Who are we?
Insight Healthcare is a not-for-profit organisation providing free NHS talking therapy services across the UK. We are registered as a data controller with the Information Commissioner’s Office. Our registration number is Z7824778
Our Data Protection Officer is Alma O’Rourke and contact details are:
36 Brenkley Way
Newcastle upon Tyne
Tel: 0191 217 0377
Personal data and special categories of personal data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified.
In order for us to provide you with a service we need to collect personal data including health information which is a special category of personal data. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR).
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary.
What personal data do you collect?
In accordance with the Health and Social Care Act 2012 and Health and Social Care (Quality & Safety) Act 2015, personal and sensitive information we will collect from you will include:
- The reasons for referral and information supplied by your GP, medical advisor, NHS referrer or other referrer. This will include your name, date of birth, address, contact telephone numbers, email address and certain health information.
- The information supplied by you at first contact and in your assessment session; with additional information from professionals where applicable.
- Clinical assessments and plans relating to your treatment.
- Summaries of the content of therapy sessions.
- Copies of any letters or emails sent to you or received from you.
- Details of any telephone conversations with you.
We collect this personal information in order to provide treatment services to you (including communicating with you, your GP, your NHS referrer, other medical advisors as appropriate).
Under the GDPR, we must always have a lawful basis for using your personal data. We process your personal information so that we can comply with various legal obligations. This includes complying with legislation relating to health and social care.
Who do we share your information with?
Insight Healthcare has a data protection policy which means that relevant information is only shared with people involved in your health care. This will include:
- practitioners engaged by us to carry out our services to you
- your GP and any other NHS referrer
- the Department of Health and other statutory bodies to whom Insight Healthcare is required to submit data
Apart from these people, Insight Healthcare will not pass on your personal data to third parties without first obtaining your consent, however, there are times when information, legally, has to be given even without your consent, these would include; child protection, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.
We only share information with your family, friends or advocates with your explicit consent.
How long we keep your information
The information we collect will form your health record which we will retain for the duration specified by national guidance from the Department of Health, NHS Records Management Code of Practice. All confidential information is destroyed in line with the NHS Records Management Code of Practice.
Your rights as a data subject
At any point while we are in possession of or processing your personal information, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. You will need to provide a form of ID to access this. Please click here for more details about how to request access to your records.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records. This right will apply only if the processing has been undertaken on the basis of consent which is withdrawn, the processing of data is determined not to be lawful or the information is no longer required. There are exceptions to the right to erasure and Insight Healthcare are legally required to maintain your records in accordance with the retention guide referenced in the link above.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk
In the event that you wish to make a complaint about how your personal information is being processed by Insight Healthcare (or third parties as described), you can contact the Data Protection Officer using the contact details above.
If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body:
Information Commissioner’s Office
Tel: 0330 8303 0338
Changes to this privacy notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website www.insighthealthcare.org
How do I contact you?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details for the attention of the Data Protection Officer:
36 Brenkley Way
Newcastle upon Tyne
Tel: 0191 217 0377
We are committed to protecting and respecting your privacy. This policy provides you with the details of how any personal data we collect from you or that you provide us will be used and processed.
Information from the user
We may collect and process the following aspects of data about you
- Information that you provide us by filling in forms on our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete questions or surveys for research purposes. This is not some thing you have to respond too.
- Details of your visits to our site in the form of analytics, this could include places and resources you access on our site, time spent on our site and where you are directed to our site from.
What is a cookie?
Cookies are small files comprised of letters and numbers that are downloaded onto your desktop computer, mobile or other handheld device when you access certain websites. Cookies allow a website to recognise a user’s device and help your browser navigate through the website by allowing you to log in automatically by remembering settings you selected during earlier visits, amongst other functions. Cookies do not harm your computer. If you would like to learn more about cookies in general you can visit www.allaboutcookies.org.
We may collect information about your computer, including where available your IP address, operating system and browser type all of this is for system administration. This is only statistical data and does not identify any individual.
The transmission of information via the Internet is not completely secure, although we will do our best to protect your personal details but can not guarantee the security of your data. Any transmission is at the risk of the site user. Once we have received any information we will use strict procedures and security features to try and prevent unauthorised access.
Uses of your information
We use the information held about you in the following ways:
- To ensure that content from our site is presented in the most effective way for you and your computer.
- To carry out any requests or obligations arising from any contact you may have with us.
- To provide you with information or services that you have requested from us or which we feel may interest you, if you have given us consent to get in contact with you.
- To enable you to participate in any interactive features our service offers, as and when you choose to do so.
- To notify you of any changes to our service.
Disclosure of your information
We may disclose your personal information to third parties if we are under a duty to disclose or share your data in order to comply with any legal obligation. This includes exchanging information with other companies and organsiations for the purposes of fraud protection and credit risk solution.
You have the right to ask us not to process your personal data for marketing purposes, although we will usually ask your permission before we collect any information if we intend to disclose any details to and third party for any such purposes.
You have the right to refuse such intentions by checking the correct boxes on any forms we use to collect data, or by contacting us at any time.
Our site may from time to time contain links to and from other websites. If you were to follow a link to any of these sites please note that these websites have their own privacy policies and we do accept any responsibility or liability for these policies. Please make sure to check these policies before you submit any personal data to any of these websites.
Any changes we make to our policy will be displayed on this page and where appropriate notified to you via email.
Data Protection Impact Analysis
For information related to our data protection impact analysis please contact the Data Protection Officer at firstname.lastname@example.org