Skip to main content

{{ root_page.title }}

Privacy notice for the Emotional Health Service

Introduction

This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use and who we may share information with. We are required to give you this information under data protection law. This privacy notice should be read in conjunction with the corporate privacy notice.

Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO). Registration number ZA045069

Achieving for Children’s Emotional Health Service (EHS) is a Tier 2 Child and Adolescent Mental Health Service (CAMHS) that works in partnership with other agencies that provide health, social care and education. The team of therapists work with young people and their families who have mild to moderate mental health difficulties. The EHS covers Kingston and Richmond boroughs across three different sites: Twickenham, Kingston and Chessington. The EHS works in partnership with other agencies that provide health, social care and education and aims to ensure that children and young people receive the best service possible to meet their needs.

Personal data we collect

We collect information from parents or carers for children and young people below and within statutory school age, and from young people themselves if they are aged 16 or over and no longer in compulsory education. We collect the following personal information:

  • personal identifiers and contact details (such as name, date of birth, contact details and address, details of parent / carers).
  • details of your family, relatives and carers
  • special category data such as ethnicity, languages spoken, disabilities, gender
  • details of special educational needs and disabilities
  • physical, mental and emotional health information
  • current school
  • Information about other professionals involved with your child
  • EHCP details
  • safeguarding information
  • NHS number

We may seek personal information from other sources including:

  • other departments in Achieving for Children
  • your GP in regard to your health
  • school or education provider
  • other involved professional practitioners such as Tier 3 CAMHS at South West London & St George’s NHS Trust

How we collect your personal information

We collect personal information in the following ways:

  • face to face
  • audio and video calls
  • email
  • referral form
  • other assessments or reports

How we use your personal data

At the Emotional Health Service, we collect and process personal data in order to provide you with the best and most appropriate care. This is essential in helping us to:

  • Confirm who you are and when we can contact you.
  • Make decisions about your ongoing care and treatment.
  • Ensure that our staff have accurate and up to date information in order to assess your needs and improve your care.
  • To prepare statistics on the service performance in order to manage, improve and extend the services we are able to provide to you
  • Allow us to investigate complaints, claims and incidents.

Lawful basis for processing your personal data

In accordance with Article 6 of the GDPR, we collect and process your personal data under the following lawful basis:

  • 6(1)(a) you have given consent for the involvement with the Emotional Health Service
  • 6(1)(c) processing is necessary to comply with a legal obligation that applies to Achieving for Children
  • 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Lawful basis for processing special categories of personal data, we rely upon:

  • Article 9(2)(a) -explicit consent
  • Article 9(2)(h) - health or social care

Data Protection Act 2018, Schedule 1, Part 1 - health and social care purposes

How long your personal data will be kept

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who we share your personal information with

When using or sharing children’s or young people’s data, we will always ensure that there is a legal reason for doing so or where relevant ask for their explicit consent. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.

In the UK and under GDPR, consent to care and treatment is required for children and young people under the age of 13 from whoever holds parental responsibility. However a child under the age of 13 may be able to consent on their own behalf if a clinician has assessed and documented that the person is capable of making decisions for themselves.

Children and young people over the age of 13 can provide consent themselves provided that they are capable.  We will make sure that the child or young person understands what they are consenting to.

Regardless of age, every person has a right to privacy and confidentiality. If a young person asks a health professional to keep their information confidential, even from those who hold parental responsibility, then that wish will be respected, unless there is a lawful reason to override this protection.

Your rights and access to information

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing object to decisions being taken by automated means
  • In certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
  • A right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: [email protected]

The National Data Opt Out

This is the service that allows patients to opt out of their confidential patient information being used for research and planning. To find out more or to register your choice to opt out, visit https://www.nhs.uk/your-nhs-data-matters/

How to complain

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance, but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns