Privacy Policy
As part of our commitment to transparency and the protection of your personal information, it is important that you read and understand the terms of our Privacy Policy, which is set out below.
The Autism ADHD Centre Privacy Policy
Introduction
This Privacy Policy sets out how the Autism ADHD Centre (“AAC”) (“we”, “us”, “our”) as data controller, deals with your personal data. It is important that you read this document carefully and that you contact us at info@autismadhdcentre.com if you are unsure about any part.
At the AAC, we comply with relevant data protection laws and principles such as the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection (“EU GDPR”) and the Data Protection Act 2018. This means that we only use Personal Data in a lawful, fair and transparent way, that we agree to keep it secure and that we only keep it for as long as necessary for the purposes we have told you about.
When you access our Website and/or provide us with your Personal Data, you are confirming that you are over 18 years of age. We do not knowingly collect personal data from anyone under 18. If you as a parent or guardian believe your child has provided us with their Personal Data please contact us.
Definitions
Within this Privacy Policy, “Personal Data” shall mean information that can be used to identify an individual, whether directly or indirectly and “Website” shall mean our site at www.autismadhdcentre.com, along with our online platforms and social media channels.
Processing your Personal Data
We may process your Personal Data when you request information from us by email or through a contact form or our Website, when you sign up to receive our emails or other communications, when you engage us to provide you with services, or when we otherwise communicate with you via email, telephone, text, post, through our Website or any other communication methods.
We may also process Personal Data that you share via third parties such as Meta, Google, Stripe or other similar analytic, advertising, or information service providers or payment service providers.
We may also process your personal data through the use of cookies or other tracking software on our Website. Please refer to our separate cookie policy for further information.
Our grounds for processing your Personal Data
We only process Personal Data when we have a lawful reason for doing so. Such reasons may be because you have provided consent, where we are under a contractual or legal obligation (such as where we need information to deliver a service), where we are legally permitted, or where it is in our legitimate interests to do so.
Our clinicians are obliged under their professional rules to keep information relating to your health confidential.
The types of Personal Data we process
The types of Personal Data we process varies depending on the circumstances and nature of our relationship with you, but typically may include:
• Personal and Contact Information: name, date of birth, email address, phone number, business contact details, correspondence address, IP address and any messages or communications provided to us. This data shall be processed for the purposes of communicating with you and for record keeping on the lawful grounds of legitimate interest;
• Patient Information: where you enquire about our services or engage us to provide services to you then we may process Personal Data in connection with your enquiry or the supply of that service and for keeping appropriate records. Data may include the Personal and Contact Information as set out above, along with other business and finance information, appointment information, diagnosis information, billing or delivery addresses and credit card or other payment details and it shall be processed on contractual grounds;
• User Information: this includes comments or statements that you may make or post via our Website. Images, documents or videos that you share on or through our Website and information concerning your use of our Website such as browser information, pixel ID, page views, pages visited, number of visits and where appropriate, log-in details. This information is used to help us analyse and monitor usage and content of our Website to ensure relevance, to support our administration and record keeping requirements, and to maintain security of our systems on legitimate interest grounds;
• Promotional Information: this is Data provided in connection with any promotions, marketing or advertising from us or associated third parties. It is used to provide relevant offers, advertisements, competitions and promotions as well as other free resources, and to monitor our promotional activity, keep records and compile analytics on legitimate interest grounds.
• Patient System Information: should you access or use our private patient information system then we may process information in connection with your use of that system as well as for the supply, access and maintenance of the system. Such information may include your date of birth, contact address, patient notes, assessment results and letters of correspondence as well as your IP address, device name, operating system and other related information and we shall process it on contractual grounds
Use of Personal Data for marketing purposes
We may also process your Personal Data to deliver or send relevant advertisements to you and to analyse the success and effectiveness of such advertising campaigns for our legitimate interest purposes of promoting and growing our business.
In accordance with the Privacy and Electronic Communications Regulations (PECR) we may also send you relevant advertisements or marketing information if you:
I. have ever purchased or enquired about our services; and
II. at the time of your purchase or enquiry you agreed to receive advertising or marketing information from us and you have not opted out from receiving that information.
You can choose to opt out or stop communications from us at any time by using the opt-out link in the communication you receive, or by emailing us at info@autismadhdcentre.com.
Please note that, despite any request or opt out, we will continue to contact you where we are required to do so in order to provide you with the service that you have requested or engaged us to provide.
We will never share your Personal Data with any third party for their own marketing purposes without your express consent.
Special Category Data
Special category data includes data relating to your health, race or ethnicity, political opinion, religious or philosophical beliefs, trade union membership, genetics, biometrics, sex life or sexual orientation.
To enable the AAC to deliver services to you we will need to process special category data relating to your health and may also need to process special category data relating to your gender, ethnicity or any criminal activity or convictions. We require your consent to allow us to process this Personal Data and you will be asked to provide your consent by signing a copy of this Privacy Policy or providing your electronic acceptance of this Privacy Policy.
Sharing your Personal Data
We may share your Personal Data with:
1. Medical and healthcare providers such as your GP, specialist and other medical or healthcare professionals involved in your care;
2. Third party service providers. We may use external service providers such as IT suppliers, finance and billing services and medical systems suppliers to support our business and may share your personal data with those third parties;
Where we share your data with any third-party supplier, we understand that they have appropriate technical and security processes in place to protect your data and any information shared will be shared in compliance with relevant medical guidelines and the terms of this Privacy Policy.
Where we have outsourced a function or activity to a third-party service provider, we will only disclose Personal Data that the service provider needs to undertake that function or activity.
From time to time, we may ask you to participate in research projects. You have the right to decline and any projects will be subject to ethical approval from the relevant institution or university.
Data security
We take the protection of your Personal Data seriously and have taken suitable and reasonable steps to protect any Personal Data we hold from misuse, loss, unauthorised access, and any modification or disclosure.
All patient information is held securely via a third party system, Carebit. When you use or access our Services you will be asked to set up an account with Carebit. Carebit use SSL encrypted connections and any data held by Carebit is stored in an encrypted database. You can find more information about how Carebit deals with Personal Data by viewing their privacy policy here: www.carebit.co/privacy-policy/. We do not retain any hard copy patient notes.
We limit access to your Personal Data to those employees, agents, contractor or third parties who have a business need to know. They will only process your Personal Data on our instructions and must keep it confidential.
Please be aware that whilst we take reasonable precautions, in accordance with relevant industry standards, to safeguard your Personal Data, there remains inherent risks involved in storing Personal Data or transmitting it across the internet and we are unable to guarantee that any method of storage or transmission is 100% secure. On this basis, should you have any concerns regarding submission of your Personal Data, please contact us to discuss alternative methods.
Data retention
We will not keep your Personal Data for longer than is required with regard to the purpose for which it was collected by us or provided by you including any legal or record keeping requirements and will take reasonable steps to destroy or permanently de-identify your Personal Data when it is no longer required.
Your rights in relation to the data we hold
The Data Protection Legislation sets out rights in relation to Personal Data such as the right to be informed about collection and processing, the right to access and receive a copy of any Personal Data held, the right to request correction of errors or to erase or delete Personal Data, and the right to restrict or object how Personal Data is processed. Should you wish to exercise any such rights then please contact us using the details below.
No fee will be charged to access your Personal Data but we reserve our rights to charge a fee where we consider, in our reasonable opinion, that any request you make is unfounded or excessive. We aim to respond to all legitimate requests within one month.
If you are based in the UK you can find out more about your rights by visiting https://ico.org.uk/your-data-matters/
To ensure the information we hold about you remains accurate please contact us using the details below, if at any time your personal details change.
Where you have provided your consent for us to process your Personal Data you can withdraw that consent at any time. Should you wish to do so please contact us at the email address below.
If you are not happy with how we process your Personal Data you have the right to lodge a complaint with the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.
NHS Care Record Guarantee
The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS, what control the patient can have and the rights individuals have to request copies of their data and how data is protected under the Data Protection Act 1998. Our Privacy Policy and our data protection processes align with the NHS Care Record Guarantee.
Further information about the NHS Care Record can be found at: https://digital.nhs.uk/services/national-care-records-service.
Changes to this Privacy Policy
We reserve the right to alter or amend this Privacy Policy without any prior notice to you. Should our Privacy Policy be altered, the new version will be posted on the Website. Your first use of our Website or your continued use of our services after the date of any amendments or alterations will constitute your acceptance of such changes therefore, we recommend you review this Privacy Policy regularly to keep informed of any changes.
Who we are and how to contact us
The Autism ADHD Centre is a trading name of Dr Sandeep Mind Body Medicine Limited, Company Number 10949675. Company is registered in England and Wales. Registered address is 1110 Elliott Court, Coventry Business Park, Herald Avenue, Coventry, CV5 6UB.
If you need to contact us then please send an email to: info@autismadhadcentre.com.
Legal Jurisdiction
This Privacy Policy shall be governed and construed in accordance with the laws of England and Wales and by accessing or engaging with our services or using our Website, you agree to the exclusive jurisdiction of those Courts.
