This document provides information relating to how Dr Cassie (the trading name of Moulsford Medical Ltd) handles your personal information. The information that we hold is confidential and often sensitive in nature. Any personal information we hold about you is stored and processed under our data protection policy, in line with The Data Protection Act 1998 (in force on the date this statement became operational) and the General Data Protection Regulation (Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018.
Information is retained in line with Department of Health recommendations. Information on a child will be kept until their 25th birthday, or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death. Medical records of adult patients are retained for a period of 7 years.
This document also provides extra details to accompany specific statements about privacy that you may see when you use our website (such as cookies).
Dr Cassie Coleman is the data controller for Dr Cassie (the trading name of Moulsford Medical Ltd) Additional staff working at Dr Cassie (the trading name of Moulsford Medical Ltd) are data controllers for the patients they work with directly.
At initial contact we will ask for some personal information about you/your child. This may include:
We may also ask for additional information, such as the difficulties experienced by you/your child, your family and details about your/your child’s past medical history, current difficulties and any concerns and risks – this is classed as sensitive information and is necessary to enable us to offer the service you have sought from us.
We collect information about you when you complete the contact form on our web page. The contact form asks for your name, email address and the reason for your enquiry. We need this information in order to respond appropriately to your enquiry. If you contact us by telephone or direct email, a record will be kept of that correspondence or conversation.
If our services are commissioned for you by third parties (your GP, local authorities, clinical commissioning groups, etc.) they will provide us with a variety of information, including your name, postal address, telephone number, email address and medical/educational history.
We will use your personal information to provide the services you have requested from us. Collecting this data helps us to:
Your information is shared with the appropriate staff members working at the clinic and they understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this. We may also share your information with your/your child’s GP, school, CAMHS/PCAMHS, Social Services, or other professionals such as a Psychiatrist. We will ask for your consent to do this.
There may be instances when we need to share information such as, when there is a legal obligation for us to do so or when the information concerns risk of harm to the patient, or risk of harm to another child or adult. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or someone else.
We will not share your personal information with third-parties for marketing purposes.
If you contact us via the website contact form or directly by phone or email, we will keep the information in an online filing system which is compliant with General Data Protection Regulations.
You have a right to access the information that we hold about you/your child and to receive a copy. You should submit your request to the Data Protection lead, Dr Cassie Coleman, in writing or by email. We will aim to provide the relevant data within 30 days and this may be subject to a small admin fee.
You can also request us to:
To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data protection breach the Data Protection lead, Dr Cassie Coleman will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. Breaches which carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects and measures to prevent the breach from happening again. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.
If you have any concerns about how we use your information and you do not feel able to discuss it with anyone at the clinic, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745 / firstname.lastname@example.org).
Monday – Friday: 0900hrs – 1700hrs