Who are we?
Insight Healthcare is a not-for-profit organisation providing free NHS talking therapy services across the UK. We are registered as a data controller with the Information Commissioner’s Office. Our registration number is Z7824778
Our Data Protection Officer is Alma O’Rourke and contact details are:
36 Brenkley Way
Newcastle upon Tyne
Tel: 0191 217 0377
Personal data and special categories of personal data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified.
In order for us to provide you with a service we need to collect personal data including health information which is a special category of personal data. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR).
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary.
What personal data do you collect?
In accordance with the Health and Social Care Act 2012 and Health and Social Care (Quality & Safety) Act 2015, personal and sensitive information we will collect from you will include:
- The reasons for referral and information supplied by your GP, medical advisor, NHS referrer or other referrer. This will include your name, date of birth, address, contact telephone numbers, email address and certain health information.
- The information supplied by you at first contact and in your assessment session; with additional information from professionals where applicable.
- Clinical assessments and plans relating to your treatment.
- Summaries of the content of therapy sessions.
- Copies of any letters or emails sent to you or received from you.
- Details of any telephone conversations with you.
We collect this personal information in order to provide treatment services to you (including communicating with you, your GP, your NHS referrer, other medical advisors as appropriate).
Under the GDPR, we must always have a lawful basis for using your personal data. We process your personal information so that we can comply with various legal obligations. This includes complying with legislation relating to health and social care.
Who do we share your information with?
Insight Healthcare has a data protection policy which means that relevant information is only shared with people involved in your health care. This will include:
- practitioners engaged by us to carry out our services to you
- your GP and any other NHS referrer
- the Department of Health and other statutory bodies to whom Insight Healthcare is required to submit data
Apart from these people, Insight Healthcare will not pass on your personal data to third parties without first obtaining your consent, however, there are times when information, legally, has to be given even without your consent, these would include; child protection, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.
We only share information with your family, friends or advocates with your explicit consent.
How long we keep your information
The information we collect will form your health record which we will retain for the duration specified by national guidance from the Department of Health, NHS Records Management Code of Practice. All confidential information is destroyed in line with the NHS Records Management Code of Practice.
Your rights as a data subject
At any point while we are in possession of or processing your personal information, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. You will need to provide a form of ID to access this. Click here for more details about how to request access to your records.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records. This right will apply only if the processing has been undertaken on the basis of consent which is withdrawn, the processing of data is determined not to be lawful or the information is no longer required. There are exceptions to the right to erasure and Insight Healthcare are legally required to maintain your records in accordance with the retention guide referenced in the link above.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk
In the event that you wish to make a complaint about how your personal information is being processed by Insight Healthcare (or third parties as described), you can contact the Data Protection Officer using the contact details above.
If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body:
Information Commissioner’s Office
Tel: 0330 8303 0338
Changes to this privacy notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website www.insighthealthcare.org
How do I contact you?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details for the attention of the Data Protection Officer:
36 Brenkley Way
Newcastle upon Tyne
Tel: 0191 217 0377