Privacy policy...

Notice for users of this website
Inclusion.Me Ltd is committed to protecting your personal data and also to ensuring that your rights to privacy are protected. Inclusion.Me Ltd aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.

This Privacy Notice, along with our privacy policy are available on our website at www.inclusion.me.uk or by email if you contact info@inclusion.me.uk or by calling 01892 320334.

In order to be open and transparent, Inclusion.Me wants you to know that:

  1. Inclusion.Me is the Data Controller of the information you supply. We are also registered with the ICO No: ZA041043.

  2. Inclusion.Me has a Data Protection Officer, and contact details for this person may be obtained by writing to info@inclusion.me.uk.

  3. The information we collect from you on this website and subsequently process may include your contact details (name, address, telephone numbers, email address etc.) and any other data that is required for the purposes of enabling Inclusion.Me to provide you with the appropriate guidance, support or services that you seek in regards to our range of Occupational therapy and Disability Access auditing Services.

  4. The information is collected and will be processed so that Inclusion.Me may provide you with the appropriate guidance, support or services that you are seeking.

  5. In addition to the above bases, Inclusion.Me may also process any of your personal data for other reasons where it has received your explicit, freely given consent, for example by signing our consent forms.

  6. The information may be shared with third parties for administration and/or management purposes, where it is necessary or desirable and lawful for Inclusion.Me to do so. However, Inclusion.Me will share only the minimum information that is necessary.

  7. The information will not be processed outside the European Economic Area without your prior written consent.

  8. The information will be retained for as long as is necessary pursuant to clauses 4 and 5 above. When the information is no longer required, it will be destroyed securely.

What personal data do we hold?
In order to provide you with a high standard of Occupational Therapy services, we need to hold personal information about you. You will be asked to provide personal information as part of our referral and assessment process. The purpose of us processing this data is to provide optimal health care and Occupational Therapy services to you.

This personal data may comprise details such as:

  • your past and current medical information; personal details such as your age, address, telephone number and general medical practitioner

  • clinical reports where appropriate to our involvement in your case

  • information about the treatment or services that we have provided or propose to provide and its potential cost to those funding our services

  • notes of conversations/incidents that might occur for which a record needs to be kept

  • records of consent to treatment

  • any correspondence relating to you with other health care professionals, for example in the hospital or community services.

The categories of data we process are:

  • Personal data for the purposes of staff and self-employed team member management

  • Personal data for the purposes of direct mail/email/text/other marketing

  • Special category data including health records for the purposes of the delivery of health and social care

  • Special category data including health records and details of criminal record checks for managing employees and contracted team members

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a client to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared.

  • Personal data is stored in the EU whether in digital or hard copy format

  • Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield

  • Personal data is obtained when a client is referred to our service and for the duration of our involvement.

How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the relevant legislation, such as:

  • Data Protection Act 1998(and the provisions of the new Data Protection Act 2018, effective from 25 May 2018)

  • The Care Act 2014

  • Human Rights Act 1998

  • Common Law Duty of Confidentiality

  • Health and Social Care Act 2012

  • NHS Codes of Confidentiality, Information Security and Records Management

  • Information: To Share or Not to Share Review

Every member of staff who works for Inclusion.Me has a legal obligation to keep information about you confidential and they have been provided with the relevant training and support in order to enable this to happen.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

The lawful basis for processing special category data such as patients’ and employees’ health data is:

  • Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject

  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

Why do we hold information about you?
We need to keep comprehensive and accurate personal data about our clients in order to provide them with safe and appropriate Occupational Therapy services. We also need to process personal data about you in order to provide care under NHS and social care arrangements and to ensure the proper management and administration of the services we run on behalf of local authority social services Occupational Therapy departments.

We will process personal data that we hold about you in the following way:

Retaining information
The retention period for special data in patient records is normally a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is around 6 years. The retention periods for other personal data is normally around 2 years after it was last processed. Details of other retention periods are available in the Record Retention procedure available from our service.

You have the following personal data rights:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure (clinical records must be retained for a certain time period)

  • The right to restrict processing

  • The right to data portability

  • The right to object

Further details of these rights can be seen in our Information Governance Procedures or at the Information Commissioner’s website. Here are some practical examples of your rights:

  • If you are a client of Inclusion.Me you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone or email. You have the right to obtain a free copy of your patient records within one month of request.

  • If you are a client Inclusion.Me you have the right to refuse permission to share confidential information with specified persons or parties, the details of which can be recorded on one of our consent to share information forms as appropriate.

Access to personal information
You have a right under the General Data Protection Regulations to request access to view or to obtain copies of what information Inclusion.Me holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

  • Your request must be made in writing to the Data Protection Officer for Inclusion.Me via info@inclusion.me.uk – for information from a hospital, local authority or other organization working on your behalf you should write direct to them

  • You have a right of access to a copy of all of the information held about you free of charge.

  • We are required to respond to you within one month.

  • You will need to give adequate information (for example full name, address, date of birth, relevant ID numbers and details of your request) so that your identity can be verified and your records located

If you wish to exercise any of these rights, please contact info@inclusion.me.uk for details of how an application may be made.

We have carried out a Privacy Impact Assessment and you can request a copy from info@inclusion.me.uk. The detail of how we ensure security of personal data is in our Security Risk Assessment and Information Governance Procedures.

Security of information
Personal data about you is held on Inclusion.Me’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer systems have secure audit trails and we back up information routinely. Inclusion.Me are ICO registered and have been awarded Cyber Essentials certification as part of our secure systems audit process.

Disclosure of information
In order to provide proper and safe Occupational Therapy services, we may need to disclose personal information about you to:

  • your Local Authority Occupational Therapy departments

  • other hospital, healthcare or community services

  • other health professionals caring for you

Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with some of the following organisations;

  • NHS Trusts / Foundation Trusts

  • NHS Commissioning Support Units

  • GPs

  • Independent Contractors such as dentists, opticians, pharmacists

  • Private Sector Providers

  • Voluntary Sector Providers

  • Clinical Commissioning Groups

  • Social Care Services

  • Health and Social Care Information Centre (HSCIC)

  • Local Authorities

  • Education Services

  • Fire and Rescue Services

  • Police & Judicial Services

  • Voluntary Sector Providers

  • Private Sector Providers

  • Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.

Comments, suggestions and complaints
Please contact Matthew Box and Inclusion.Me for a comment, suggestion or a complaint about your data processing at info@inclusion.me.uk or 01892 320334 or by writing to Inclusion.Me Ltd, Thatcher House, 12 Mount Ephraim, Tunbridge Wells, Kent. TN4 8AS. Please be assured that we take complaints, along with our responsibilities in handling your confidential information with upmost care and confidentiality at all times, very seriously.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.