Last updated: 6 June 2022
Welcome to the London Psychiatry Clinic’s Privacy Policy.
We take the privacy rights of all our clients seriously and adopt a high standard of compliance and confidentiality when dealing with your data. We want you to understand that this is a safe place for you to discuss your feelings and concerns and that we operate in a highly confidential environment. This privacy policy sets out the details of how data is collected and processed when using our website or our services.
Important information and who we are
The London Psychiatry Clinic Limited (“LPC” or “Clinic” is the ‘data controller’ for the personal information you provide to the Clinic. As the data controller, LPC is responsible for, and controls the processing of, your personal information by the Clinic. LPC is registered with the Information Commissioner’s Office (ICO).
This Privacy Notice describes the basis on which any personal information the Clinic collects from you, or that you provide to the Clinic, will be processed by the Clinic. We would be grateful if you could read this Privacy Notice carefully as it details important information regarding the Clinic’s use of your personal information.
If you have any questions about our privacy practices or if you would like to contact the Clinic you can can do so in the following ways:
Full name of legal entity: London Psychiatry Clinic Limited
Email address: [email protected]
Postal address: The London Psychiatry Clinic, 55 Harley Street, London W1G 8QR
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated in April 2022.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
This website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Personal information collected by us
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We do not collect any other Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How is your personal data collected?
You may give the Clinic personal information by filling in our Registration Form or by speaking with us over the telephone, emailing us or otherwise corresponding with us.
You may also provide us with personal and special category data during an appointment with us or verbally during discussions at our practice.
We will also collect and process personal information that you and other medical professionals may send to us, such as referral letters, reports or assessments, or results of blood tests for example. We may also collect personal information about you that is given to us by your family members or other individuals known to you.
You may provide information to us when completing our contact form on our website.
We may collect some Technical Data from analytics providers such as Google.
How we use your personal information
We will use your personal information to carry out our obligations under our contract with you as detailed in the Patient Information Letter and to pursue our legitimate interests, that is, in order to provide healthcare services. Please note, that in certain circumstances your personal information may need to be shared with a Psychiatrist colleague in order to ensure continuity of your care and this would only be on an as needed basis and, unless in an emergency situation, your consent would be requested prior to your information being shared.
We will also use your personal information to ensure you or your health insurance provider receives the correct bill, as well as to ensure that you receive the information and services that you request from us.
Your personal information will also be used to notify you of any changes to the information currently set out in our Patient Information Letter and for other administrative purposes.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent when collecting special category data (such as health information) and before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Marketing
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you received a service from us or if you asked for information from us about our services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.
Disclosure of your personal information
We may disclose some of your personal information to:
1. Other clinicians involved in your care, including your GP or other referring professional, pharmacists, therapists or other medical professionals.
We will seek your consent before sharing your personal information with such third parties.
If you do not consent to your LPC psychiatrist sharing information with your GP, LPC will discuss with you the most appropriate way forward depending on your circumstances.
In cases where there is a potential risk to your health (for example if you are acutely unwell, or have relapsed in severe addiction or have intense suicidal thoughts), your LPC psychiatrist may discuss with you that they are not able to continue holding responsibility for your psychiatric care unless you provide consent for them to speak to third parties (such as a family member, your GP or local NHS Mental Health Services such as the Crisis team) in order to ensure your safety and to avoid misleading other people involved in your care. If this is the case, your LPC psychiatrist will discuss this with you with a view to arriving at an acceptable solution.
2. Other Third Parties: In certain emergency or extreme circumstances your LPC psychiatrist may contact a third party (usually the Next of Kin you have provided in the Registration Form or a health professional involved in your care such as your GP or a Therapist). This can happen if there is a significant risk to your health or safety or that of others, or if there is a safeguarding concern or a situation where there is a concern about your mental capacity (as per the Mental Capacity Act) or there is a need for a Mental Health Act Assessment (as per the Mental Health Act). This is in accordance with the standards of Clinic for all Psychiatrists licensed to Clinic in the UK. In every case, your LPC psychiatrist will make their best effort to discuss the situation with you prior to contacting anyone.
The data processors we use are:
Keeping your personal information secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All personal information you provide to us or we collect from you is stored on secure servers and any payment transactions will be encrypted using SSL technology. Your personal information is held securely on a cloud-based electronic patient medical record database, accessed only via two-factor authentication.
No personal information is retained on paper – all hardcopy personal information is securely shredded as soon as the personal information has been processed electronically to our secure database.
Whilst we will use all reasonable efforts to safeguard your personal information, we are all aware that the transmission of information via the internet is not 100% secure and therefore we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. Once we have received or collected your personal information we will adhere to our strict procedures and security protocols to try to prevent unauthorised access.
Some of the information we hold is stored in servers outside the EEA and we will only transfer your personal data outside the EEA provided that the country in which your personal data is transferred ensures an adequate level of protection for your rights and freedoms as well as that the transfer is necessary in the performance of our contract with you. For any of our service providers (such as Stripe ) who are based outside of the EEA, we may use specific contracts approved by the European Commission, which gives personal data the same protection it has in Europe.
Retention of your personal information
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
There are legal requirements for the amount of time medical records need to be kept after the last contact with the patient. For adult health records, this is usually 8 years after last contact and, for children, this is usually until the 25th birthday, or 8 years if longer. If you have not been in touch with the Clinic for more than a year, you will no longer be considered an active patient. Your personal information will remain archived in our secure electronic database and will no longer be displayed as an active record. As mentioned previously, no hard copy or paper records are retained or stored, regardless whether you are an active or inactive patient. We need to retain your records even if you are no longer an active patient in order to comply with our ethical, regulatory and legal obligations. Please contact [email protected] if you have any concerns or queries.
Your legal rights
Under the Data Protection Act 2018, and the General Data Protection Regulation (GDPR) (2018) you have rights as an individual which you can exercise in relation to the information we hold about you.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that we cannot erase any medical records as we have a statutory duty to keep them as per the Data Protection Act 2018. We are professionally and legally obliged not to alter any medical records. However, if you disagree with any information contained on your medical records, a note can be added to the relevant entry to explain to any future readers that the patient disagrees with this information, and you can add an explanation if you wish.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
· If you want us to establish the data's accuracy.
· Where our use of the data is unlawful but you do not want us to erase it.
· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Contact Us: If you wish to exercise any of these rights or to make a request for any personal information we may hold (a ‘Data Subject Access Request’) you can email us at [email protected] or write to us at The London Psychiatry Clinic, 55 Harley Street, London W1G 8QR.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will generally submit any personal or special category data to you electronically using secure encrypted email, unless you specifically ask for this information to be sent to you by other method such as standard email or post.