Account: Log In or Register

Privacy Policy for Service Users and their Representatives

1. Purpose

This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the General Data Protection Regulation 2018 (GDPR), the Data Protection Act 2018 (DPA) and other applicable laws in the United Kingdom (UK). We are committed to safeguarding the privacy and security of personal information.

2. Definitions

  • MHWS: Mental Health and Well-being Services Ltd. and also referred to as 'we' within the rest of this document.
  • Data Controller: The organisation that determines the purposes and means of processing personal data
  • Data Processor: A third party that processes personal data on behalf of the Data Controller
  • Special Category Data: As defined by the GDPR, includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation
  • Service User: An individual who has expressed an interest in, currently utilises or has utilised services provided by MHWS.
  • Service User Representative: An individual who represents a Service User in any capacity such as their parent, guardian, friend or relative. These individuals may be directly involved and play a large role in representing the Service User or listed as next of kin / emergency contact where a lesser role would be expected

3. Scope

As part of the services we offer, we are required to process personal data about our Service Users and, in some instances, our Service User Representatives. 'Processing' can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

This policy applies to both Service Users and Service User Representatives and by accessing or using our services, you acknowledge that you have read and understood this Privacy Policy.

4. Service Users

4.1. Personal Information We May Collect

  • Basic details (such as name, date of birth, email address, phone number, address, next of kin)
  • Account credentials (such as username, password)
  • Payment information (such as name, email address, phone number, address)
  • Communication preferences
  • Usage data (such as website analytics)
  • Special Category Data: Race or ethnic origin
  • Special Category Data: Health information (such as diagnoses, medication, treatments)
  • Any other information you voluntarily provide to us

4.2. How We Use Personal Information

We may use personal information for the following purposes:

  • Providing and improving our services
  • Processing and fulfilling your requests
  • Communicating with you, including responding to your enquiries
  • Personalising and tailoring your experience
  • Conducting research and analysis
  • Complying with legal obligations
  • Providing medical diagnoses, treatment, and care services

4.3. Legal Basis for Processing Personal Information

Our legal basis for processing personal information under the GDPR includes:

  • Performance of a contract: Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
  • Consent: Processing based on your consent, which you can withdraw at any time.
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving our services and ensuring the security of our website.

Our legal basis for processing Special Category Data under the GDPR includes:

  • Consent: We may seek explicit consent from individuals to process their special category data for specific purposes and this consent can be withdrawn at any time.
  • Performance of a contract: Processing special category data may be necessary for the performance of a contract with individuals seeking health and social care services.
  • Legal obligations: We may process special category data to comply with legal obligations, such as fulfilling our duty of care or reporting notifiable diseases.
  • Vital interests: In emergency situations where an individual's life or health is at risk, we may process special category data to protect their vital interests.
  • Legitimate interests: In certain circumstances, we may rely on our legitimate interests to process special category data, provided it does not outweigh an individual's rights and freedoms.

4.4. Collection and Use of Special Category Data

  • We collect special category data directly from individuals or from authorised third parties, such as parents, guardians, carers and healthcare professionals in accordance with appropriate Data Subject consent.
  • We limit the collection and use of special category data to what is necessary for the provision of health and social care services or for compliance with legal obligations unless specific consent has been provided.
  • We use appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of special category data throughout its lifecycle.

4.5. Sharing and Disclosure of Special Category Data

We may share special category data with:

  • You, your legal representative(s) or your Service User Representative(s) with your appropriate consent
  • Authorised healthcare professionals involved in the provision of health and social care services to individuals.
  • Other third parties to fulfil legal and regulatory requirements such as to respond to court orders or cooperate with regulatory authorities.

We ensure that any sharing or disclosure of special category data is done in accordance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and confidentiality of the data.

5. Service User Representatives

5.1. Personal Information We May Collect

  • Basic details (such as name, date of birth, email address, phone number, address)
  • Account credentials (such as username, password)
  • Payment information (such as name, email address, phone number, address)
  • Communication preferences

5.2. How We Use Personal Information

We may use personal information for the following purposes:

  • Providing and improving our services
  • Processing and fulfilling your requests or those of the Service User
  • Communicating with you, including responding to your enquiries
  • Personalising and tailoring your experience or those of the Service User
  • Conducting research and analysis
  • Complying with legal obligations

6. Legal Basis for Processing Personal Information

Our legal basis for processing personal information under the GDPR includes:

  • Performance of a contract: Processing necessary for the performance of a contract with you and / or the Service User you represent or to take steps prior to entering into such a contract.
  • Consent: Processing based on your consent, which you can withdraw at any time.
  • Legitimate interests: Processing necessary for our legitimate interests, such as a Service User benefitting from an individual supplying a guardian role, point of contact in case of emergency, next of kin or someone providing the service of lasting power of attorney.

7. Data Subject Rights / GDPR Access Requests

Under the GDPR, you have certain rights regarding your personal information. These rights include:

  • Right of access: You have the right to request access to the personal information we hold about you. This is known as a Subject Access Request (SAR).
  • Right to rectification: You can request that we correct or update your personal information if it is inaccurate or incomplete.
  • Right to erasure: You have the right to request the deletion of your personal information subject to legal and regulatory requirements.
  • Right to restrict processing: You can request that we limit the processing of your personal information under certain circumstances.
  • Right to data portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Right to object: You can object to the processing of your personal information unless compelling legitimate grounds override your rights.
  • Right to withdraw consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

You can exercise any of these rights by contacting us in a way that suits you. However, to ensure that we receive the request then we suggest that you either:

  • Email us via our website contact form
  • Send us a letter to our address
  • Telephone us within business hours

If not already known then all aforementioned contact information is available on this website.

8. Data Retention

MHWS retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, or business requirements.

We have implemented an Information Lifecycle Management Policy and procedures to ensure that all personal data is securely deleted or anonymised when no longer needed.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the revised version on our website or through other reasonable means. We encourage you to review this Privacy Policy periodically for any updates.

By accessing our health and social care services or providing personal data to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of data in accordance with the provisions outlined herein.

If you have any questions or concerns about this Privacy Policy, please contact us directly. A number of methods are available on this website.

Website Cookie Notice

Essential Cookies (Session Cookies)

A session cookie is temporary and lasts only as long as that 'session' of browsing. The cookie will last from the time it was set (usually once the website was visited), to the website being left and / or the browser being closed.

In most cases the data that is stored by Session Cookies holds no real personal information - its most common use is to hold state information such as keeping you logged into a website, storing choices made or holding what's in your basket during online shopping.

How We Use Session Cookies

This website uses session cookies to perform tasks which enable the functionality of the website. We use session cookies to store whether or not you are logged into the website, restriction of certain areas of the website, ascertaining your cookie preference in line with the GDPR and enabling general administrative duties.

Performance Cookies

If you accept our request to allow the website to use performance 'Cookies' then currently we are using:

Google Analytics Cookies

Google Analytics Cookies are used to track website usage such as: how many visitors the website gets, how frequently certain pages are visited and how long a visitor stays on the website and its pages.

This information can then be used by the website owner to assess whether the website is meeting the needs of its visitors and of course make changes to improve their experience accordingly.

These Cookies will expire naturally over time or you can clear these in your browser as you chose.

How Google uses this data is available here.

Notice for Any New Mental Health Diagnosis & Assessment Service Enquiries

Due to a high level of demand for our Mental Health Diagnosis and Assessment Services we are currently not accepting any new private patients whilst we work through our existing referrals.

We apologise for any disappointment and inconvenience this may cause and we will regularly review our position updating the information on our website, emails and answerphone whenever changes occur.