Privacy Notice – DJN Consultants Limited
I have to provide certain information to you under the General Data Protection Regulation including how I collect and process your personal information and your rights in relation to your personal information. This Privacy Notice sets out the information that is legally required to be given to you.
Dr Jill Neilson provides services through DJN Consultants Limited. This privacy notice explains how DJN Consultants Limited (and Dr Jill Neilson) uses your personal information where you contact us about our services, are a client of ours or otherwise receive our services. Please read it carefully. We may update this privacy notice every now and again – if it changes we will update our website with the new privacy notice.
For the purposes of data protection law, DJN Consultants (details in the footer below) is the controller of your personal information and DJN Consultants and Dr Jill Neilson will use the personal information you provide to them in accordance with this Privacy Notice.
If you need to contact us in connection with the use or processing of your personal information or to gain access to it the please get in touch with us by emailing firstname.lastname@example.org or calling 07973 217950.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect personal information like:
- your title, name, date of birth, age, contact details, occupation;
- your next of kin and relationship with next of kin;
- personal insurance details and payment details;
- clinical / health information including relating to your current or former physical or mental health. This may include information about any healthcare you have received from other healthcare professionals such as GPs and details of clinic and hospital visits and medicines administered.
We also create personal information about you, for example, when we create clinical records of sessions and clinical letters or reports.
Depending on the nature of the services we are providing, we may collect sensitive personal information such as health data, data about your sexual history or data revealing your racial or ethnic origins or religious beliefs (also called ‘special categories of personal data’). This may be the case, for example, if we are providing psychological services for psychological distress for an issue like sexual abuse and trauma and you tell us about certain personal matters in our sessions.
We will not collect any information about criminal convictions and offences, unless you disclose this information to us.
WHERE DO WE GET IT FROM?
We obtain your personal information form the following sources:
Directly from you, either in person, via email or telephone. This includes personal information you provide when you complete our patient information form, contract with us for our services, use any of our services or correspond with us.
Indirectly from other third parties when:
- you are referred to us by a third party for the provision of services such as through your workplace, GP or specialist medical consultant. These may include your medical records;
- we liaise with your workplace, health professional or other treatment or benefit provider;
- we liaise with your family;
- we liaise with your insurance policy provider;
- we deal with experts (including medical professionals such as psychiatrists) and other service providers about services you have received or are receiving from us;
- we liaise with county courts in respect of small claims; and/or
- we liaise with debt collection agencies
WHAT DO WE DO WITH IT?
We will use your personal information to:
- send you information that you have requested from us or to deal with your enquires;
- register you as a patient and arrange appointments for you
- provide you with treatment and services;
- comply with our legal obligations, for example in respect of disclosing non-recent/ historical abuse or child sexual abuse. This is a complex area and we would be happy to discuss if you have any queries.
- send you important notices or communications;
- invoice for the treatment / services we provide and for account settlement purposes;
- protect our business including to prevent fraud;
- administer and manage our business operations, such as maintaining accounting records and receiving professional advice.
WHAT IS OUR LEGAL BASIS FOR USING IT?
When “processing” your personal information (this is the legal terminology and essentially means using your personal data) we must have a legal justification for doing so. The particular justification depends on the proposed use of your personal information. Where we state below that we are relying on our legitimate interests to use your personal information then we will only do so in a way which does not overly prejudice your privacy rights. In addition where we are using your sensitive personal information (special category data) like health data, we are also required to have an additional legal justification to do so. We have set out the general legal bases together with any additional special condition we are relying on below for each anticipated use of your personal data.
- To register you as a patient. The processing is necessary to perform a contract with you and to provide you with healthcare or treatment.
- To provide you or the relevant party (if you are not the client) with healthcare and related services. The processing is necessary to perform a contract with you and for our legitimate interests in providing healthcare services to you. Additionally, the processing may be necessary to protect your vital interests where you are physically or legally incapable of giving your consent and/or for us to establish, exercise or defend any legal claims.
- To communicate with you about your treatment and our services to you and update any person you wish us to about your care. The processing is necessary to perform a contract with you and for our legitimate interests in providing healthcare services to you. Additionally, the processing may be necessary to protect your vital interests where you are physically or legally incapable of giving your consent and/or for us to establish, exercise or defend any legal claims.
- For invoicing and account settlement purposes. The processing is necessary to perform a contract with you, for our legitimate interests in managing your contract and administering our business. Additionally the processing is necessary for the provision of healthcare or treatment by us and may be necessary for us to establish, exercise or defend any legal claims.
- For the operation of our business including protecting it from fraud. The processing is necessary for our legitimate interests in managing your contract and administering our business. Additionally the processing is necessary for the provision of healthcare or treatment by us and may be necessary for us to establish, exercise or defend any legal claims.
- For medical audit purposes. The processing is necessary for our legitimate interests to monitor and improve the way we offer our services and the public interest in statistical and scientific research.
- To comply with our own legal and regulatory obligations and defend or exercise our legal rights. The processing is necessary for us to comply with a legal obligation to which we are subject and for our legitimate interest to protect our business and reputation. Additionally the processing is necessary for the provision of health care services by us and may be necessary to establish, exercise or defend any legal claims.
DO YOU HAVE TO AGREE TO OUR USE OF IT?
It is your choice whether to give us personal information so that we can take you on as a client or provide our services but if you do not provide certain personal information (such as personal details and insurance information), we may be unable to provide our services.
Where our legal basis for using your personal information is consent, you can choose to withdraw your consent at any time by contacting us using the details in this privacy notice.
WHO DO WE SHARE IT WITH?
If you agree, we may contact your GP, the referrer or relevant medical professionals with certain personal information.
We may disclose your personal information to:
- our third party service providers including IT providers, professional advisers and those providing administration or dictation services to us;
- anyone that you ask us to communicate with or provide as an emergency contact e.g. your next of kin;
- any healthcare professional involved in your care or treatment;
- private sector healthcare providers;
- third parties who assist in the administration of your healthcare, such as insurance companies;
- our regulators;
- our insurers;
- the police and other third parties where reasonably necessary for the prevention or detection of crime;
- debt collection agencies;
- relevant bodies, authorities or other entities where required in order to comply with anti-terrorism legislation.
We will have to share your personal information with others if we think that you or others may be at serious risk of harm or if we are required to so by law. We will discuss this with you first and are happy to discuss any queries you have about this.
If we prepare a psychological health in the workplace (occupational health) report, we will send this to the referrer. If we prepare a medico-legal report, we will send this to the referrer. You will be able to see this report if you request this in our Consent and Disclosure Form.
Invoices will go to the person or organisation that you identify is responsible for your treatment.
HOW LONG DO WE KEEP IT FOR?
We will keep your personal information (such as contact details and insurance details) until our services to you have ended and all financial obligations have been completed. However, please note that by law some medical records have to be kept for up to 20 years.
WHAT ARE YOUR RIGHTS?
You may have a number of rights in connection with the use of your personal information including:
- the right to access to your personal information held or controller by us;
- the right to have any inaccuracies in your personal information corrected or gaps completed;
- the right to have your personal information deleted or the use of it restricted (on the grounds specified by law);
- the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
- the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law.
Some of the above rights only applicable in specific circumstances. You may find the Information Commissioner’s Office’s (ICO) website www.ico.org.uk useful in understanding when the different rights apply.
If you wish to raise a complaint on how we have handled your personal data you can contact us using the contact details set out at the beginning of this notice and we will consider your complaint. If you believe we are not processing your personal information in accordance with the law you can complain to the ICO. Please see the ICO’s website for how to do this.
HOW DO WE PROTECT IT?
Your privacy is important to us and we take a range of technical and organisational measures to keep your personal information secure including password protected emails and encryption.