GDPR Policy
Who we are
Sinead Foyle is a qualified Speech and Language Therapist and the founder of Connect and Communicate. Connect and Communicate provides independent speech and language therapy to children and young people, typically in the home or educational setting.
​
Therapists are registered with the Health and Care Professions Council (HCPC), members of the Royal College of Speech and Language Therapists (RCSLT) and members of the Association of Speech and Language Therapists in Independent Practice (ASLTIP) and CORU - Regulating body of Health & Social Care Professionals in the republic of Ireland. Connect and Communicate operates a website at www.connectandcommunicate.uk. Connect and Communicate is committed to protecting the privacy of information provided by our clients.
Our lawful purpose for processing personal information
Our lawful basis for processing and storing personal information is one of 'legitimate interest' under section 6 of the General Data Protection Regulations (GDPR). We cannot adequately deliver a service to you without processing your personal information. As it is both a necessity for our service delivery and of benefit to you, we
have a legitimate interest to process and store your data.
Data relating to an individual's health is classified as 'Special Category Data' under section 9 of the GDPR. The regulations specify that health professionals who are 'legally bound to professional secrecy' may have a lawful basis for processing this data. Speech and Language Therapists are legally bound to keep client information
confidential and it is under this condition that we process and store personal information.
It is a legal requirement for all Speech and Language Therapists to be registered with the Health and Care Professions Council (HCPC) and CORU (Regulatory body of Health and Social Care Professionals in the Republic of Ireland).
The HCPC has clear standards of conduct, performance and ethics that all registrants must adhere to. These standards affect the way in which we process and share information, specifically:
Standard 2: Communicate appropriately and effectively
"You must share relevant information, where appropriate, with colleagues involved in the care, treatment or other services provided to a service user."
Standard 5: Respect Confidentiality
“ You must treat information about service users as confidential"
​
Disclosing information
5.2 You must only disclose confidential information if:
- you have permission;
- the law allows this;
- it is in the service user’s best interests; or
- it is in the public interest, such as if it is necessary to protect public safety or prevent harm to other people.”
Standard 10: Keep records of your work
"You must keep full, clear, and accurate records for everyone you care for, treat, or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access."
CORU regulatory body also obtain similar clear standards of conduct, performance and ethics that all registrants must adhere to:
​
Standard 2: Respect the confidentiality and privacy of service users
“keep service user information securely and, subject to other provisions of this Code, treat it confidentially, including
guarding it against accidental disclosure”
“share service user information with others only where and to the extent necessary to give safe and effective care or where disclosure is mandated by law”
“ inform service users of the limits of confidentiality and the circumstances in which their information may be shared with"
“ obtain the consent of a service user before discussing confidential information with their family, carers, friends or
other professionals involved in his/her care”
“always follow employer guidelines and relevant legislation when handling service user information”
“be aware of the following circumstances in which disclosure of confidential information in the absence of consent may be appropriate, justifiable and/or required by law:
-
to prevent harm to the service user or a third party
-
to prevent harm to the public at large
-
to comply with a legal requirement”
Standard 7: Obey laws, regulations and guidelines
“know and work within the laws, regulations and guidelines overing your practice and keep up to date with any changes in legislation or regulation or guidelines”
“obey the laws of the country in which you live and work in both your professional practice and your personal life”
Standard 18: Keep accurate records
“keep clear and accurate and up-to-date records in line with the policies and procedures set out in your workplace or as dictated by relevant guidelines or legislation”
“make sure that all records are: complete, legible (if handwritten) identifiable as being made by you, using your registered name and registration number dated and timed completed as soon as practicable following assessment, intervention or treatment, and clear and factual”
“ if you supervise students, review each student’s entries in the records and record that you have done so”
“store and use records according to data protection legislation, and other relevant legislation and policies governing your practice”
“ protect information in records against loss, damage or access by anyone who is not allowed to access them”
“ make sure that if records are updated, previously recorded information is retained g. understand that service users generally have a right to obtain copies of their records, subject to certain limited exceptions”
“Ensure that records are retrievable for service users throughout the designated retention period. Records are all information collected, processed and held in manual, electronic or any other format pertaining to the service user and service user care.”
“Records include data, demographics, clinical data, images, unique identification, investigation, samples, correspondence and communications relating to service users and their care”
How we collect personal information
Information about you may be collected in spoken or written form from you. With your consent, information may also be collected from other people or professionals working with you (such as your partner/carer, medical team, other members of your ‘treating team’/case managers and NHS Speech and Language Therapists). You may use the Connect and Communicate website without providing any personal information.
If you wish to make an enquiry via the website's online submission form, you are requested to provide your name, e-mail address and contact telephone number to enable us to respond to your enquiry. You may add comments or queries which might also contain personal information.
If your enquiry does not result in you being seen by Connect and Communicate then this personal information will be deleted once your enquiry has been dealt with.
The Connect and Communicate website contains links to other internet sites which are outside our control and are not covered by this privacy policy. We are not responsible for data which you provide through any such linked websites. Please refer to our website privacy policy for additional information via our website.
​
How we use personal information
Personal information collected by us via the Connect and Communicate website, email, telephone or face to face, is stored and used by us for the purpose of delivering your speech and language intervention.
Information we collect:
Specific data in relation to communication skills may be collected and held, such as assessment forms,
Reports, case notes, e-mails, text messages and transcripts of the phone. Audio and video files may also be collected and stored.
We use this information:
To prepare, plan and provide speech and language therapy services appropriate for your needs
To communicate with you via post, email, telephone or text message in relation to:
-
arranging / confirming and planning for appointments
-
general communication in between appointments
-
sending you reports and programmes
-
copying you in to communications with other professionals involved with your care
-
sending you resources necessary for your speech and language intervention
-
sending you invoices
For management and administration, for example names and addresses of clients are included in our secure clinical database. Any sensitive personal details are stored in a secure and confidential system, processed in confidence by Connect and Communicate and shall only be used for the purposes of delivering appropriate speech and language therapy services to you.
With your consent, information about your speech and language needs will be shared with other professionals involved in your care, when it is in your best interests.
A record of your consent is kept within your record.
Unless we are required to do so by law, or for safeguarding purposes, we will not disclose any personal information collected to any person other than as set out above.
With your consent we may share information such as appointment dates and times and reports via email. Any email containing sensitive personal data, either in the body of the email or as an unencrypted attachment, will be sent, where possible, will be anonymised with the client’s initials or documents will be password protected. We will also aim to use encrypted messaging services such as WhatsApp, WeTransfer and online platforms such as Microsoft Teams.
We do not employ agents to process personal data.
We do not give or sell client details to any third parties.
​
How we store personal information
All information about you and your speech and language therapy is stored securely in our systems to ensure that we have a complete record of our service to you.
We use a secure electronic cloud-based system called One Drive for Business and Microsoft Forms which is compliant with general data protection regulations, One Drive for Business is HIPAA compliant. Any paper based confidential information such as assessment record forms are stored securely in accordance with the Information Commissioner's Office (ICO) data protection regulations before being scanned and uploaded to your record on One Drive for Business.
Once a paper document has been uploaded the original copy is shredded and disposed of using a GDPR compliant. We seek to ensure that they are fully compliant with GDPR rules and procedures.
Voice recordings and videos may be taken of you with your consent. These are temporarily stored on a password protected device. These may then be viewed by the SLT in order to make notes in a client record within 24 hours of the appointment. The video is then permanently deleted.
Should any recordings be held as necessary for your treatment (either video, voice or photographic) you will be asked to sign a consent form outlining your consent for how these will be used, how these will be stored and at what point they will be destroyed. For example if to be used on our social media platforms, or training purposes, this will be always discussed and consented by parents and/or legal guardians, who can also withdraw consent at any time.
The minimum amount of confidential information will be taken out of the Speech and Language Therapist's office base. When your information is taken out of the office base it will be kept with the Speech and Language Therapist.
In accordance with our Terms and Conditions, all records will be kept securely for the legal duration after the final entry. After this time all records relating to your treatment will be destroyed. This may be subject to change depending on enforced laws and regulations. With your consent we may retain anonymised information on the service provided and outcomes measured for an indefinite period.
Data Protection Regulations 2018
The General Data Protection Regulations (GDPR) 2018 govern protection, processing and movement of data and the legal rights of individuals to control information about themselves.
GDPR seeks to give people more control over how organisations use their data. It enforces significant penalties for organisations that fail to comply. All speech and language therapists working for Connect and Communicate are registered with the Information Commissioner's Office (ICO) as Data Controllers. You can view their ICO
registrations by visiting: https://ico.org.uk/esdwebpages/search.
Our responsibilities
We are committed to maintaining the security and confidentiality of your personal information. We actively implement security measures to ensure your information is safe and review these measures annually.
We are constantly working to ensure compliance with current data protection regulation.
We will not release your personal details to any third party without first seeking your consent, unless this is required by law.
Your rights
GDPR gives you the following rights:
-
The right to a copy of the information we hold about you
-
The right to ask for your record to be amended if you believe that it is wrong.
-
How to access your records
-
A right for your data to be erased
A parent/carer also have the right to have it amended should it be inaccurate or erased entirely. These situations are called:
Right to rectify: In certain situations a parent/carer have the right to request us to amend things that are incorrect within a child/YP’s personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with a parent/carer if certain limited conditions apply.
Right to erasure: In certain situations a parent/carer have the right to request us to “erase” a child/YP’s personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with a parent/carer if certain limited conditions apply. It is important to note that the Data Protection Act 2018 (Article 9, section (2)(h) says that the right to be forgotten/erased does not apply when data is processed for Health or Social Care purposes. Speech and Language Therapists are Healthcare Professionals (registered with the Health Care Professions Council), so the information we process about a child is considered to be a Health Record. If you are happy for a child/YP’s data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything.
You can access the information we hold about you by writing to us at the email address
below. We will provide access to your records within 30 days of receipt of all necessary
information. Please make your request in writing to:
FAO Sinead Foyle Data Access Request
sinead@connectandcommunicate.uk
What should a parent/carer do if a child’s personal information changes?
It is important that a parent/carer inform Connect and Communicate if any details such as a the child’s name or address have changed or if any of their details such as date of birth is incorrect in order for this to be amended. A parent/carer have a responsibility to inform us of any changes so our records are accurate and up to date for a parent/carer.
Additional information Relating to the professionals, schools and organisations we liaise an work with Connect and Communicate. All previous information on storage and rights detailed above are also applicable.
This privacy notice lets you know what happens to any data that you give to us about you or people working in and around your school/organisation, or any that we may collect from you or about people in your school/organisation. For information on what happens to personal data that we collect on children/Young People who we have provided with or are providing with Speech and Language Therapy Support, please refer to part one of our ‘Privacy Notice – Personal Data of Children/Young People’.
The information that we collect and use
When you or your school/organisation is working with Connect and Communicate we must collect basic ‘personal data’ about the people we are working with. This includes their name, work or home address and contact details such as email and mobile.
​
Why we collect this data
In order to run our service efficiently and keep appropriate employment records, we need to collect and keep information about the people we are working with. Personal information is used to:
-
Work jointly to make decisions about the service provided to your school/organisation
-
Share information on children/Young People we are working with jointly
-
Work together with other services who are working in your school/organisation
-
We also may use, or share, personal information for the following purposes:
-
Making sure that our service can meet patient needs in the future
-
Reporting back to schools on outcomes of our service. If this information goes outside of your school/organisation, we will seek your consent and it will be anonymised so no identifying details are included
-
Investigating concerns, complaints or legal claims
-
Helping staff to review the care they provide to make sure it is of the highest standards
-
Training and educating staff
Complaints
Should a parent/carer have any concerns about your child’s information is managed at Connect and Communicate please contact Sinead by emailing sinead@connectandcommunicate.uk
If a parent(s)/carer(s) are still unhappy following a review, you a right to submit a complaint with the Information Commissioner.
Information Commissioner:
Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if a parent/carer prefer to use a national rate number