Privacy Policy

We understand we have a responsibility to respect and protect your privacy and look after your personal information.

This policy explains what information we collect, how we use it, the reasons for this, why we might ned to disclose your personal data to others and how we store your data securely.

Contact Details:

Name: Dr Sarah Mills

Address: Suite 19, 58 Low Friar Street, Newcastle upon Tyne, Tyne and Wear, NE1 5UD

Phone Number: 0191 731 6707

E-mail: enquiries@drsarahmills.co.uk

Date of policy: 26/06/2022

We may perform the roles of data controller and data processor for your personal data whilst working with your information.

The law states we are only able to process personal data if we have a valid reason to do so, these include, but are not limited to: with your consent, performance of a contract, billing, for your vital interests or to contact you.

The type of personal information we collect:

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example: name and contact details for child and parents)

  • Information about Professionals known to your child

  • The concerns you have about health and wellbeing

  • Medical information

  • Payment information

  • Wider family history

How we get the personal information and why we have it:

Most of the personal information we process is provided to us directly by you.

We also receive personal information indirectly,  for example, from the following sources in the following scenarios:

  • Through referral or reports from another professional e.g. GP or school with your consent

We use the information that you have given us in order to:

    • To identify you and accounts you hold

    • To provide you with information and services

    • To comply with the contractual obligations with have with you

    • To process orders you have submitted to us

    • To administer accounts, process payments, to monitor billing and payments.

    • To detect fraud and ensure information held is correct

    • To carry out marketing and statistical analysis

    • To notify you about changes to our services and website, or to provide you with information about products which may interest you, where you have given consent for such communications

We may share this information with other health professionals, education or safeguarding agencies. This is when assessments are being collated by a number of professionals or there are safeguarding concerns, following our statuary duties.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent.

You are able to remove your consent at any time. You can do this by contacting: admin@drsarahmills.co.uk

(b) We have a contractual obligation

This is to carry out assessments you have requested                                                                   

(c) We have a legitimate interest

We use your data only in ways you would reasonably expect us to. We would never sell, or pass your data to a third party without your explicit consent. When processing personal information we alway ensure your data is respected and protected and especially that of your children

How we store your personal information

Your information is securely stored. We follow ISO standards to store and protect the data we collect, including the use of encryption where available. Your data may be transferred to and stored in a country outside the EEA in relation to provision of services. The laws in these countries may not provide the same protection. However, any third party involved has agreed to abide by European levels of protection in respect of data transfer, processing and storage.

Data is stored through Secure Cloud based servers for:

Website: https://www.squarespace.com/privacy

Cookies: https://www.squarespace.com/cookie-policy/?_ga=2.24759546.1563418510.1656714605-1750623506.1656714531

clinic software: ClinicYou, their privacy policy is available at: https://clinicyou.co.uk/security.

Third party referrals are shared through Google drive, privacy policy available at: https://policies.google.com/privacy?hl=en-GB&fg=1

When personal information (such as demographics or payments details) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. However, when data is being transmitted to us we cannot guarantee the security of this data before it reaches us, this is done at your own risk.

We keep the personal data we hold on you only for the period of time necessary. For example, the time period we are working with you, for 7 years following discharge (in adults) or until the child is 25 (Following legal obligations and allowing the child to access that data once an adult).

We will then dispose your information by erasure from our servers and data files. Unidentifiable data may be retained as part of service analysis to modify and improve our services.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at admin@drsarahmills.co.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at feedback@drsarahmills.co.uk  or in writing to:

Suite 19
58 Low Friar Street
Newcastle upon Tyne
Tyne and Wear
NE1 5UD

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:            

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk/