I, Dr Rashmi Chakraborty, provide my medical services for the company RNC Psychiatry Ltd. and am committed to protecting and respecting your privacy when dealing with your personal information.
This privacy policy will inform you as to how I look after your personal data and tell you about your privacy rights and how the law protects you. By “you” and “your”, I refer to a young person to whom I provide medical services or to an adult acting on a young person’s behalf to arrange this provision.
Purpose of this privacy policy
This privacy policy sets out the basis on which any personal data I collect from you, or that you provide to me, are used, stored, disclosed and processed by me. By providing your personal data to me or by using my services, website or other online or digital platform(s), you are accepting or consenting to the practices as described or referred to in this privacy policy. If you do not consent, please do not submit any personal data to me.
Complaints
As the Director of RNC Psychiatry Ltd., I am the Data Protection Officer responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact me using the details set out below.
Email address: rashmi@drrashmichakraborty.co.uk
Postal address: Priory Wellbeing Centre, 3rd Floor, Thomas Hull House, 3-7 New Inn Hall Street, Bonn Square, Oxford OX1 2DH
Telephone numbers: 07779 302298/01865 262080
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.
Changes to the privacy policy and your duty to inform me of changes
I keep my privacy policy under regular review and as a result it may be amended from time to time without notice. I therefore encourage you to review this privacy policy regularly.
It is important that the personal data I hold about you are accurate and current. Please keep me informed if your personal data details change at any time over the course of your relationship with me or any of my colleagues.
Personal data
When I refer to personal data in this policy, I mean information that can or has the potential to identify you as an individual. It does not include data where the identity has been removed (“anonymous data”).
I may hold and use personal data about you as a customer, a patient or in any other capacity, depending on what services you receive from me, and this may include sensitive personal data such as information relating to your health (collectively referred to in this privacy policy as “health data”). In this privacy policy, references to personal data/information include any health data.
I may collect, use, store and transfer different kinds of personal data about you, which I have grouped together as follows.
- “Identity data” include first name, maiden name, last name, marital status, title, date of birth and gender.
- “Contact data” include billing address, delivery address, email address and telephone numbers.
- “Financial data” include bank account and payment card details.
- Health data include:
- personal history (information about birth, schooling, childhood experiences, employment etc.);
- family history (information about immediate family members, including names, ages, jobs and the nature of their relationships, and family history of mental disorder, addiction and criminality);
- social history (information about living situation, current employment, state benefits, who is at home etc.);
- relationship history (information about current and former intimate partners/spouses, gender orientation, gender identity, friends, colleagues etc.);
- medical history (information about current and past medical and surgical treatment, for example diagnoses, medication, history of surgery, history of childbirth etc.);
- psychiatric history (information about past psychiatric treatment, including detention under the Mental Health Act etc.);
- drug and alcohol history (information about use of alcohol, illegal substances, prescribed medication, and over-the-counter and other medications);
- forensic history (information about past and pending cautions, convictions, sentences etc.);
- risk history (information about risk of self-harm and suicide, risk of harming others, safeguarding information, for example neglect of a child, etc.).
- “Transaction data” include details about payments to and from you.
- “Profile data” include your interests, preferences, feedback and survey responses.
- “Usage data” include information about how you use my website and services.
I may also collect, use and share “aggregated data” such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but are not considered personal data in law as these data will not directly or indirectly reveal your identity. For example, I may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if I combine or connect aggregated data with your personal data so that they can directly or indirectly identify you, I treat the combined data as personal data, which will be used in accordance with this privacy policy.
I may collect personal data about you for any of the following reasons.
- You register to be a patient with me or book to receive any of my psychiatric services.
- You are referred by a clinician, the NHS or any other organisation when you attend for a consultation/appointment.
- You visit my website.
- You enquire about any of my services.
- You fill in a form or survey for me.
- You contact me, for example by email or telephone.
Data security
Your personal data will be kept confidential and secure, and will, unless you agree otherwise, only be used for the purpose(s) for which they were collected and in accordance with this privacy policy, applicable data protection laws, clinical records retention periods and clinical confidentiality guidelines.
In addition, I limit access to your personal data to sub-contractors and other third parties who require this for operational purposes. They will only process your personal data on my instructions, and they are subject to a duty of confidentiality.
Organisational and technical security measures
I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. I currently store all personal data on my electronic diary system, which is called 10 to 8, and on cloud-based services such as Healthcode (for accounting), Office 365 (for word processing and sending emails etc.) and Carenotes (for storage of your health records). I also currently store all your correspondence and documents on my secure hard drive.
Data retention and disclosure
Any personal data you provide will be held for as long as is necessary, having regard to the purpose for which they were collected and in accordance with all applicable data protection laws and/or appropriate guidance. I may retain your personal data for a longer period in the event of a complaint or if I reasonably believe there is a prospect of litigation in respect of my relationship with you.
To determine the appropriate retention period for your personal data, I consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data and whether I can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask me to delete your data: see below for further information.
In some circumstances I will anonymise your personal data (so that they can no longer be associated with you) for research or statistical purposes. In this case, I may use this information indefinitely without further notice to you.
I may disclose your personal data (to the extent necessary) to certain third-party organisations used to support the delivery of my services during our usual course of business. This may include the following parties or circumstances.
- Business partners and sub-contractors for the performance of services I provide to you, such as my sub-contracted secretarial services or my billing company.
- Organisations on whose premises I see you for your consultations, for the administration of the services I provide to you (Priory Health Care).
- Organisations providing IT support and hosting in relation to the IT systems on which your information is stored (Priory Health Care).
- Third-party debt collectors, for the purposes of debt collection.
- Delivery companies, for the purposes of transportation of correspondence etc.
- Clinical professionals: those health professionals involved in, or to be involved in your treatment or care, including, but not limited to other medical and surgical specialists, nurses, allied health professionals (for example, dieticians) and A&E professionals, as I think necessary for your care.
- I may also share information about your care with your GP.
- In the event that your referrer is not your GP, I may share information with the referrer, with your consent.
- I share with your medical insurer information about your treatment, its clinical necessity and its cost, only if the insurer is paying for all or part of your treatment with us. I provide only the information to which the insurer is entitled. If you raise a complaint or a claim, I may be required to share personal data with your medical insurer for the purposes of investigating the complaint/claim.
- If you are referred to me by the NHS, I will share the details of your treatment with the NHS professional(s) who referred you to me, as necessary to perform, process and report back on that care.
- I may be requested — and in some cases, can be required — to share certain information (including personal data and sensitive personal data) about you and your care with healthcare and clinical or other regulators, such as the General Medical Council, the Health and Care Professions Council, the Care Quality Commission, the Multi-Agency Safeguarding Hub or the police. I will ensure that I do so within the framework of the law and with due respect for your privacy.
- In an emergency and if you are incapacitated, I may also need to process your personal data (including sensitive personal data) or make your personal data available to third parties on the basis of protecting your “vital interest” (i.e. your life or your health).
- The premises I use for business may be surveyed by CCTV for the purposes of security and the safe provision of care. Images and videos may be retained for a limited period.
Your right of access
You have the right to make a written request for details of your personal information and a copy of that personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data I hold about you and to check that I am lawfully processing them.
If you want to exercise this right in respect of your personal data, the best way to do so is to contact me by email at rashmi@drrashmichakraborty.co.uk or to write to me at the address below.
Priory Wellbeing Centre, 3rd Floor, Thomas Hull House, 3-7 New Inn Hall Street, Bonn Square, Oxford OX1 2DH
You will not have to pay a fee to access your personal data.
I may need to request specific information from you to help confirm your identity. This is a security measure to ensure that personal data are not disclosed to any person who has no right to receive them. I may also contact you to ask you for further information in relation to your request in order to speed up my response.
I try to respond to all legitimate requests within one month. Occasionally, it could take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.
Further process
If you are not satisfied with how I handle your data, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit its website (https://ico.org.uk).