Privacy Policy

1. Our Commitment to Your Privacy

Swift’s Hill Psychology Practice is committed to maintaining the confidentiality, integrity, and security of your personal data.

We process your information in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• HCPC professional standards

2. Why do we collect information about you?

We process your data because it is in our legitimate interests as a Clinical Psychology Practice to do so in order to provide our services to you. As a client of Swift’s Hill Psychology Practice, our lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.

3. The Information We Collect

We may collect and process personal and sensitive data necessary for the provision of psychological services.

Personal Information

• Full name
• Date of birth
• Address
• Telephone number
• Email address

Special Category (Health) Data

• Medical and psychological history
• Current mental health difficulties
• Prescribed medication
• Risk-related information (e.g. self-harm, safeguarding concerns)
• Sexuality (where clinically relevant)
• Information relating to offences (where relevant to care)

Additional Information (where relevant)

• Emergency contact / next of kin
• GP and other healthcare professionals
• Family, relationships, and occupation
• Insurance and referral details
• Financial information for billing
• Video consultation identifiers

To ensure the care you receive from us is of the highest quality, we will record your personal information, such as your name, address, as well as all contacts you make with the practice such as your sessions and the results of assessments and letters relating to your care. Your data is kept confidential within the practice at all times and is only shared with staff involved in your care.

We also process personal information related to our legitimate interests in running our business such as invoices and receipts, accounts, VAT and tax returns.

Health information is considered special category data under UK GDPR and is treated with heightened confidentiality.

Website access

We also collect information when you voluntarily complete contact forms on the website. This information may be stored on Netlify.

Use of CCTV

Your therapy sessions may take place at a site which uses CCTV. This is to provide a safe and secure environment for clients, staff and to protect property. CCTV images may be used to assist in the prevention and detection of crime. Images may be shared with the Police for the investigation of crimes.

4. How Your Information Is Collected

We collect data:

• Directly from you during assessment and therapy
• From referrers (e.g. GP, insurer, solicitor)
• Through administrative processes
• Via website forms hosted by Netlify

5. How We Use Your Information

Your data is used to:

• Provide psychological assessment, formulation, and intervention
• Maintain accurate clinical records (as required by HCPC standards)
• Communicate with you regarding care
• Manage appointments and billing
• Fulfil legal, ethical, and professional obligations
• Ensure the safety and wellbeing of clients

6. Legal Basis for Processing

We process your data under:

Article 6 UK GDPR

• Contract – provision of psychological services
• Legal obligation – regulatory and legal requirements
• Legitimate interests – practice administration

Article 9 UK GDPR (Special Category Data)

• Provision of health or social care (Article 9(2)(h))

Where appropriate, we rely on your explicit consent.

7. Confidentiality and Information Sharing

Confidentiality is central to psychological practice and HCPC standards.

Your information will only be shared when:

• You have given informed consent
• There is a serious risk of harm to you or others
• Required by law or court order
• Necessary for clinical care (e.g. communication with GP)

We follow HCPC guidance on confidentiality and will, wherever possible, inform you before sharing information.

If you were referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we may share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.

In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

8. Record Keeping

In line with Health and Care Professions Council standards:

• Clinical records are accurate, relevant, and contemporaneous
• Records are kept securely and confidentially
• Only necessary information is recorded
• Records may include clinical notes, correspondence, and assessments

9. Third-Party Data Processors

We use trusted third parties, including:

• Netlify – website hosting and form handling
• Email providers (Gmail)
• Video platforms (Microsoft Teams)
• Microsoft 365
• Payment and accounting services

These organisations process data on our behalf under strict confidentiality and security obligations.

We use Microsoft 365 (Microsoft Corporation) for email, document storage, and communication. Microsoft acts as a data processor and may store data on secure servers, which may be located outside the UK.

We may use AI-assisted tools for administrative purposes. No identifiable personal or clinical data is entered into such systems. We do not use AI tools for clinical decision-making.

10. International Data Transfers

Some providers may process data outside the UK.

We ensure appropriate safeguards are in place, such as:

• UK adequacy decisions
• Standard Contractual Clauses

11. Data Security

We take appropriate measures to protect your data:

• Secure electronic systems
• Password-protected and encrypted devices
• Restricted access to records
• Secure storage of paper files

These measures align with both GDPR and HCPC expectations.

12. Data Retention

In accordance with professional guidance:

• Adult records are typically retained for 7 years after the end of treatment

Records are securely destroyed after the retention period.

13. Your Rights

You have the right to:

• Access your personal data
• Request correction
• Restrict processing
• Request erasure (where applicable)
• Withdraw consent
• Lodge a complaint with the Information Commissioner's Office

Please note: Some rights may be limited where data is required for healthcare provision or legal obligations.

14. Website and Cookies

Our website may use essential cookies to ensure functionality. You can manage cookies via your browser settings.

15. Contact and Complaints

If you have questions about this Privacy Policy or your data, please contact:

If you believe your data has been handled improperly, you may contact the Information Commissioner's Office. We would appreciate the chance to deal with your concerns before your approach the ICO so please contact us in the first instance if you feel able to do so.

ICO: https://ico.org.uk