Cognitive Works takes the privacy and security of your personal information very seriously and always comply with relevant UK data protection legislation. Cognitive Works is registered with the Information Commissioners Office as a data handler. In this statement, “we”, “us” or “our” refers to all members of the Cognitive Works team which administers your personal information and interacts with you directly. While “you” or “your” refers to the person(s) seeking help through our service, this includes children.
Under the General Data protection Regulation (Regulation (EU) 2116/679) (GDPR), we are required to give you certain information about the way your personal information is used. This notice sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
Information you supply to us
You may give us information through correspondence by phone, email, in writing or otherwise. This includes, but is not limited to, information provided during your initial enquiry and completion of our registration form. Below are examples of information we may receive from you:
- Date of birth
- Telephone number
- Email address
- Health insurance policy details.
- Physical and mental health information
- Financial information
- NHS number
- Marital status
- Racial or ethnic origin
If you choose not to provide personal information
While you are not required to provide the personal information that we may request, but, if you chose not to do so, in many cases we will not be able to provide you with our services or respond to any queries you may have.
If you want us to stop using your personal information
You have the right in certain circumstances to object to our use of your personal information, or to ask us to delete your personal information or ask us to suspend our use of your personal information.
There may be legal or other official reasons why we need to keep or use your personal information. But please tell us if you think that we should not be using it and we will consider this.
If you want to object to how we use your data or ask us to delete it or restrict how we use it or, please contact us using the details given at the end of this document.
Letting us know if your personal information is incorrect
If any information that we hold about you is inaccurate or incomplete, you can ask us to make the necessary amendments to your data.
Information we receive from other sources
We may receive personal information from third parties such as your GP, consultant paediatricians, consultant psychiatrists, private medical insurers etc. This information could be used as part of the service we provide to you.
Using your information
The personal information we collect, and store will only be used to purposes of providing Cognitive Behavioural Therapy and the associated administrative services for you. Under data protection law, we can only use your personal information if we have a suitable reason for doing so, which could include:
- When we have your consent to share information with other professionals.
- It is necessary to ensure continuity of care.
- There is a legal and social obligation under the Children and Families Act 2014.
From time to time, we may use your personal information to send important notices to you or to those acting on your behalf, such as updates to your care and/or treatment plans or changes to our terms, conditions and policies. We also send email confirmations of any appointments which are booked for you. Because this information is important to your interaction with us, you may not opt out of receiving these communications.
We will not sell, share or give information to third parties for marketing purposes. We do not use your personal information for our own marketing either.
We will only share your personal information with third parties in the following circumstances:
- Where you have given your consent to the information being shared.
- Where there are issues or concerns like the health and safety of yourself or others.
- Where there is a legal requirement or responsibility to share the information.
- Where required for the purposes of collecting payment for an outstanding debt (such as disclosing information to a debt collection agency, solicitor or court).
Your personal information may also need to be shared with third parties to arrange for the funding and/or payment of services received.
How we store your personal information
Personal information collected on a paper format is stored in secured filing cabinets in a locked building. All electronic data with personal information is stored on servers within data centres in the EU and are GDPR compliant. Our laptops, PC’s, mobile phones and other devices which we use to help provide our services are all encrypted and password protected to further protect your personal data.
Safe guarding your personal information
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
While the transmission of information using the internet has potential risks, we anonymise identify personal data in reports that are sent to you. Documents are encrypted/password protected if the patient wishes.
How long do we keep your personal information
We retain certain information about you for a set period, this is normally 7 years from when you stop being treated. If the patient is under 18 at the time, data is kept for 7 years after they reach their 18th burthday.
All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required or permitted by law.
Our website and external links
Our website is intended for information only. While great care is taken to present the information on the website we cannot guarantee its accuracy. Our website contains links to other professional services, if you follow any of these links please note we accept no responsibility or liability for content found on those websites.
Please check each of the websites policies before submitting any personal information as they may all have different policies.
Individual rights under the GDPR
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.Access to your information
You have the right to request a copy of the personal information we hold about you, subject to certain exemptions. If you would like a copy of some, or all, of this information please contact us using the details below.
You may also have the right to object to processing of personal data that is likely to cause, or is causing, damage or distress. In certain circumstances, you can have inaccurate personal data rectified. If you believe you have any of these additional rights or you wish to exercise them, please contact us.
What if I have a complaint?
You have the right to complaint to the Information Commissioner’s Office where you think we have not used your personal information in accordance with data protection law. Details of how to do this can be found on www.ico.org.uk .
If you have any queries regarding privacy issues, please contact me via email at firstname.lastname@example.org