Definitions & Glossary 

· In the below text, ‘we’ refers to Neurodivergent Partners as a registered company.

· ‘Personal data’ is any information that identifies you.

· ‘Special category data’ is data processed in relation to your health and we can process this information legally where it is necessary for healthcare provision and diagnosis. We recognise this information is highly sensitive so has additional protection, outlined in the privacy policy below when discussing ‘personal data’.

What is the purpose of this Privacy Policy?

· We publish this policy to let you know how we process and use any personal data provided by you or collected by us.

· This is so that you can make an informed decision about whether to use our website or submit any personal data to us.

· By submitting personal data or using our website (including our online patient platform), you are consenting that all personal data may be processed in the way and for the purposes we describe below.

What are my data protection rights under General Data Protection Regulations (GDPR)?

· The right to ask us for copies of your personal information

· The right to ask us to rectify information you think is inaccurate, or to complete information you think is incomplete

· The right to ask us to erase your personal information

· The right to ask us to restrict the processing of your information

· The right to object to the processing of your personal data

· The right to ask that we transfer the information you gave us to another organisation, or to you

· These rights apply in certain circumstances so please contact us on hello@neurodivergentpartners.co.uk if you would like to make a request (free of charge unless the request is unreasonable or excessive at which point this may be denied).

What information do you collect from me?

• Contact data: the information needed to be able to contact you, including address, email addresses, telephone numbers and summary data of contacts. This includes any information you submit on our contact form or subscription list.

• Identity data: any information about your identity e.g. name and title, username, for our online patient portal, marital status, data of birth and gender.

•  Clinical data: information required for an autism diagnostic assessment service and support (including post-assessment contacts). This may also include medical history and psychometric testing information from other sources requested through you and with your consent to be uploaded to our online platform.

•  Specific consensual data collection: specific situations will require specific consent for us to collect, use and process your data. We will always specify what the data is and why it is required for you to provide informed consent.

• Financial data: data required to make to or take payments from you, including bank account and/or card details, transaction details, and/or invoicing number.

• Technical data: internet protocol (IP) address or other identifier for different technology devices, profile data, our patient portal login data, your browser information, time zone/location, and operating system and platform.

• Marketing information: where you have identified your preferences in receiving marketing and communication preferences.

Contractor information for data collection:

We collect, control and process the following information on contractors:

· Contact details, including telephone number, address, email address and online diary

· Identifying information including name, date of birth, marital status, dependents, gender, national insurance number and legal entitlement to work in the UK

· Appropriate legal identification, for example driving licence, passport and proof of address

· Training qualifications

· Bank details and tax status information

For contractors, we use your personal data for the purpose of:

· Using the information to make a recruitment decision and determining contractual terms

· Fulfilling a contractual obligation with you

· Determining whether your contractual engagement is employment for the purpose of the Income Tax (Earning and Pensions) Act (ITEPA) 2003 and providing you with an ITEPA status

· Paying you

· Determining whether you have the right to work in the United Kingdom

· Complying with a legal obligation and/or safeguarding.

· Where we need to protect your interests (or someone else’s interests) with your consent, if appropriate

· Where it is needed in the public interest as requested or should be provided officially by statutory organisations

· In a legitimate interest pursued by us in our interests as a company and your interests and fundamental rights do not override this.

What online information do you collect about me?

· Online interactions from when you visit our website via Google Analytics.

· We use Google Analytics, a web analytics service provided by Google to help us analyse how users operate on our website.

· The information generated by the cookie about how you use our website (including your IP address which has a location tag for computer use and UUID for mobile phones), log data, device information, browser data, and internet service provider connection.

· This information will be transmitted to and stored by Google on servers in the United States for optimum data security.

· Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage for specific, explicit and legitimate purposes.

· You can opt-out of Google Analytics for display advertising and customize Google display network ads using the Google Ads settings. You can also prevent your data from being used by Google Analytics by downloading and installing the Google Analytics opt-out browser add-on.

· We do not collect any personally identifiable information through Google Analytics. The data we receive is aggregated and anonymized, and we cannot identify individual users.

· The data we collect will be relevant, adequate and limited to the purposes for which it is to be used and is in line with general data protection regulations (GDPR).

What do you do with my data?

Data processing and use is different depending on the legitimate need for the data, but includes:

· Contacting you with updates

· Providing you with services, including (but not limited to) autism diagnostic assessment through contractual agreements

·  Creating written reports

·  Generating invoices, record payments and account for income

· Maintaining clinical records where required

· With your specific consent, liaising with your GP

· Improving our services (including our website and use of online platforms), clinical supervision and process-driven continuous improvement projects.

How long do you keep my data?

· Only for as long as we need it to fulfil the reason we collected it for, including for any legal, regulatory, tax, accounting or reporting mandates.

·  We determine how long to keep your personal data based on the nature and sensitivity of the data, risk of harm from unauthorised disclosure or use of your personal information and the purpose for which we need to collect & process it – this includes if we reasonably believe there is a prospect of litigation or complaint.

·  Therefore how long we keep your data depends on different aspects of the information purpose, use and processing as part of our data retention needs (you can contact us for more information at hello@neurodivergentpartners.co.uk)

Who do you share my data with?

· If your data goes outside of our organisation, this is called ‘third party data use’.

· All third parties are required to treat your data in accordance with the law.

· We provide information in our clinical care contract that details where we need seek consent for gathering, processing or requesting your personal data for clinical purposes. For example from statutory services, family informants or from third sector resources as part of our autism diagnostic assessment process.

· We provide clinical care through Neurodivergent Partners clinical workers as contractors, who, when contracted to our company, have access to your personal data for clinical care needs only using our online patient platform system.

· We have a legal duty to share your personal data to be able to comply with this in terms of clinical safeguarding. where appropriate, before disclosing your personal data to a third party for this reason, we will inform you of the purpose and requirements in which we need to do this (for example, to other statutory services to safeguard you or safeguard other people).

· We may need to share your personal information to protect Neurodivergent Partners as a company, including in our rights, safety, and property. This would include fraud protection where we have a duty to exchange information with other organisations to work to fraud prevention.

· We use an online patient portal system to complete autism diagnostic assessments, which complies with GDPR. Please request more details on their privacy policy via hello@neurodivergentpartners.co.uk if required.

· We are legally required in the UK to report to HM Revenue & Customs for tax and to our regulators (for example the ICO) in order to report processing of activities in specific circumstances. Where this is required, these organisations will also control and process your data on our behalf.

· We also seek professional advice from accountants, lawyers and insurers who again will require control of your personal data in order to advise us accordingly.

· Third party websites may be linked in to our website, for example (but not limited to) Calendly application to book in appointments with us. When you click on those links, we recommend that you read the privacy notice of their websites because we do not control these websites and how they control your data. If you choose not to use these websites, you can email us at hello@neurodivergentpartners.co.uk to seek alternative arrangements.

· Data is shared on a ‘need to know’ only basis.

Where do you store my data?

·Outlook calendars via the Microsoft Cloud platform

· Emails will be deleted after 180 days or anonymised once relevant clinical information is uploaded on to the online patient platform

· Online patient platform via secure cloud-based software – retaining clinical information for 20 years

· Encrypted laptops – clinical information will be uploaded to the online patient platform once episode of care is completed and deleted from hardware

· Encrypted smartphones – information will be deleted once the episode of care is completed and any relevant clinical information uploaded onto the online patient platform

· Lockable filing cabinet for handwritten notes and assessment booklets – will be scanned and uploaded onto the online patient platform and paper copies securely destroyed within 24 hours

· Secure cloud based payment processing and accounting software for invoices and payments – retained for a minimum of 6 years from the last financial year

What responsibilities do staff and contractors have with my data?

· Anyone working with us will complete mandatory data protection and information governance training and this will be reviewed as part of clinical supervision. Training content will be reviewed annually to ensure it reflects legislative updates.

·Anyone working with us must: avoid holding person-identifying data where reasonable, secure this data in a physically locked filing cabinet or password-protected device, not disclose personal data without authorisation unless there is a safeguarding concern, actively risk assess, work within this policy, provide reasonable efforts to prevent accidental breach of data disclosure, report breach of data protection via the incident reporting procedure in Neurodivergent Partners.

· The Data Protection Officer at Neurodivergent Partners is registered with the ICO and provides oversight of the company’s data protection compliance through audit.

Contacting us regarding a privacy concern

· You can contact us at: hello@neurodivergentpartners.co.uk, use our online contact form at: http://www.neurodivergentpartners.co.uk or call us on 0330 133 4475.

· We will reply to a data request within one month, unless your request is complex, requires identity clarification or if you have made several requests within the one month timeframe. We will however keep you updated and informed of progress.

· In limited circumstances, you can object, request restriction or request erasure on how your personal information is being used however safeguarding takes priority.

· If we hold inaccurate information about you and you need us to rectify this, let us know at hello@neurodivergentpartners.co.uk and again we will do this within the one month time period. This can occur for a number of reasons, including inaccurate informant-based information provided as part of autism diagnostic assessments.

· If we update our privacy policy, we will update this page online so we encourage you to review regularly.

How do I unsubscribe from your marketing?

·Use the ‘opt out/unsubscribe’ link in any email from us to ask us to stop emailing you about marketing or contact us at: hello@neurodivergentpartners.co.uk

· This will not opt you out of personal data provided to use for the use of other services required for clinical purposes, this must be made in email to us at the email address above.