| Data |
Method |
Purpose |
Lawful basis |
|---|---|---|---|
| Personal data: name, address, date of birth |
Obtained at point of referral with written client/ parental consent obtained |
To support identification, communication and accurate interpretation of any clinical testing result and resulting clinical diagnosis |
Consent |
| Medical/Health data including diagnosis relating to SLCN |
Obtained from service users and health authorities with given consent |
To support clinical decisions and facilitate appropriate clinical interventions |
Consent |
| Statistical Data relating to educational attainment inc. EHCP |
Obtained from education partners with given consent |
To support clinical decisions and facilitate appropriate clinical interventions |
Consent |
| SLCN data (qualitative and statistical data) |
Obtained regularly throughout service provision |
To demonstrate measurable progress, document change and evidence clinical decision making |
Consent |
| Familial data, e.g. family history of related conditions |
Obtained from service users, and health authorities with given consent |
To support clinical decisions and facilitate appropriate clinical interventions |
Consent |
| Photographic data (audio, image video) |
Obtained with specific consent only via consent form |
For use within therapy interventions. To provide evidence of baselines measures and progress made. To use within promotional materials. To use within training presentations. |
Consent |
Privacy Notice
1. Who are Seen & Heard?
Seen & Heard provide a speech and language therapy service to young people, with the aim of supporting them along their speech and language journey. Seen & Heard support families, schools and other healthcare professionals to ensure children receive a holistic approach to supporting their speech, language and communication needs (SLCN).
2. Application
This privacy notice sets forth our policy with respect to information that can be associated with or which relates to a person and/or could be used to identify a person (personal data) that is collected from users through our service provision. The limitations and requirements of this policy relate to our collection, use, disclosure, transfer, storage, and retention of personal data.
3. Data collected
Seen & Heard initiate the collection of service user data following on from a referral in which either the service user (if 19-25 years) or parent/career of the service user provides written consent. This includes consent to share data with relevant professionals involved in the case management. Service users may also consent to photographic data (single images and video) being collected and should specify how this data can be used, e.g. baseline measure, for training, promotional material etc.
4. How we store data
4.1 Data is stored electronically on mobile devices taken between work locations. Data is either stored on GDPR compliant cloud platforms, stored on password protected devices or encrypted memory devices including external hard drives and USB sticks. Additionally, individual documents stored are also encrypted with passwords to ensure security. Photographic data recorded on mobile devices will be processed as soon as it is possible to do so, stored securely and deleted from the mobile device.
4.2 Data from service users no longer receiving a service (discharged): Electronic data stored on GDPR compliant cloud platforms, stored on password protected devices or encrypted memory devices including external hard drives and USB sticks.
4.3 Access to data. Seen & Heard are fully compliant with GDPR and service users can access their data by making a written request to the data controller at the company address/email. Service users have to the right to have inaccurate data amended within the guidelines set out by GDPR. Service users may withdraw consent at any time in writing to rebecca@rmslt.co.uk
5. Transmission of Data
5.1 Electronic transmission of data: Seen & Heard use GDPR compliant web hosting and email platforms to ensure that the information shared is secure. Documents are password protected and this password will not be contained within the communication in which it is being transmitted. Individual documents should contain the wording RESTRICTED DATA/STRICTLY CONFIDENTIAL and should only be sent to an individual email address not a generic address.
5.2 Transmission of paper data via post is limited, where this occurs, data will be marked CONFIDENTIAL and appropriate measures to ensure its contents cannot be easily removed without intention.
6. Retention of Data
6.1 Seen & Heard are a provider of SLT services and as such are considered to be in the business of processing data in relation to health and therefore is subject to the legal/regulatory period of retention of data specific to health. This retention period is 7 years beyond the end of care (discharge) or 7 years after the age of 18 years if the data subject is a child when discharged. Following the necessary retention period, data will be securely destroyed.
7. Compliance
7.1 Seen & Heard are committed to maintaining the security and confidentiality of service user’s data and will therefore conduct regular audits and risk assessments to ensure we remain compliant. Where a breach is likely to result in ‘a risk to the rights and freedom of an individual’ the Information Commissioners Office (ICO) will be informed within 72 hours of the data controller becoming aware. Where the breach is serious, and the risk is high the data subject (service user) will also be informed.
Last Updated: September 2023
