Who we are
We are Psych Health Limited, a provider of Clinical and Counselling Psychology services. We are registered in England and Wales under company number 6673730. Our registered office and correspondence address is: Psych Health, Office 7, 35-37 Ludgate Hill, London, EC4M 7JN and our telephone number is 020 3821 1452. Our email address is: firstname.lastname@example.org
Psych Health Limited will be what is known as the ‘Controller’ of the personal data that is provided to us about you or that you may provide to us. We hope that the information in this privacy notice will enable you to understand how and why we use your data but if you have any questions, please do not hesitate to contact us.
Why we process your personal data
Depending upon the nature of your referral, we process your personal data for purposes of the provision of health or social care or treatment, preventative or occupational medicine, for medical diagnosis, or the assessment of your working capacity (“the Services”).
The Services may be provided to assist with the diagnosis or treatment of a medical or psychological condition or difficulty, may be related to a claim under permanent health (or other) insurance, or may be to assess your working capacity from an occupational health perspective, depending on the nature of your referral.
Due to the nature of the Services, we are permitted to process data relating to your health which is classified as Special Category Data. Our clinicians are all fully registered with their professional bodies, and as such they are subject to the obligation of professional secrecy under rules established by a national competent body and thus are permitted to process special category personal data.
What information will we process?
The types of information that we will process are those that you might expect to be contained in any medical record and will include: your name; date of birth; address; ethnicity; contact information; details of your General Practitioner and other health professionals involved in your care; any letters or information from other organisations that may form part of your referral to us; details of appointments that you attend with one of our clinicians including time, date and location of appointments and the content of appointments; assessment and discharge summaries; health or other questionnaires that you may fill out as part of your assessment and/or treatment here; information required for us to invoice the organisation funding your appointments here, for example your Private Medical Insurance provider, membership number and the authorisation code for your appointments; or your bank details if you are funding appointments here yourself or make payments for insurance excesses.
What do we do with the information?
All of your data is processed by our staff in the UK and will be stored electronically on Microsoft’s secure cloud-based platform, whose servers may also be in European Union countries. We do not pass your personal data outside of the European Union.
We have strict policies and procedures in place in respect of information security and are very happy to provide you with further information regarding those systems if you wish.
We may share information about you in the following circumstances:
With the clinician assessing or treating you in order to provide you with a safe and clinically appropriate service and so that we can monitor the service you are receiving to ensure that it meets our standards;
If applicable, with the organisation that is funding your appointments here so that they can, for example, ensure that the treatment meets the terms of your policy or contract with them;
If applicable, with the organisation that is funding your appointments here for invoicing purposes;
If applicable, with the organisation that referred you to us in order for them to be able to provide their service to you or to fulfil the terms of your policy or contract with them;
Your GP, as per best practice;
Other health professionals involved in your care, as per best practice;
Our parent company, Health Partners Group Ltd, who provide operational, administrative and IT services to us.
Other organisations (“processors”) may have access to and may process your data during the course of their work for us. These are:
The clinician assessing or treating you;
Microsoft, our cloud-based storage provider;
Health Partners Ltd, our parent company;
Our bank, HSBC Bank Plc, if you are paying us directly;
Healthcode Limited (“Healthcode”) and Patient Zone Limited (Patientzone), may process data to manage payments you need to make, such as (but not limited to) excess payments, additional sessions, cancellations, or ‘no shows’ on our behalf. By choosing to use the Psych Health service, you are agreeing to these terms.
We may also use your data in anonymised form for the purposes of audit and service improvement.
Is it a legal (statutory or contractual) requirement for you to provide us with your personal data?
In order to provide you with the Services we will need to obtain and process certain personal data (including Special Category Data relating to your health) from you or from a third-party referrer.
If you do not permit us to process your data for these purposes, we will be unable to provide you (or continue to provide you) with the Services.
There is no statutory requirement for you to provide us with your personal data, but you may be subject to contractual obligations with, for example, your insurer to provide us with access to this data in order to benefit from the cover provided by any policy; or indeed your employer to meet your contractual obligations towards them.
Our legal basis for processing your data is ‘legitimate interests’, and we have carried out a Legitimate Interests Assessment.
Examples of the legitimate interests that we have identified are for us to be able to provide you with a safe and appropriately governed service; for us to enable our clinicians to comply with their legal duty to maintain adequate records; for us to maintain records sufficient to be able to respond adequately to complaints within the context of service improvement and governance; and for billing/invoicing purposes.
How long will we keep your information?
In line with NHS guidelines for the retention of mental health records, including psychology records, we will keep your data for a period of 20 years after your discharge from this service or 10 years following your death. These guidelines are contained within the Records Management Code of Practice 2021, and can be found here:
Your rights and how you can complain
As a “data subject” you have a set of specific rights. We are required to make you aware of the existence of these rights. They are in outline:
• The right to request from us, as the Data Controller, access to your personal data;
• The right to request rectification of your personal data;
• The right to request erasure of your personal data (this does not equate to the right to have data erased);
• The right to request a restriction on the processing of your personal data;
• The right to object to the processing of your personal data; and
• The right to data portability.
Your right to complain to the Information Commissioners Office
You have the right to lodge a complaint about our compliance with the applicable regulator for data protection.
This is the Information Commissioners Office. For more information you can visit their website at https://ico.org.uk/
Use of automated decision making or profiling
We do not carry out automated decision making or profiling.