Introduction

​

We take the security of personal data and other confidential information very seriously and are committed to complying with applicable data protection legislation and medical confidentiality guidelines.

Personal data is any information that can be used, either by itself or together with other information, to identify an individual. We treat all such information as confidential, whether or not it falls within the legal definition of personal data.

This policy outlines how we collect, use, store, and share your personal data and confidential information. By engaging with our services or website, you consent to this processing. Any queries should be sent to info@mindof.uk.

​

1. Who Do We Collect Personal Data From?

​

We collect personal data from the following groups:

• Patients, customers, and their families

• Prospective patients and customers

• Referring professionals and third parties (e.g. GPs, family, psychologists, therapists, social workers, insurers, solicitors, schools)

• Professionals making enquiries

• Staff, including psychiatrists, therapists, allied professionals, and administrative personnel

 

2. Categories of Personal Data We Process

 

We process the following categories of personal data:

 

A. Standard Personal Data

• Contact details (e.g. name, email, address, phone number)

• Relationship identifiers

• Appointment and communication history

B. Special Categories of Personal Data

• Health and medical information

• Social, educational, and legal history

• Family background

• Ethnicity, religious beliefs, sexual orientation

• Details relating to your mental health, cognitive functioning, and therapy goals

 

We may collect information directly from you or from third parties with your consent (e.g. GP, school, solicitor).

Examples include:

• Clinical and diagnostic test results (e.g. ECGs, bloods, QbCheck)

• Medical and education records

• Financial and legal data

• Notes from assessments or consultations

• Feedback and service use patterns

 

3. How We Collect Your Information

 

We collect data when you:

• Fill in forms or questionnaires

• Speak to us on the phone or via email

• Attend assessments or therapy sessions

• Provide written authorisation to access third-party records

• Engage with our website or submit online forms

 

We may also collect data from professionals involved in your care or legal representation.

 

4. Lawful Basis for Processing

We process your data on the following legal grounds:

• Consent: where you have explicitly agreed to the use of your data

• Contract: where processing is necessary for service provision

• Legal obligation: e.g. safeguarding, court-mandated requests

• Vital interests: to protect life and prevent harm

• Legitimate interests: e.g. managing our services, improving quality, handling claims, service evaluation

 

5. How We Use Your Information

 

We use your data to:

• Deliver high-quality clinical and medico-legal services

• Create tailored care plans and service recommendations

• Communicate with you and respond to enquiries

• Liaise with other professionals involved in your care

• Improve our services through feedback and review

 

We do not send marketing or promotional messages.

​

We do not sell or share data for marketing purposes.

 

6. Sharing Your Data

 

We may share your data with:

• GPs and healthcare professionals as part of care delivery

• Solicitors in legal or medico-legal cases

• Schools, social services, or other support agencies (with consent)

• Third-party labs or test centres (e.g. for blood tests, ECGs)

• Regulators or authorities if legally required

 

We ensure appropriate data sharing agreements and safeguards are in place.

 

7. How We Store Your Information

• Medical records are encrypted and stored securely

• Data in paper format (e.g. consent forms, reports) are scanned and disposed of securely

• Electronic data is protected by access controls, encryption, and secure storage practices

 

8. Retention of Personal Data

 

We only retain your personal data as long as necessary. Specific retention periods include:

• Medical records: up to 20 years after treatment (Information Governance Alliance guidance)

• General contact/enquiry data: up to 2 years unless converted into a client record

• Legal case documentation: in line with legal and ethical obligations

 

9. Your Rights

 

You have the right to:

• Access the data we hold about you

• Request corrections or updates

• Withdraw consent (where processing is based on consent)

• Request data erasure (subject to legal grounds)

• Restrict or object to processing

• File a complaint with the Information Commissioner’s Office (ICO)

 

We aim to respond to all data requests within 30 calendar days.

 

10. Legal Compliance and Risk Disclosure

 

We may process or disclose personal data to:

• Comply with a legal obligation

• Prevent a serious risk to health or life

• Support safeguarding or public protection

• Cooperate with law enforcement under specific circumstances

 

11. Confidentiality and Information Governance

 

We follow the General Medical Council (GMC) guidelines and apply strict confidentiality standards.

Key documents:

• GMC - Guidance for doctors - Confidentiality: good practice in handling patient information

• GMC - Guidance for doctors - Decision making and consent

 

12. Contact and Complaints

​

If you have questions or concerns about your data, please email info@mindof.uk.
We are committed to ensuring your rights are upheld and your personal data is handled responsibly.

 

Last updated: 14/05/2025