health perspective, depending on the nature of your referral.

Due to the nature of the Services, we are permitted to process data relating to your health which is classified as Special Category Data.

What information will we process?

The types of information that we will process are those that you might expect to be contained in any medical record and will include: your name; date of birth; address; ethnicity; contact information; details of your General Practitioner and other health professionals involved in your care; any letters or information from other organisations that may form part of your referral to us; details of appointments that you attend with one of our clinicians including time, date and location of appointments and the content of appointments; assessment and discharge letters; health or other questionnaires that you may fill out as part of your assessment and/or treatment here; information required for us to invoice the organisation funding your appointments here, for example your Private Medical Insurance provider, membership number and the authorisation code for your appointments; or your bank details if you are funding appointments here yourself or make payments for insurance excesses.

What do we do with the information?

All of your data is processed by our staff in the UK and will be stored electronically on Microsoft’s secure cloud-based platform, whose servers may be in other European Union countries. We do not pass your personal data outside of the European Union.

We have strict policies and procedures in place in respect of information security and are very happy to provide you with further information regarding those systems if you wish.

We may share information about you in the following circumstances:

  1. With the clinician assessing or treating you in order to provide you with a safe and clinically appropriate service and so that we can monitor the service you are receiving to ensure that it meets our standards;
  2. If applicable, with the organisation that is funding your appointments here so that they can, for example, ensure that the treatment meets the terms of your policy or contract with them;
  3. If applicable, with the organisation that is funding your appointments here for invoicing purposes;
  4. If applicable, with the organisation that referred you to us in order for them to be able to provide their service to you or to fulfil the terms of your policy or contract with them;
  5. Your GP, as per best practice;
  6. Other health professionals involved in your care, as per best practice;

Other organisations (“processors”) may have access to and may process your data during the course of their work for us. These are:

  1. The clinician assessing or treating you
  2. Microsoft, our cloud-based storage provider
  3. Our IT support provider, Infinity Group Ltd
  4. Our bank, HSBC Bank Plc
  5. Our accountants, Wilson Stevens Ltd

Is it a legal (statutory or contractual) requirement for you to provide us with your personal data?

In order to provide you with the Services we will need to obtain and process certain personal data (including Special Category Data relating to your health) from you or from a third party referrer.

If you do not permit us to process your data for these purposes we will be unable to provide you (or continue to provide you) with the Services.

There is no statutory requirement for you to provide us with your personal data, but you may be subject to contractual obligations with, for example, your insurer to provide us with access to this data in order to benefit from the cover provided by any policy; or indeed your employer to meet your contractual obligations towards them.

Consent

Our legal basis for processing your data is consent and you have been provided with a separate consent form giving us permission to process your personal data.

You are able to withdraw your consent to our processing the data at any time by contacting Psych Health Limited using the contact details listed above or by telling your clinician. If you withdraw your consent, we may still need to retain a record of our contact with you in order to comply with our legal obligations or to pursue our own legitimate interests, for example in circumstances where invoices need to be sent out or remain due for payment by you, your insurer or another funding party.

If you withdraw your consent we would cease to collect any additional information about you immediately and we would not share any information beyond that required for invoicing or similar purposes, unless we felt that you or anyone else was in any danger, in which case we may be legally required to share information necessary to make that situation safe.

If you withdraw your consent, we would be unable to continue to provide you with the Services.

How long will we keep your information?

In line with NHS guidelines for the retention of medical information, we will keep your data for a period of 30 years after your discharge from this service or 8 years following your death. Details of these guidelines can be found here:

https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016

Your rights and how you can complain

As a “data subject” you have a set of specific rights. We are required to make you aware of the existence of these rights. They are in outline:

  • The right to request from us, as the Data Controller, access to your personal data;
  • The right to request rectification of your personal data;
  • The right to request erasure of your personal data;
  • The right to request a restriction on the processing of your personal data
  • The right to object to the processing of your personal data; and
  • The right to data portability

Your right to complain to the Information Commissioners Office.

You have the right to lodge a complaint about our compliance with the applicable regulator for data protection. is is the Information Commissioners Office. For more information you can visit their website at www.ico.gov.uk

Use of automated decision making or profiling

We do not carry out automated decision making or profiling.