Privacy Policy
Privacy Notice for Clients, Service Users, Visitors and the Public
Data Controller: Psicon Ltd
Data Protection Officer (DPO): Kaleidoscope Consultants
Who we are
Psicon Ltd are an independent psychology led health care provider. We specialise in the positive promotion of psychological health and wellbeing to clients throughout the UK, with services predominantly based in Kent and Hampshire.
We offer a number of services to support a range of clients, from individuals and their families to corporations, including health care providers, employers, schools, universities and other centres of education, as well as the courts. We are also contracted to provide NHS services.
What is a Privacy Notice?
A Privacy Notice is a statement issued by Psicon Ltd to clients, service users, visitors and the public. The Privacy Notice describes how we collect, use, retain and disclose the personal information which we hold.
It is sometimes also referred to as a Privacy Statement or Fair Processing Statement. At Psicon Ltd we pride ourselves on integrity and trust, and with upholding the highest standards of privacy and confidentiality, whether you are accessing one of our independent services or an NHS service. This Privacy Notice is part of our commitment to ensure that we process your personal information fairly and lawfully.
Legislation and guidance we adhere to
The key pieces of legislation and guidance that Psicon Ltd adhere to are listed below:
· UK General Data Protection Regulation;
· The Data Protection Act 2018;
· The Human Rights Act 1998;
· The Common Law Duty ofConfidence;
· The Caldicott Principles;
· Information Commissioner's Office Guidance;
· NHS Guidance;
· Other relevant Professional codes of conduct and standards.
All organisations providing care for the NHS or on their behalf must follow the same strict policies and controls. In line with these, Psicon Ltd holds data in accordance with the NHS Records Management Code of Practice, as well as other national guidelines on best practice.
How we collect personal information
We collect personal information from you and from third parties (anyone acting on your behalf, for example, health care providers, case managers, solicitors, your employer and so forth).
We collect personal information from you:
Through your contact with us, including by phone, by email, through our websites, by post, by filling in application or other forms, or face to face (for example, in consultations, diagnosis and treatment).
We also collect information from other people and organisations:
For all of our clients, we may collect information from:
· Your parent or guardian if you are under 18 years old;
· A family member, or someone else acting on your behalf;
· Your GP, and other health care professionals and health care providers;
If we provide you with services through an insurance policy, we may collect information from your insurance provider.
If we provide you with occupational health services, we may collect information from
· Your employer.
· Your employer’s insurance provider, if you are covered by an insurance policy that your employer has taken out.
If we provide you with legal services, we may collect information from your solicitor.
If we provide you with an NHS service under one of our NHS contracts, we may collect information from public sector commissioners who are paying for the services we provide to you.
Categories of personal information
We process two categories of personal information about you:
Standard personal data we may ask you for and hold includes:
· Name
· Date of Birth
· Post code
· Address
· NHS or Hospital/GP details
· Appointment dates and times
Special category data includes:
· Information about your physical and mental health (we may get this information from application forms you have filled in, from notes and reports about your health and any relevant treatment and care you have received from a third party).
· Information about a disability and/or your support needs.
· Information about your race, ethnic origin and religion (we may get this information from your treatment preferences to allow us to provide care that is tailored to your needs).
· Information about any criminal convictions and offences, if relevant.
Purposes for processing your personal information and our legal basis for processing
This privacy information sets out the purposes for which we process your personal information. We have also documented the legal reasons for which we may process your personal information.
Our lawful basis for processing your personal data falls under several legal bases and exemptions under UK GDPR depending on the context, including legitimate interests. The common law duty of confidentiality may also be invoked where you may have consented to a third party to provide us with your personal data (for example, another health care professional, such as your GP has referred you to one of our services).
In regard to special categories of personal data, our lawful exemption to process your personal data relates to article 9 of the GDPR, which is:
· “necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to… conditions and safeguards”. (GDPR, article9(2)(h))
Other legitimate interests we may have in processing your data can include:
· it is necessary to establish, make or defend legal claims (for example if you are a client of our medico-legal service);
· it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a client’s complaint or a regulator telling us about an issue);
· it is in the public interest, in line with any laws that apply;
· we have your permission.
We will only ask you for permission to process your personal information if there is no other legal reason for us to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and will not proceed without your consent.
How to withdraw consent
When the lawful basis used is consent, you are able to withdraw by emailing enquiries@psicon.co.uk. Once we have received notification that they have withdrawn their consent, we will no longer process their information for the purpose or purposes they originally agreed to, unless we inform them that we have another legitimate basis for doing so.
The national data opt-out enables patients to opt out from the use of their data for research or planning purposes. In line with the recommendations, the Caldicott Guardian and the Data Protection Officer will remove anyone who has been opted out from any data disclosures for purposes beyond individual care.
Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-mattersor by calling 0300 303 5678.
Psicon Ltd may from time to time engage in or run research projects aimed at contributing to the wider field of promoting psychological health and wellbeing. If you are involved in any research with us, we will always clearly explain what we intend to do with your personal data and ask for your consent before we process your personal data.
Research projects
Psicon Ltd may from time to time engage in or run research projects aimed at contributing to the wider field of promoting psychological health and wellbeing. If you are involved in any research with us, we will always clearly explain what we intend to do with your personal data and ask for your consent before we process your personal data.
In these circumstances, the research will be ethically approved by the relevant authorities, and any personal data will be anonymised. It may be that your personal data is combined with other people's information for research and statistical purposes. You cannot be identified from this information, and we will only share information in line with legal agreements which set out an agreed and limited purpose, and prevent the information being used for another purpose or commercial gain.
Who will handle your personal data?
Any information you provide to Psicon Ltd will only be made available to people who have a right to it.
All members of staff at Psicon Ltd, clinical and administrative, are bound by very strict professional standard sand rules of confidentiality. They sign a confidentiality agreement which restricts the sharing of any personal information which they may become party to as a result of their employment and we would take any breach of this agreement very seriously.
When will your information be shared?
Some of our services rely on working closely with and coordinating care with other health care professionals or other professionals such as your employer’s occupational health department, your insurance provider, or your solicitor. In order to provide you with the best experience and treatment, we may share information about you with other professionals.
Information sharing is governed by specific rules and laws (including the Common Law duty of confidentiality) and our employees would not share any of your personal data or aspect of your treatment with a third party without your prior consent. The only exception to this would be if they felt that you or someone close to you was in immediate danger of serious harm, or if they were compelled to do so by a legal order.
For our NHS contracts
Psicon Ltd is compelled to provide certain data to the NHS as part of our contract. This includes but is not limited to: address; postcode; telephone number; NHS number; any disabilities and long-term conditions; and the dates and times of your appointments.
For SmartSurvey
We may provide you/your child’s school with the option of submitting an electronic questionnaire through a third party, SmartSurvey. In accordance with the GDPR storage limitation principle, the personal data submitted will be stored by the third party, SmartSurvey, for as long as is necessary for the purpose for which that information is processed. Please see our SmartSurvey Privacy Policy, and Security Statement.
Once your questionnaire/your child’s questionnaire has been received by Psicon Ltd via the third party, the data will be erased from their system and inputted into our patient record system, a patient management program that is securely hosted on the NHS N3network and accessed via Multi Factor Authentication. Responses to this questionnaire will be kept on this secure online server.
How your information is retained and kept safe
Psicon Ltd takes information security and the records management of your personal data very seriously, ensuring that your information is retained in secure electronic and paper records and access is restricted to only those who require it.
The Data Protection Act 2018 and UKGDPR regulate the processing of personal information. Strict principles governour use of personal information and our duty to ensure it is kept safe andsecure. Psicon Ltd is registered with the Information Commissioner's Office(ICO).
Confidentiality
Everyone working for Psicon limited is subject to the Common Law duty of confidentiality and data protection laws. Information provided in confidence will only be used for the purposes to which you consent, unless there are other circumstances covered by the law.
This is reinforced under our internal Confidentiality Policy, where all staff are required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Psicon staff are required to undertake annual training in data protection, confidentiality, information management and record control and information security.
How long we keep your personal information for
We keep your personal information in line with set periods based on the following criteria:
· How long you have been a client with us;
· How long it is reasonable to keep records to show we have met the obligations we have to you and by law;
· Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
If you would like more information on how long we will keep your information for, please contact enquiries@psicon.co.uk
Your Subject Access Rights
You have the certain rights in relation to your personal information listed below:
· The right to be informed: an organisation’s obligation to be transparent of how they use an individual’s personal data (Privacy Notice).
· The right of access; allows individuals to obtain a copy of their personal data (Subject Access).
· The right to rectification: an individual can request their personal data to be rectified if it is in accurate or incomplete.
· The right to erasure: an individual can request the deletion or removal of personal data that is no longer necessary for the purposes of processing. (Right to be forgotten).
· The right to restrict processing: an organisation must stop processing or erase data if the individual's interests override the organisation's legitimate grounds for processing data (where the organisation relies on its legitimate interests as a reason for processing data).
· The right to data portability: allows individuals to obtain and transmit their personal data to another controller.
· The right to object: an individual can request a stop to their data being processed if processing is based on public interest or legitimate interest.
· Rights in relation to automated decision making and profiling: an individual can request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless overridden by legal requirements.
Please note that your rights are not absolute, and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to and provide some information that will help us deal with your request. If we cannot meet your request, we will explain why.
In order to make a request in relation to your subject access rights, please contact enquiries@psicon.co.uk.
Contact Psicon if you have a complaint or concern
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint via email to enquiries@psicon.co.uk
Or you can contact:
Data Protection Officer at Psicon
FAO Kaleidoscope Consultants,
dpo.psicon@kdpc.uk
If you are dissatisfied with your response, you also have a right to make a complaint to the local supervisory authority, which in the UK is the Information Commissioner:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Updates to our Privacy Policy
If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, process and share your personal data.
Further information
Psicon Ltd will handle your personal information in ways that respect your rights and promotes your health and wellbeing. However, if you have any concerns about privacy and confidentiality, or want to know more about the arrangements that Psicon Ltd has put in place to follow the outlined commitment please contact Psicon Ltd on 01227 379099, or at enquires@psicon.co.uk.
Privacy information in relation to our website
We may process data about your use of our website and services ("usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. Our legitimate interests, namely monitoring and improving our website and services.
We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data”). The enquiry data may be processed for the purposes of offering a service. The enquiry data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and services and communications with users.
We may process information contained in or relating to any communication that you send to us ("correspondence data”). This can also include CV’s and/or job applications submitted through our website. The legal basis for this processing is our legitimate interests, namely the proper administration of our recruitment processes. Although we will not hold your personal information once a job vacancy recruitment process has been completed, unless we seek your prior consent to do so.
Linked Policies/Templates
· Staff Confidentiality agreement (template)
· Visitor non-disclosure and confidentiality agreement (template)
· Confidentiality policy
· Consent policy
· Data protection impact assessment policy
· Subject Access Request Policy
· Subject Access Request Form Template
· Complaints and Concerns policy