Oxford ADHD and Autism Centre Limited (“we”) are committed to protecting and respecting your privacy.
We understand that the information you share with us is personal and often sensitive. Protecting your privacy is important to us. This policy explains how we collect, use, and protect your information, and the choices you have about how it is used.
We are the data controller for the purposes of the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679). This means we are responsible for deciding how we hold and use your personal data.
By submitting personal data to us and/or by using our website, you are giving your consent for us to process your information in the ways described in this policy.
Definitions
· Data: Any data you use our services to provide, for example, answers to forms, results from assessments, or information shared in appointments.
· Personal information: Information about you that we collect or look after, such as your contact details or medical history.
Information we collect about you
We collect information so we can provide you with safe, effective, and personalised care.
At initial contact, we may ask for:
· Name
· Postal address
· Email address
· Telephone number
· Date of birth
· School details (where relevant)
· GP details
· Health insurance details (if applicable)
· NHS number
We may also ask for details about:
· The difficulties you/your child are experiencing
· Your family circumstances
· Past medical history and current difficulties
· Any concerns or risks (this is classed as sensitive information and helps us provide the right support)
Other sources of data: If our services are commissioned by third parties (such as your child’s school, GP, local authority, or Integrated Care Board), they may share your name, address, contact details, and relevant medical or educational history with us.
Additional data collected when you use our services:
· Usage information: pages you visit on our website, links you click, when you perform those actions, and your language preferences.
· Device and browser data: IP address, operating system, device type, performance information, browser type, and for mobile devices, a unique device identifier (UUID).
· Information from page tags: data collected through cookies and web beacons to help us understand how visitors use our site.
· Log data: your IP address, internet service provider, files viewed on our site, operating system, time spent on site, device type, and timestamps.
· Medical records and test results: previous medical records, reports, tests, questionnaires, or psychometrics we request as part of your care.
If you contact us by phone, email, or through our website contact form, we will keep a record of that correspondence.
How we use your data
We only use your information for purposes you would expect and in ways that help us provide you with safe, effective, and personalised care. This includes to:
· Communicate with you about appointments (by email, letter, or SMS)
· Provide the right service to you or your child
· Carry out thorough and appropriate assessments
· Provide the information or services you have requested
· Invoice you or your insurance company (financial records are kept for 7 years, as required by HMRC)
· Share information (with your consent) with others involved in your care, such as your GP, school, or other health professionals
· Notify you about changes to our services
· Make sure our website works well on your device
· Improve our services and carry out troubleshooting, testing, and data analysis
We will never share your personal information with third parties for marketing purposes.
Sharing your data
We will only share your data when it is necessary for your care or when we are legally required to do so. This may include:
· Clinicians who will be providing your care
· Your GP, school, CAMHS/PCAMHS, Social Services, psychiatrists, or other professionals involved in your care (with your consent unless there is a serious risk or legal obligation)
· Analytics and search engine providers that help us improve our website
· Legal or regulatory bodies where required to protect rights, property, or safety, including fraud prevention
· With Trustpilot, an independent review platform, so we can invite you to share feedback about your experience with us. We do this because your views are an important part of how we deliver safe, effective, and compassionate care
To send you this invitation, we may share your email address to confirm that you are a genuine patient. Trustpilot will process this data as a data processor on our behalf and in line with their own Privacy Policy.
We use the feedback you provide through Trustpilot to:
· Follow up with you if we think we can offer further support or help resolve an issue you have raised
· Identify where our processes can be improved so that the experience is better for future patients
· Recognise and share examples of good practice among our teams
· Monitor the quality and safety of our services over time
Feedback from Trustpilot is combined with other patient experience measures to give us a full picture of what we are doing well and where we can improve.
We will always ensure that any third party we share your data with has appropriate safeguards in place.
Data retention
We keep your information for as long as it is needed to provide your care and meet legal requirements.
· Medical records: 20 years from your last appointment, or 8 years after your death (whichever comes sooner).
· Children’s records: until their 25th birthday, or 26th if they were 17 when treatment ended.
Legal basis for using your data
The law sets out several reasons why we can use your personal data:
· Consent: when you have clearly agreed (e.g. ticking a box to receive our newsletter)
· Contractual obligations: when using your data is necessary for us to provide a service you have requested
· Legal obligations: when we must use your data to comply with the law
· Vital interests: when it is necessary to protect someone’s life
· Legitimate interests: when we have a business or clinical reason to use your data, unless your rights override those interests
· Legitimate interests: we use your contact details to invite you to provide feedback through Trustpilot after your appointment. This helps us to support patients who may need further help, improve our processes, recognise good practice, and ensure our care is safe, effective, and responsive. You can opt out of these invitations at any time.
Your rights
You have the right to:
· Access the personal data we hold about you (free of charge, unless unfounded or excessive)
· Receive a copy of your data within 30 days of your request (a small admin fee may apply)
· Ask us to correct inaccurate or incomplete information (and we will inform anyone we’ve shared it with)
· Ask us to delete your data, where legally possible
· Ask us to stop using your data for specific purposes, such as appointment reminders or marketing
· Withdraw your consent where processing is based on consent
· Ask us to transfer your data electronically to another health professional
· Object to your data being used for direct marketing
· Complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data
We may ask you to verify your identity before acting on your request.
Data breaches
We work hard to keep your information safe. In the unlikely event of a data breach that risks your rights or freedoms, we will:
· Notify the ICO within 72 hours
· Inform you if your information has been affected
· Take steps to reduce any risks and prevent it from happening again
Where we store your data
We may store or process your data outside the UK or the European Economic Area (EEA). If we do, we will make sure it is protected to the same high standards required here, including using approved contractual safeguards.
Your information is stored securely:
· Paper-based records are kept to a minimum and stored in locked filing cabinets in secure premises
· Electronic patient records are stored in Cliniko, a secure, password-protected, GDPR-compliant system
· Access to your data is strictly limited to staff directly involved in your care or account
· Sensitive information will only be emailed with your prior consent
· Devices storing personal data are password/passcode/biometric protected
· Data is backed up regularly and securely
· Any payment transactions are encrypted
Cookies
Cookies help us make our website work better for you — for example, by remembering your preferences or helping us understand which pages are most useful.
A cookie is a small file stored in your browser or on your device. We will tell you if we use cookies that collect personal data and will ask for your consent before using them.
You can remove cookies at any time or disable them in your browser settings. For more information, please see our Cookies Policy.
Links to other websites
Our website may contain links to other websites that we do not operate. These are provided for your convenience and do not mean we endorse the site or its operators. We encourage you to read the privacy policy of any website you visit before sharing your personal information.
Unsubscribe
We hope you find our updates and information helpful. However, if you would prefer not to receive emails from us, please email [email protected] with “email unsubscribe” in the subject line.
If you would also like to be removed from our postal mailing list, please email us with “mail unsubscribe” in the subject line or write to us at the address in this policy.
We will always respect your preferences about how we contact you.
Contacting the Regulator
If you have concerns about how we use your information, we would like the chance to put things right. If you still feel unhappy, you can contact the Information Commissioner’s Office (ICO):
· Call: 0303 123 1113 · Visit: www.ico.org.uk/concerns (this will open in a new window – please note we cannot be responsible for the content of external websites).
Questions?
We’re here to help. If you have any questions about this policy or how we use your information, please contact our Data Protection Officer:
· Email: [[email protected]]
· Phone: [+44 1865 744144]
Notification of changes to privacy policy
We may update this privacy policy from time to time. Any changes will be posted on this page, so please check back periodically.
Governing Law
This privacy policy forms part of our website Terms of Use and is governed by the laws of England and Wales.
Imagery
The people featured in the images used on our website and marketing materials are models and do not have any direct connection to Oxford ADHD & Autism Centre or any specific mental health condition.