Denise Drysdale Speech Therapy complies with the General Data Protection Regulation (GDPR) and is committed to protecting your personal information. This policy describes our processes for ensuring that personal information about clients and their families is processed lawfully. We detail what information we collect, what with do with this information, how the information is stored, who we may share this information with, the legal grounds for holding and processing personal information and your choices and rights relating to your personal information.
We may update this privacy policy in the future and will inform you of any important changes.
Denise Drysdale Speech Therapy is registered with the Information Commissioners Office (ICO) as a data controller/processer.
Reg number:
Collecting personal information
To provide the most effective and highest standard of input, we require to hold and process sensitive personal information about the client and where necessary the client’s family.
This personal information includes:
Date of birth of client
Address of client
Contact details of parents/carers including name address phone numbers (landline/mobile)
Email address
Name of GP surgery
Name of education establishment
Relevant medical diagnosis and developmental history
Signed consent forms for sharing information stating who information can be shared with
Signed consent forms for photographs/video usage as part of therapy
Paper based therapy notes
Email correspondence
Reports/minutes/other multi-disciplinary information
Sources of personal information:
Information may be gathered from a range of sources which includes:
From client/parent/carer
From other professionals only with parental/carer (and where applicable) client consent
Information may be gathered in a range of forms including:
Verbal communication: face to face, telephone, meetings
Written: email, text, WhatsApp or facebook messenger
Please be aware that email and facebook messenger are not secure ways of sharing personal information and parents do so at their own risk. We will not share personal sensitive data through facebook messenger and advise individuals to email avoiding the use of names and identifiable information i.e. using initials only.
Information sent via facebook messenger will be deleted immediately.
Holding personal information
We will use your sensitive personal data for the purposes of providing our services to you and to comply with a legal obligation.
We will use your non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) collect and recover monies owed to us (iv) to manage our relationship with you, (v) send you details of our goods and services.
Please note: if you like our facebook page we may use this information to deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising.
Lawful basis for processing personal information
Denise Drysdale Speech Therapy's legal grounds for processing your data in relation to points (i) to (iv) above for performance of a contract with you and in relation to (v) above, necessary for our legitimate interests to develop our products/services and grow our business. We also process your data on the grounds of consent when we wish to share client’s personal information with other professions for the best interests of the client.
Sharing data with others
We will share personal information about a client within my system (therapists, contracted associates such as clinical psychologists) in order to share expertise and provide the most effective treatment to individuals.
We will only share personal information with other professionals when is in the best interests of the client. Others who may require to have this information can include:
• GP
• Education establishment
• Educational psychology
• Paid carers
• Social work department
Consent would be required for each instance of sharing information. For example, parent’s written consent is required before the therapist can attend and provide verbal feedback of input at a school meeting or before a report is shared with the GP.
We will not share your details with third parties for marketing purposes.
We may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities
International transfers
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
Where is data stored
Secure password protected computer and hard drives
Retention of data
If you commence input which requires face to face contact (including remote contact such as Teams or Zoom) we open a case file and comply with data retention law relating to children’s records. The law states that children’s records must be kept:
Until the child is 25 (or 26 if they were 17 when treatment ends) or 8 years after their death if sooner.
If the child’s illness could be relevant to an adult condition, or have genetic implications for their family, records must be kept until the client’s death.
We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after you cease to be a client for tax purposes.
You have the right to ask us to delete the personal data we hold about you in certain circumstances.
Your rights
Under GDPR you have the right to obtain information about the personal data we hold/process about you and your child.
You are able to exercise certain rights in relation to your personal data that we process. These are set out in more detail at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.
Any inquiries are sent to my email give on the sit
denisespeechtherapy@icloud.com
Keeping your data up to date
We have a duty to keep your personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.
If there are any changes to your personal data please update me at denisespeechtherapy@icloud.com
Data Breach
We have protocols in place to reduce the risk of a data breach. We have clear guidelines should there be a data breach. We must inform the regulating body (ICO) within 72 hours of any breach. We must also contact the individuals affected.
Data protection complaints
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details and accept the service to view the translations.