Privacy Policy
This Privacy Policy outlines how Hannah Hayward Limited handles your personal information, which is often confidential and sensitive. We store and process all personal information in compliance with our data protection policy, adhering to The Data Protection Act 1998 (effective at the time this statement was created) and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), adopted on April 27, 2016, and enforceable from May 25, 2018.
Information Retention
We retain information in accordance with Department of Health guidelines. For children, records are kept until their 25th birthday or until age 26 if they were 17 when treatment concluded, or for 8 years after death. For adults, medical records are retained for 7 years.
This document also provides additional details that complement specific privacy statements you may encounter on our website, such as those related to cookies.
Data Controller
Dr. Hannah Hayward is the data controller for Hannah Hayward Limited. Additional staff members who work directly with patients are also considered data controllers for those patients. All associates are required to sign a contract agreeing to comply with GDPR.
Important: By submitting your personal data to us or using our website, you consent to the processing of your data in the manner and for the purposes outlined below.
This privacy policy was last updated on 08.08.24.
Information We Collect About You
At the initial point of contact, we may collect personal information about you or your child, including:
-
Full name
-
Postal address
-
Email address
-
Telephone number
-
Date of birth
-
Demographics (e.g., sex, gender, ethnicity)
-
School details
-
Relationships and children
-
GP details
-
NHS number (if available)
-
Health insurance information (if applicable)
We may also request additional sensitive information, such as details about medical history, current difficulties, and any concerns or risks, necessary to provide the services you’ve requested.
Information is also collected when you complete the contact form on our website, which asks for your name, email address, and the reason for your inquiry. This information is needed to respond appropriately.
If services are commissioned for you by third parties (e.g., GP, local authorities, clinical commissioning groups), they may provide us with your name, address, contact details, and medical/educational history.
We ensure that the data we collect is adequate, relevant, and not excessive for its intended purposes. We may also collect rating scales, past professional reports, and school reports when relevant.
How We Use Your Information
We use your personal information to provide the services you’ve requested. This includes:
-
Communicating with you about appointments (via email, writing, or text message)
-
Delivering appropriate services to you or your child
-
Conducting thorough assessments
-
Invoicing you or your insurance company (we keep financial records for 7 years as required by HMRC)
-
Communicating with relevant third parties (with your consent) to support treatment and manage risks
Your information is shared only with staff members involved in your care, who understand their legal responsibility to maintain confidentiality. We may share your information with your or your child’s GP, school, CAMHS/PCAMHS, social services, or other professionals, but we will ask for your consent first.
We may need to share information without consent when legally required or if there’s a risk of harm to you, another child, or an adult. In such cases, we will discuss the disclosure with you unless it could increase the risk.
We do not share your personal information with third parties for marketing purposes.
Data Storage
-
Paper-based records: Kept to a minimum and stored in a locked filing cabinet by the lead clinician.
-
Access restrictions: Personal information is accessed only by those directly involved in your care.
-
Electronic information: Sensitive data is emailed to patients/parents only with prior consent and stored on password-protected devices.
-
Backups: Data is regularly backed up.
If you contact us via the website or email, your information will be kept in an online filing system compliant with GDPR.
Your Rights
You have the right to access the information we hold about you or your child, and to request a copy. Submit your request in writing or by email to the Data Protection lead, Dr. Hannah Hayward. We aim to provide the data within 30 days, possibly subject to a small admin fee.
You can also request:
-
Correction of any inaccurate or incomplete information.
-
Erasure of certain information, though legal reasons may prevent this.
-
Cessation of certain uses of your information, such as appointment reminders.
-
Electronic transfer of your information to another health professional.
Data Breaches
To prevent unauthorized access to your information, we have strong physical and electronic security measures. In the unlikely event of a data breach, Dr. Hannah Hayward will notify the Information Commissioner’s Office (ICO) within 72 hours and inform any affected individuals.
Right to Withdraw Consent
If you’ve given consent for us to process your personal data, you can withdraw it at any time. Withdrawal won’t affect the lawfulness of processing conducted before withdrawal. If you withdraw consent, we may no longer be able to provide certain services.
Complaints or Queries
If you have concerns about how we use your information, and you cannot resolve them with us, contact the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745/casework@ico.org.uk).
Cookies
What are cookies?
Cookies are small text files placed on your computer by websites you visit, used to ensure websites function efficiently and to provide insights about visitor behaviour. You can adjust your browser settings to restrict or delete cookies.
Cookies on Our Website
We use cookies to monitor website performance, including Google Analytics to analyze user behavior. For more information, refer to Google Analytics’ privacy policy. Managing Cookies
You can browse our website without receiving cookies by adjusting your browser settings. Visit www.aboutcookies.org for more information on managing cookies.
Please note that we only use cookies to enhance your online experience, and no personal data is collected through this process.