Account: Log In or Register

Privacy Policy for Service Users and their Representatives

1. Introduction

  • 1.1. This Privacy Policy outlines the use of personal information regarding service users and their representatives including why we hold their data, the lawful basis for doing so, and their rights in terms of how we process their data for Mental Health and Well Being Services Ltd (hereafter referred to as ‘MHWS’, ‘us’, ‘we’, or ‘our’).
  • 1.2. Within this document all items that are capitalised the same as the title of a Designation or Definition refer to those designations and/or definitions including all singular and plural forms.
  • 1.3. Please note that the requirements outlined in this policy are subject to compliance with all applicable laws and regulations. In the event of any conflict between this policy and such laws or regulations, the latter shall prevail.

2. Designations

  • Service User: An individual who has expressed an interest in, currently utilises or has utilised services provided by MHWS.
  • Service User Representative: an individual who represents a Service User in any capacity such as their parent, guardian, friend, or relative

3. Definitions

  • National Data Opt-Out (NDOO): a service that allows individuals to opt out of having their confidential patient information, in respect of NHS services, shared for healthcare research and planning purposes
  • Service User Representative: an individual who represents a Service User in any capacity such as their parent, guardian, friend or relative
  • Special Category Data: As defined by the GDPR, includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation

4. Purpose

  • 4.1. As part of the services we offer, we must process personal data about our service users and, in some cases, their representatives. 'Processing' includes collecting, recording, organising, storing, sharing, or destroying data. We are committed to safeguarding the privacy and security of personal information and being transparent about why we need your data and what we do with it. This Privacy Policy describes how we process this personal information and explains your rights regarding your data, in accordance with the UK General Data Protection Regulation 2021 (GDPR), the Data Protection Act 2018 (DPA), and other applicable UK laws.
  • 4.2. This Privacy Policy covers:
    • 4.2.1. Service Users
    • 4.2.2. Service User Representatives
    • 4.2.3. Our Legal Basis for Processing Personal Information Under the UK GDPR
    • 4.2.4. Data Subject Rights/GDPR Access Requests
    • 4.2.5. Data Retention
    • 4.2.6. National Data Opt-Out
    • 4.2.7. About this Privacy Policy

5. Scope

  • 5.1. This policy includes in its scope all data which we process regarding Service Users and Service User Representatives either in physical form or digital copy, this includes special categories of data.
  • 5.2. This policy applies to both Service Users and Service User Representatives.

6. Service Users

  • 6.1. Personal Information We May Collect:
    • 6.1.1. Basic details (such as name, date of birth, email address, phone number, address, next of kin)
    • 6.1.2. Account credentials (such as username, password)
    • 6.1.3. Payment information (such as name, email address, phone number, address)
    • 6.1.4. Communication preferences
    • 6.1.5. Usage data (such as website analytics)
    • 6.1.6. Special Category Data: Race or ethnic origin
    • 6.1.7. Special Category Data: Health information (such as diagnoses, medication, treatments)
    • 6.1.8. Any other information you voluntarily provide to us
  • 6.2. We May Use Personal Information for the Following Purposes:
    • 6.2.1. Providing and improving our services
    • 6.2.2. Processing and fulfilling your requests
    • 6.2.3. Communicating with you, including responding to your enquiries
    • 6.2.4. Personalising and tailoring your experience
    • 6.2.5. Conducting research and analysis
    • 6.2.6. Complying with legal obligations
    • 6.2.7. Providing medical diagnoses, treatment, and care services
  • 6.3. Our Legal Basis for Processing Personal Information under the UK GDPR includes:
    • 6.3.1. Performance of a contract: Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
    • 6.3.2. Consent: Processing based on your consent, which you can withdraw at any time.
    • 6.3.3. Legitimate interests: Processing necessary for our legitimate interests, such as improving our services and ensuring the security of our website.
  • 6.4. Our legal basis for processing Special Category Data under the GDPR includes:
    • 6.4.1. Consent: We may seek explicit consent from individuals to process their special category data for specific purposes and this consent can be withdrawn at any time.
    • 6.4.2. Performance of a contract: Processing special category data may be necessary for the performance of a contract with individuals seeking health and social care services.
    • 6.4.3. Legal obligations: We may process special category data to comply with legal obligations, such as fulfilling our duty of care or reporting notifiable diseases.
    • 6.4.4. Vital interests: In emergency situations where an individual's life or health is at risk, we may process special category data to protect their vital interests.
    • 6.4.5. Legitimate interests: In certain circumstances, we may rely on our legitimate interests to process special category data, provided it does not outweigh an individual's rights and freedoms.
  • 6.5. Collection and Use of Special Category Data:
    • 6.5.1. We collect special category data directly from individuals or from authorised third parties, such as parents, guardians, carers and healthcare professionals in accordance with appropriate Data Subject consent.
    • 6.5.2. We limit the collection and use of special category data to what is necessary for the provision of health and social care services or for compliance with legal obligations unless specific consent has been provided.
    • 6.5.3. We use appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of special category data throughout its lifecycle.
  • 6.6. Sharing and Disclosure of Special Category Data:
    • 6.6.1. We may share and disclose special category data with you, your legal representative(s), or your Service User Representative(s) with your appropriate consent
    • 6.6.2. We may share and disclose special category data with authorised healthcare professionals involved in the provision of health and social care services to individuals.
    • 6.6.3. We may share and disclose special category data with other third parties to fulfil legal and regulatory requirements such as to respond to court orders or cooperate with regulatory authorities.
    • 6.6.4. We ensure that any sharing or disclosure of special category data is done in accordance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and confidentiality of the data.

7. Service User Representatives

  • 7.1. Personal Information We May Collect:
    • 7.1.1. Basic details (such as name, date of birth, email address, phone number, address)
    • 7.1.2. Account credentials (such as username, password)
    • 7.1.3. Payment information (such as name, email address, phone number, address)
    • 7.1.4. Communication preferences
  • 7.2. We May Use Personal Information for the Following Purposes:
    • 7.2.1. Providing and improving our services
    • 7.2.2. Processing and fulfilling your requests or those of the Service User
    • 7.2.3. Communicating with you, including responding to your enquiries
    • 7.2.4. Personalising and tailoring your experience or those of the Service User
    • 7.2.5. Conducting research and analysis
    • 7.2.6. Complying with legal obligations

8. Our Legal Basis for Processing Personal Information Under the UK GDPR

  • 8.1. Performance of a contract: Processing necessary for the performance of a contract with you and/or the Service User you represent or to take steps prior to entering into such a contract.
  • 8.2. Consent: Processing based on your consent, which you can withdraw at any time.
  • 8.3. Legitimate interests: Processing necessary for our legitimate interests, such as a Service User benefitting from an individual supplying a guardian role, point of contact in case of emergency, next of kin or someone providing the service of lasting power of attorney.

9. Data Subject Rights/GDPR Access Requests

  • 9.1. Under the GDPR, you have certain rights regarding your personal information. These rights include:
    • 9.1.1. Right of access: You have the right to request access to the personal information we hold about you. This is known as a Subject Access Request (SAR).
    • 9.1.2. Right to rectification: You can request that we correct or update your personal information if it is inaccurate or incomplete.
    • 9.1.3. Right to erasure: You have the right to request the deletion of your personal information subject to legal and regulatory requirements.
    • 9.1.4. Right to restrict processing: You can request that we limit the processing of your personal information under certain circumstances.
    • 9.1.5. Right to data portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
    • 9.1.6. Right to object: You can object to the processing of your personal information unless compelling legitimate grounds override your rights.
    • 9.1.7. Right to withdraw consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
  • 9.2. You can exercise any of these rights by contacting us in a way that suits you. However, to ensure that we receive the request then we suggest that you either:
    • 9.2.1. Email us via our website contact form
    • 9.2.2. Send us a letter to our address
    • 9.2.3. Telephone us within business hours
  • 9.3. Our contact information and email form are available on our website: www.mentalhealthandwellbeing.co.uk

10. Data Retention

  • 10.1. MHWS retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, or business requirements.
  • 10.2. We have implemented a Record Keeping Policy and procedures to ensure that all personal data is securely deleted or anonymised when no longer needed.

11. National Data Opt-Out

  • 11.1. NHS Service Users can opt-out of having their personal data shared for the use of planning or research purposes as part of the ‘National Data Opt-Out’ service. You can find out more by visiting: www.nhs.uk/your-nhs-data-matters. At this time, we do not share any data for planning or research purposes for either our NHS Service Users, for which the National Data Opt-Out would apply, or our private Service Users.
  • 11.2. We review our data processing on an annual basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities (ROPA). All new processing is assessed to see if the National Data Opt-Out applies.
  • 11.3. If any data processing falls within scope of the National Data Opt-Out we use MESH to check if any of our Service Users have opted out of their data being used for this purpose.

12. About this Privacy Policy

  • 12.1. We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the revised version on our website or through other reasonable means. We encourage you to review this Privacy Policy periodically for any updates.
  • 12.2. If you have any questions or concerns about this Privacy Policy, please contact us directly. A number of methods are available on our website: www.mentalhealthandwellbeing.co.uk

Website Cookie Notice

Essential Cookies (Session Cookies)

A session cookie is temporary and lasts only as long as that 'session' of browsing. The cookie will last from the time it was set (usually once the website was visited), to the website being left and/or the browser being closed.

In most cases the data that is stored by Session Cookies holds no real personal information - its most common use is to hold state information such as keeping you logged into a website, storing choices made or holding what's in your basket during online shopping.

How We Use Session Cookies

This website uses session cookies to perform tasks which enable the functionality of the website. We use session cookies to store whether or not you are logged into the website, restriction of certain areas of the website, ascertaining your cookie preference in line with the GDPR and enabling general administrative duties.

Performance Cookies

If you accept our request to allow the website to use performance 'Cookies' then currently we are using:

Google Analytics Cookies

Google Analytics Cookies are used to track website usage such as: how many visitors the website gets, how frequently certain pages are visited and how long a visitor stays on the website and its pages.

This information can then be used by the website owner to assess whether the website is meeting the needs of its visitors and of course make changes to improve their experience accordingly.

These Cookies will expire naturally over time or you can clear these in your browser as you chose.

How Google uses this data is available here.