Privacy Notice for Clients, Service Users, Visitors and the Public
Who we are
Psicon Ltd are an independent psychology led health care provider. We specialise in the positive promotion of psychological health and wellbeing to clients throughout the UK, with services predominantly based in Kent, Surrey, and Hampshire.
We offer a number of services to support a range of clients, from individuals and their families to corporations, including health care providers, employers, schools, universities and other centres of education, as well as the courts. We are also contracted to provide NHS services.
What is a Privacy Notice
A Privacy Notice is a statement issued by Psicon Ltd to clients, service users, visitors and the public. The Privacy Notice describes how we collect, use, retain and disclose the personal information which we hold.
Legislation and guidance we adhere to
The key pieces of legislation and guidance that Psicon Ltd adhere to are listed below:
- General Data Protection Regulations (from 25th May 2018);
- The Data Protection Act 2018;
- The Human Rights Act 1998;
- The Common Law Duty of Confidence;
- The Caldicott Principles;
- Information Commissioner's Office Code of Practice;
- NHS Digital (formerly Health and Social Care Information Centre) Guidance;
- Information Governance Alliance;
- The NHS and Social Care Record Guarantees for England;
- Other relevant Professional codes of conduct and standards.
All organisations providing care for the NHS or on their behalf must follow the same strict policies and controls. In line with these, Psicon Ltd holds data in accordance with the Data Protection Act 2018, NHS Digital Guidance the The NHS and Social Care Record Guarantees for England, as well as other national guidelines on best practice.
How we collect personal information
We collect personal information from you and from third parties (anyone acting on your behalf, for example, health care providers, case- managers, solicitors, your employer and so forth).
We collect personal information from you:
Through your contact with us, including by phone, by email, through our websites, by post, by filling in application or other forms, or face to face (for example, in consultations, diagnosis and treatment).
We also collect information from other people and organisations:
For all of our clients, we may collect information from:
- Your parent or guardian if you are under 18 years old;
- A family member, or someone else acting on your behalf;
- Your GP, and other health care professionals and health care providers;
If we provide you with services through an insurance policy, we may collect information from your insurance provider.
If we provide you with occupational health services, we may collect information from:
- Your employer
- Your employers insurance provider, if you are covered by an insurance policy that your employer has taken out
If we provide you with legal services, we may collect information from your solicitor.
If we provide you with an NHS service under one of our NHS contracts, we may collect information from public sector commissioner’s who are paying for the services we provide to you.
Categories of personal information
We process two categories of personal information about you:
- Standard personal information (for example, information we use to contact and identify you)
- Special categories information (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your care)
Standard personal information we may ask you for and hold includes:
- Date of Birth
- Post code
- NHS or Hospital/GP details
- Appointment dates and times
Special category information includes:
- Information about your physical and mental health (we may get this information from application forms you have filled in, from notes and reports about your health and any relevant treatment and care you have received from a third party)
- Information about a disability and/or your support needs
- Information about your race, ethnic origin and religion (we may get this information from your treatment preferences to allow us to provide care that is tailored to your needs)
- Information about any criminal convictions and offences, if relevant.
Purposes for processing your personal information and our legal basis for processing
This privacy information sets out the purposes for which we process your personal information. We have also documented the legal reasons for which we may process your personal information.
We normally process standard personal information as a necessary prerequisite to provide our services.
Our lawful grounds for processing your personal information falls under the ‘Common Law Duty of Confidentiality’ whereby you may have consented to a third party to provide us with your personal information (for example, another health care professional, such as your GP has referred you to one of our services). Another lawful grounds for processing is when the processing will be in ours or a third parties legitimate interests.
In regards to special categories information, our lawful reason for processing your personal information relates to article 9 of the GDPR, which is:
- “that it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance).” (GDPR, article 9)
Other legitimate reasons we may have for processing your data can include:
- it is necessary to establish, make or defend legal claims (for example if you are a client of our medico-legal service);
- it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a client’s complaint or a regulator telling us about an issue);
- it is in the public interest, in line with any laws that apply;
- we have your permission.
We will only ask you for permission to process your personal information if there is no other legal reason for us to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and will not proceed without your consent. For example, in our IAPT NHS service, we will ask if you consent to your personal data being securely transferred to the Department of Health for statistical use that is in the national interest.
Psicon Ltd may from time to time engage in, or run research projects aimed at contributing to the wider field of promoting psychological health and wellbeing. If you are involved in any research with us, we will always clearly explain what we intend to do with your personal data and ask for your consent before we process your personal data.
In these circumstances, the research will be ethically approved and any personal identifiable information will be anonymised. It may be that your personal information is combined with other people's information for research and statistical purposes. You cannot be identified from this information and we will only share information in line with legal agreements which set out an agreed and limited purpose, and prevent the information being used for another purpose or commercial gain.
Who will handle your personal data?
Any information you provide to Psicon Ltd will only be made available to people who have a right to it.
All members of staff at Psicon Ltd, clinical and administrative, are bound by very strict professional standards and rules of confidentiality. They sign a confidentiality agreement which restricts the sharing of any personal information which they may become party to as a result of their employment and we would take any breach of this agreement very seriously should one ever occur.
Everyone working for Psicon limited is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes to which you consent, unless there are other circumstances covered by the law.
This is reinforced under our internal Confidentiality Code of Conduct, where all staff are required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Psicon staff are required to undertake annual training in data protection, confidentiality, information management and record control and information security.
When will your information be shared?
Some of our services rely on working closely with, and coordinating care with other health care professionals or other professionals such as your employers occupational health department, your insurance provider or your solicitor.
Information sharing is governed by specific rules and laws (including the Common Law Duty of Confidentiality) and our employees would not share any of your personal data or aspect of your treatment with a third party without your prior consent. The only exception to this would be if they felt that you or someone close to you was in immediate danger of serious harm, or if they were compelled to do so by a legal order.
For our NHS contracts
Psicon Ltd is compelled to provide certain data to the NHS as part of our contract. This includes but is not limited to: address; postcode; telephone number; NHS number; any disabilities and long term conditions; and the dates and times of your appointments.
Self referrals to our NHS IAPT service
How your information is retained and kept safe
Psicon Ltd takes information security and the records management of your personal data very seriously, ensuring that your information is retained in secure electronic and paper records and access is restricted to only those who require it.
The Data Protection Act 2018 and the new GDPR regulations (from 25th May 2018) regulates the processing of personal information. Strict principles govern our use of personal information and our duty to ensure it is kept safe and secure. Psicon Ltd is registered with the Information Commissioner's Office (ICO). Details of our registration can be found on https://ico.org.uk/esdwebpages/search - enter our registration number Z7247557 and click ‘search register’.
How long we keep your personal information for
We keep your personal information in line with set periods based on the following criteria:
- How long you have been a client with us;
- How long it is reasonable to keep records to show we have met the obligations we have to you and by law;
- Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
If you would like more information on how long we will keep your information for, please contact email@example.com
Access to your personal information
This is also known and referred to as your 'subject access rights'.
You have the certain rights in relation to your personal information listed below:
- Right of access: the right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness the use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you with a service
Please note that your rights are not absolute. They do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to and provide some information that will help us deal with your request. If we cannot meet your request, we will explain why.
In order to make a request in relation to your subject access rights, please contact firstname.lastname@example.org
Contact Psicon if you have a complaint or concern
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint via email to email@example.com
Or you can write to:
Data Protection at Psicon
FAO Dr. Daniel Simmonds
15 New Dover Road
Kent CT1 3AS
If you are dissatisfied with your response, you also have a right to make a complaint to the local supervisory authority, which in the UK is the Information Commissioner:
Information Commissioner’s Office
Cheshire SK9 5AF
Psicon Ltd will handle your personal information in ways that respect your rights and promotes your health and wellbeing. However, if you have any concerns about privacy and confidentiality, or want to know more about the arrangements that Psicon Ltd has put in place to follow the outlined commitment please contact our Data Protection Officer (DPO) at firstname.lastname@example.org
Privacy information in relation to our website
Personal data from the website
We may process data about your use of our website and services ("usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. Our legitimate interests, namely monitoring and improving our website and services.
We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data”). The enquiry data may be processed for the purposes of offering a service. The enquiry data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and services and communications with users.
We may process information contained in or relating to any communication that you send to us ("correspondence data”). This can also include CV’s and/or job applications submitted through our website. The legal basis for this processing is our legitimate interests, namely the proper administration of our recruitment processes. Although we will not hold your personal information once a job vacancy recruitment process has been completed, unless we seek your prior consent to do so.