top of page
Home Page Top

Privacy Policy

Introduction

At Berry Therapy, we take your privacy seriously and are committed to protecting and respecting your personal data. We are constantly working to ensure compliance with current data protection regulations. This privacy policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR). Berry Therapy Limited is the data controller and responsible for being compliant with the GDPR (see above for contact details).

 

Clients or caregivers with parental responsibility are required to sign to indicate they have read a copy of the Privacy Policy before input can commence.

 

All staff, including non-clinical and therapy support staff carry out training in data protection annually.

 

Collection of Personal Information

Berry Therapy Limited may collect identifiable or sensitive data on:

  • Clients

  • Next of kin

  • Employees

  • Job applicants

  • Students & volunteers
     

We may collect personal information from you when you interact with our private healthcare services, including but not limited to:

  • Contact and identification details (e.g., name, address, phone number, email address, date of birth)

  • Health and medical information (e.g., medical history, test results, diagnoses, treatment plans)

  • Financial and billing information (e.g., insurance details, payment information)

  • Other information relevant to the provision of our services

  • Health and medical information relevant to speech and language therapy

  • Therapy session notes and progress reports

  • Correspondence related to your therapy

  • Information may also be taken about family members where this relates to the patient - e.g. contact details for parents and any relevant medical / developmental history.

  • Videos and photographs may be taken with consent.

  • Vocabulary packages on communication aids

 

How we collect data

We collect data in the following ways:

  • Enquiries received either through the website, email or telephone communication

  • Our Referral Form and any email/telephone communication received prior to a first face to face contact through spoken or written media from patients themselves, or their referrers.

  • With consent, from other professionals working with the patient.

 

Our use of personal information

Berry Therapy deems the information that is collected as necessary uses personal information to:

  • Prepare, plan, and provide appointments appropriate to the patient's need.

  • Maintain accurate and up-to-date health records.

  • Comply with legal and regulatory requirements.

  • Communicate with you via post, email, telephone or text message in relation to:

  • Confirming and preparing for appointments

  • General communication in between appointments

  • Sending you reports and programmes for the client

  • Copying you into communications with other professionals involved with the client (initials will be used rather than full names in emails)

  • Sending you resources

  • Sending you invoices

  • For clinical audit to assess and improve our service. Results of audits are always presented with all client identities removed

  • For management and administration, for example surnames of clients are included in our password protected accounting database

 

Whenever personal identifiers are not needed for these tasks, if possible we remove them from the information we use.

 

You will only be contacted with regards to assessment, therapy or occasionally upcoming Speech and Language Therapy events relevant to you.

 

Our lawful basis for processing personal information

Data Protection Law lays down wide-ranging rules backed up by criminal sanctions for the processing of information about identifiable, living individuals. It also gives individuals certain rights in relation to personal data held about them by others. Berry Therapy is registered with the Information Commissioner’s Office (ICO) as a data controller.

 

1. Our lawful basis for processing and storing personal information is one of “legitimate interest” (under article 6 of GDPR). Berry Therapy cannot adequately deliver a service without processing their personal information. As it is both a necessity for our service delivery and of benefit to the patient, we have a legitimate interest to process and store their data.

 

2. Data relating to an individual’s health is classified as “special category data” under Article 9 of UK GDPR. Our lawful basis for processing and storing personal information is one of "provision of health and social care or treatment" (under Article 9 of UK GDPR). The regulations specify that health professionals processing the data under this lawful basis are “legally bound to professional secrecy”. Berry Therapy therapists are legally bound to keep client information confidential.

 

It is a legal requirement for all our Clinicians to be registered with their appropriate board, for example, the Health and Care Professionals Council (HCPC).

 

Each board has a regulation around data protection. For example, the HCPC states:

 

Standard 2: Communicate appropriately and effectively

“You must share relevant information where appropriate with colleagues involved in the care, treatment, or other services provided to a service user.”

 

Standard 10: Keep records of your work

“You must keep full, clear, and accurate records for everyone you care for, treat, or provide services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.”

​

Disclosure of Personal Information

Berry Therapy will not release personal details to any third party without first seeking consent unless this is allowed for, or required, by law.

When disclosing personal information to third parties, we take reasonable measures to ensure that they handle your information securely and in accordance with applicable privacy laws.

 

We may disclose your personal information to the following parties:

  • Healthcare professionals, providers, and practitioners involved in your care and treatment

  • NHS or other public health services for referrals, consultations, and coordination of care

  • Other referrers, such as education settings and workplaces

  • Regulatory bodies, government authorities, or law enforcement agencies as required by law or to protect our legal rights

  • Other parties with your consent or as permitted by applicable laws

 

Storage of Personally Identifying Information

Berry Therapy is committed to maintaining the security and confidentiality of the patient's record. We actively implement security measures to ensure that their information is safe, and we audit these regularly. All personal information gathered from clients forms part of their health record and is securely stored in line with the Information Commissioners Office (ICO) guidelines.

 

We take all measures reasonably necessary to prevent unauthorised access, use, alteration or destruction of potentially personally-identifying and personally identifying information. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

 

All information about the client, the patient, and their therapy is stored securely in a password-protected, encrypted folder on Berry Therapy’s and the therapists’ computers in order to ensure that we have a complete record of our service to them.

 

Berry Therapy has a password policy which includes Two Factor Authentication login to the secure system.

 

Personal information is kept only on encrypted and password protected software applications.

 

Any paper-based, confidential information (such as assessments and case notes) are stored securely in accordance with data protection regulations.

 

When your child’s information is taken out of the office base it will be kept with the Speech and Language Therapist or will be locked in the boot of the Speech and Language Therapist’s car (whichever is deemed to be the most secure at that time).

 

The minimum amount of confidential information will be taken out of the Speech and Language Therapist’s office base.

 

Videos and Photographs

These are stored on a password-protected, encrypted cloud system. These may then be viewed by the therapist to make notes in the client’s records or carry out a video-based intervention. 

 

Most records are kept electronically. Where paper information is required, the minimum amount of confidential information will be taken out of the therapist’s office base. When taken out of that base, it will be kept with the therapist or will be locked in the boot of their car, whichever is deemed to be more secure at the time.

 

Enquiries

If your enquiry does not result in the patient being seen by Berry Therapy, we will remove identifiable information and retain anonymised information for up to one year. This is to improve the services Berry Therapy offers.

 

If the patient is subsequently seen by Berry Therapy, details from the enquiry will be added to their personal health records.

 

We do not store any financial information or card details.

 

Data outside of the UK

 

Data is only transferred outside of the UK with appropriate safeguards, always following the same safeguards as inside the UK. This may include, for example, directors who are mobile working from a different location than the UK. It may also include clients who are based outside of the UK.

 

Data Breach

If any confidential data is lost, damaged or inappropriately accessed, Berry Therapy Limited follows a breach procedure:

 

1. Berry Therapy employee notifies the Data Protection Officer and fills out an incident form.

2. Berry Therapy completes the ICO self-assessment flow chart and seeks advice from the ICO about how to act if required

3. The Data Protection Officer completes an internal investigation and makes recommendations about any required changes to processes or policies.

4. Berry Therapy might contact the data subject if advised to do so.

 

You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you believe we have breached your data rights.

 

Your Rights

You have the following rights regarding your personal data:

  • The right to access your data

  • The right to correct any inaccuracies

  • The right to erase your data (subject to legal obligations)

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing

  • The right to withdraw consent at any time

 

How to access the patient's records (Subject Access Request)

Berry Therapy will provide access to the patient's records within 30 days of confirmation of the requesters ID and rights to access the information. If the request is particularly large or complex, this may be extended to 60 days. Berry Therapy may also get consent from a child if they are deemed to be Gillick Competent before sharing their records with a person with parental responsibility.

 

Third party information will be redacted from Subject Access Requests.

 

To exercise any of these rights, please contact us using the contact details provided above.

 

Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements.

 

In accordance with law, all records will be kept securely until a child is 26 years old or for 8 years after an adult patient has been discharged. After this time, all records relating to the patient will be securely destroyed.

 

Non-clinical email correspondence and invoices will be deleted from Berry Therapy’s systems after 6 years.

 

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes.

 

Privacy Policy Changes

Our Privacy Policy will be stored on our website. There may be minor changes from time to time at our discretion. You are encouraged to frequently check this page for any changes to our Privacy Policy.

 

If you have any questions about how Berry Therapy uses your information, please contact us on the details above.

 

Further information about data protection legislation and your rights is available from the Information Commissioner’s Office.

 

 

Date policy was last reviewed: 5th July 2024

This policy is due for review: 5th July 2025

bottom of page