Privacy Policy

What is GDPR

The purpose of GDPR is to provide a set of standardised data protection laws. This document sets out how the Directors of Midlands ADHD Clinic comply with these laws.

Malvern Hills Private Practice and Midlands ADHD Clinic are both trading entities of the same underlying limited company. Thus, staff work across both entities, and your clinical information will be stored in the central clinical system shared between them both.

Data Controller with ICO (Information Commissioners Office)

Mr Daniel Pamich is the registered data controller for Midlands ADHD Clinic Ltd. Staff members working with clients/patients under the jurisdiction of Midlands ADHD Clinic Ltd will be Data Processors for the clients/ patients they work with directly and may have access to more detailed data due to the confidential nature of their clinical work with a specific person.

Data We Hold

Midlands ADHD Clinic ltd collects and processes the following personal data of (1) Personal data: basic contact information: name, address, email, contact number, video conference ID (if online therapy), next of kin, and GP contact details. This list is not exhaustive but provides examples of data under this heading. (2) Sensitive personal data: For example, signed consent to the service provided, consultation records (notes, letters, reports and/or outcome measures), GP Summary Care Record, medication, and medical history.

Lawful Basis for Holding Information

Midlands ADHD Clinic ltd has a legitimate interest in using the personal data and sensitive personal data we collect to provide treatment. It is necessary for us to collect this data to be able to provide psychological therapy, assessment and medication treatment and to identify clients/patients should an issue or risk arise and the GP needs contacting. We may also ask for information on how you found our service for the purpose of our own marketing research.

Use of Information

We take your privacy seriously. We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a service to you as we must collect identifiable information in case there is a concern regarding risk to self and others and we need to contact a third party concerning this risk.

Also, if you are referred by your health insurance provider, we will collect and process personal data provided by that organisation. This includes basic contact information, referral information and health insurance policy number and authorisation for psychological treatment, as examples.

You confirm that as part of the ADHD Assessment, should the Conners questionnaires be used, there is a requirement for Midlands ADHD Clinic to register your details/observer details with their website portal. For example, name and date of birth and email address. Please visit the MHS Assessment Centre website for more information on their GDPR www.mhs.com.

You confirm that as part of the QB Check/Test requirements, Midlands ADHD Clinic will share some of your personal details with QB Tech to enable registration with their system. This may include, as an example, your name, date of birth, height, weight, gender, and medication status. Please see the QB Tech website for further information on their GDPR rules www.qbtech.com.

You confirm that should you be prescribed ADHD medication; Midlands ADHD Clinic will be required to provide your details to the dispensing chemist.

Storage of information

Your clinical notes will be stored in our practice management software. We will only store your personal information for as long as it is required by standard for our service and governing bodies.

The sensitive personal data defined above for therapy is stored for a period of 7 years after the end of therapy.

After this time, this data is deleted at the end of each calendar year. ADHD Assessments and medication information will be stored in line with legislation.

Card payments are processed using licensed payment software called Stripe.

Protection of Data

Midlands ADHD Clinic will take all reasonable steps to protect against equipment and software failure, undertaking regular back-ups of data.

If data was needed to be restored appointments may be rearranged once operations have been fully resumed.

Our systems are protected by two-factor (password and additional security). We use a password protected Wi-Fi.

Personal information is also stored on an office computer and on a secure server. These are password protected. Malware and antivirus protection are installed on all computing devices. Information is backed up regularly to an offsite server.

Privacy Rights

You have a right to access the personal information we hold about you. We will usually share this with you within 30 days of receiving a request through a Subject Access Request Form.

There may be an admin fee for supplying the information to you. We may request further evidence from you to check your identity. You have a right to get your personal information corrected if it is inaccurate.

You can complain to a regulator if you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.

Deleting Information

Midlands ADHD Clinic ltd reserves the right to refuse a request to delete a client’s personal information where this is clinical records and legislation requires the record to be kept for a set amount of time.