We aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.
We work in the most part with children between the ages of 6 and 16 years, so consent for the use of data as described in the policy must be given by the person with parental responsibility who has arranged the assessment and agreed the resulting contract to carry this out. Where ‘you’ is used in this policy, this is used to refer to both the data provided specifically about the child being assessed, as well as any additional relevant data the person with parental responsibility provides to enable the assessment to take place, such as family history, contact information etc.
This policy describes the information that we collect when you use our services. The security of your personal data has continuously been addressed by reference to the British Psychological Society’s (BPS) Code of Conduct and the Health & Care Professionals (HPCP) Standards of Conduct, Performance and Ethics, and this is now further enhanced by the implementation of the GRPD. We may need to collect information that includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 [and the subsequent UK Data Protection Bill that is expected to be enacted in 2018]. The policy describes how we manage your information when you use our services, if you contact us or when we contact you. It also provides extra details to accompany specific statements about privacy that you may see when you use our website (such as cookies) or with other online presence (such as Facebook or Twitter).
We use the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Julia Richards is the data controller; if another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information. If your questions are not fully answered by this policy, please contact our Julia Richards directly. If you are not satisfied with the answers given, you can contact the Information Commissioner’s Office (ICO) https://ico.org.uk.
The GDPR requires us to identify the legal basis upon which we process your personal data. We will proceed with your assessment and all associated activity on the basis of (a) our contract with you and (b) our legitimate interest to hold and process your personal data.
Contract – we need to process your personal data to fulfil our contractual obligations to undertake a psychological assessment, as agreed with you. We will process all personal data that you share with us for the purpose of the assessment and will do so lawfully, fairly and in a transparent manner. Our processing of your personal data is necessary for us to fulfil our contract with you. When you engage in certain activities on this site, such as downloading information or making contact with us, we may ask you to provide certain information about yourself. The information you provide will be kept confidential and will be used to support your relationship with us; it will not be passed to any third party service provider.
Legitimate Interests – as you will reasonably expect, given the context and nature of our relationship, the intended purpose for processing your personal data is to conduct a psychological assessment, which includes psychometric profiling. Inevitably, educational psychology assessments involve the processing of special category data, including information, for example, about your health, educational achievements, cognitive functioning, personality, interests and family history. Depending upon the nature of the contract with you, we have a legitimate interest to collect such personal data for the purpose of forming a professional opinion or diagnosis. In so doing, we will only collect information from you that is relevant to the purpose of undertaking that assessment and the associated and expected reporting, profiling and advising.
- Why do we need to collect your personal data?
We need to collect information about you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver services to you. The legal basis for this is the contract with you.
- Process your payment for the services. The legal basis for this is the contract with you.
- Verify your identity do that we can be sure we are dealing with right person. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with a useful and relevant website. The legal basis for this is legitimate interest.
- What personal information do we collect and when do we collect it?
For us to provide you with goods and services, we need to collect the following information:
- Your name and contact details including a postal address, telephone number(s) and electronic contact such as email address.
- Relevant background and current information as essential to the assessment itself
- Details about how you access our website such as the IP address, the browser you use, and which pages you access.
- We collect this information directly from you.
We may also collect information about you from third parties; for example from another health professional (such as your Doctor or Occupational Therapist) to provide a complete assessment.
- How do we use the information that we collect?
We use the data we collect from you in the following ways:
- To communicate with you so that we can inform you about your appointments with us we use your name, your contact details such as your telephone number, email address or postal address
- To deliver the correct service to you we use your name, your contact details and the details about the assessment
- To gather all the relevant information needed to conduct and evaluate the assessment which we are contracted to complete for you
- To optimise our website so that users can find the information they need
- Where do we keep the information?
We keep your information in the stores described below:
4.1. On our company computers and iPads. We use personal computers and iPads that are located on our own premises. The computers are password protected and the hard drives are encrypted. Passwords are changed regularly and it is company policy that passwords are not shared. The information you provide for the assessment: The questionnaires and additional information you provide relating to the assessment are kept on the computers on the hard drive, and periodically backed up to an external hard drive that is kept in a locked safe and/or to a cloud-based secure server. Your report: We create a report that contains all the information that we gather and our findings and conclusions, and this is computer generated and stored as above.
4.2. As a paper copy: We take hand written notes and records during the assessment. These notes are used to create the report that we provide to you. We keep a file of the handwritten notes, record forms etc that are generated during the assessment and these are kept in a locked store room on our premises.
4.3. On our mobile phones: You may provide us with your mobile phone number to contact you about the assessment, and for us to send you the password for your reports. Your number will not be stored with your name and will be deleted following the sending of the assessment.
4.4. On QInteractive, a cloud-based assessment tool. Your name and date of birth is required by the assessment tool, no other personal information is uploaded. Pearson, the owners of QInteractive assure us that it is GDPR compliant, and it has a two-facto authentication security system.
- How long do we keep the information?
We keep both the paper files and the electronically held information from the assessment of a child until that child is 23 (18 years plus 5). This is to ensure that we are able to provide consistent and accountable services and build on the picture of need and progress for the individual throughout their education and training. If you wish the information to be destroyed before this time we will do so on request.
- Who do we send the information to?
We send your report to you and anyone we are required by law to inform. All reports that are sent electronically are sent as attachments that are password protected.
- How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting the Data Protection Officer (Julia Richards). We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests
- What if my information is incorrect or I wish to be removed from your system?
Please contact the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information in the same format at the subject access request in section 7.
- How can I have my information removed?
If you want to have your data removed we have to determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
- Will we send emails and text messages to you?
As part of providing our service to you we will send your report to you via email. The report will be password protected and the password sent separately. Also, as part of this service, we need to send details of your appointments and other relevant information regarding the appointment to you. To protect your information, we prefer to use an end-to-end encrypted messaging service. If you are not able to use such a service we may use SMS (text messages); however, this does increase the risk of someone intercepting the message. We will not contact you by email for any reason other than that pertaining specifically to the child and the assessment.
The material on our site is given for general information only, and does not constitute professional advice. You should take specific advice before taking a course of action as we do not accept directly or indirectly any responsibility for loss arising directly or indirectly from reliance on information on this site.
Given that the Internet uses an open system we cannot warrant that the site and downloads reach you virus-free. You must, therefore, take all appropriate precautions for your own safety.
This site includes links to other sites which we consider may be of interest to you. We cannot be liable for their content. Users link to other sites at their own risk and use such sites according to the terms and conditions of use of such sites.