1.1 We are committed to safeguarding the privacy of our website visitors and service users.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls via http://www.newarkpsychology.co.uk/privacy-policy
1.5 In this policy, "we", "us" and "our" refer to Flourish Psychological Services Ltd.
2.1 This document was created using a template from SEQ Legal (https://seqlegal.com).
3. How we use your personal data
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
3.2 We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
3.3 We may process your account data ("account data"). The account data may include your name and email address. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you, eg, to arrange an appointment, etc. The legal basis for this processing our legitimate interests, namely the proper administration of our website and business.
3.4 We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, age, educational details and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.5 We may process your personal data that are provided in the course of the use of our services ("service data"). The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you, eg, to arrange appointments, etc. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
3.6 We may process information that you post for publication on our website or through our services ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing our legitimate interests, namely the proper administration of our website and business.
3.7 We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. We also use this information to audit the types of referrals we receive in order to develop our business plan and strategy. The legal basis for this processing is a legitimate interest, namely the proper administration of our website and business.
3.8 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card/banking details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
3.9 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you, record-keeping and audit (as set out in 3.7). The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
3.10 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.11 When you are a patient or client of our service, we record all of your treatment and details of your appointment so that your treatment can be planned.
3.12 In addition to the personal information above, we may also collect sensitive information in relation to: medical conditions (where applicable), prescribed medication, psychological history and current presentation, sexuality, offences (where applicable).
3.13 Please do not supply any other person's personal data to us, unless we prompt you to do so.
4. Providing your personal data to others
4.1 In most cases we will not disclose personal data without your consent, although there are some exceptions to this.
4.2 Your information may be shared with others if they are directly involved in your care, eg, your insurer if they are funding your treatment, your GP, or others involved in your care. We will discuss with you who we would discuss your care with and what details we would share with them. More information on confidentiality is included in our terms and conditions which are provided to patients/clients.
4.3 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.4 Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Information is shared to the degree necessary for accounting and tax purposes.
4.5 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. If we become aware of your intent to cause harm to another person/organisation, the law may require that we inform an authority without seeking your permission. In such a situation, the law may require that we share your personal information without your knowledge. If your health is in jeopardy - with your agreement - we may share your information with an emergency healthcare service such as a Mental Health Crisis Team.
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. All personal information provided is stored in compliance with EU General Data Protection Regulation (GDPR) rules.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will retain your personal data as follows:
(a) personal data obtained from enquiries for our service, eg, from our 'contact us' form will be retained for a minimum period of 1 year following collection.
5.4 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. Where you engage in a therapeutic contract with us, we will retain your information as set out in the NHS Code of Practice for Records Management (Records Management Code of Practice for Health and Social Care, 2016), for a minimum period of 8 years following discharge from our service.
5.5 Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 We may notify you of changes to this policy by email.
6.4 This privacy notice was last updated 23 September 2019.
7. Your rights
7.1 You may instruct us to provide you with any personal information we hold about you, ie, to make a Subject Access Request; provision of such information will be subject to:
(a) the request being made in writing
(b) the supply of 2 forms of appropriate evidence of your identity (for this purpose, we will usually accept a form of identity such as your passport, or driving license, alongside an original copy of a utility bill from within the last 90 days showing your current address).
7.2 Subject Access Requests will be responded to within 30 days of receiving the request and once all necessary identification checks have been made.
7.3 We may withhold personal information that you request to the extent permitted by law.
7.4 You have the right to ask us to correct information if you believe that the information we hold about you is incorrect. If a decision is made not to revise your information, the reason for this will be shared with you.
7.5 You have the right to ask us to delete information, however this right is not absolute and we will need to determine whether we need to keep the data, for example to comply with professional bodies, legal requirements or HMRC tax purposes. If we are able to delete the information as requested, we will do so without undue delay.
7.6 Please contact the Data Controller regarding the areas set out in section 7 (details below).
8. About cookies
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
9. Cookies that we use
10. Cookies used by our service providers
11. Managing cookies
11.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
11.2 Blocking all cookies will have a negative impact upon the usability of many websites.
11.3 If you block cookies, you will not be able to use all the features on our website.
12. Our details
12.1 This website is owned and operated by Flourish Psychological Services Ltd.
12.2 We are registered in England under registration number , and our registered office is at 14 London Road, Newark, Nottinghamshire, NG24 1TW.
12.3 Our principal place of business is at The Clock Tower, Bar Gate, Newark, Nottinghamshire, NG24 1ES.
12.4 You can contact us:
(a) by post at our principal business address given above;
(b) using our website contact form;
(c) by telephone, on the contact number published on our website
13. Data Breaches
13.1 In the case of a personal data breach, the Data Controller, Dr Sarah Toft will notify the Information Commissioner's Office (ICO), no later than 72 hours after becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.
14. Complaints in relation to Data Handling
14.1 If you wish to complain about how we handle your data, in the first instance please contact Dr Sarah Toft and we will try or best to resolve your concerns. If however your complaint is not resolved to your satisfaction you can contact the Information Commissioner's Office at https://ico.org.uk/concerns/handling/ or via telephone: 0303 123 1113.
15. Data Controller
15.1 Our data controller's contact details are: Dr. Sarah Toft, Flourish Psychological Services Ltd, The Clock Tower, Bar Gate, Newark, Nottinghamshire, NG24 1ES. email: firstname.lastname@example.org