Privacy Policy

PRIVACY POLICY 2023

A) Data Protection: Please see Terms & Conditions

1. Let’s Verbalise Ltd is registered with the Information Commissioner’s Office (ICO). The Data Controller is Let’s Verbalise Limited. Our ICO Registration Reference is: ZA192762.
2. All client details, case notes and correspondence will be stored securely and treatedconfidentially according to General Data Protection Regulations and the Data Protection Act 1988.
3. Information is stored on a secure electronic system called “WriteUpp”. Reports and programmes are password protected.
4. Any paper based confidential information is stored securely in accordance with General Data Protection Regulations and the Data Protection Act 1988.
5. In accordance with law, all records will be kept securely until your child is 25 years old. After this time all records relating to your child will be destroyed.
6. Electronic Subject Access Requests must be applied for in writing and these requests will be dealt with within 30 days.

B) Who We Are:

1. Let’s Verbalise Ltd is registered with Companies House no. 10251965. Let’s Verbalise Ltd delivers independent speech and language therapy to children in the home and/or educational setting.
2. It is owned and directed by Hannah McDiarmid & Katie Byron who are both registered with the Health and Care Professions Council (HCPC).
3. Let’s Verbalise Ltd operates a website at www.letsverbalise.com
4. Let’s Verbalise Ltd is committed to protecting the privacy of information provided by clients.

C) Collection of Personal Information:

1. Information about your child may be collected via spoken or written information from
   parents/carers.
2. With parental consent, information may also be collected from other professionals working with your child (such as teachers, nursery staff, childminders, NHS Speech and Language Therapist).
3. We may also collect information about family members where this relates to your child e.g. contact details for parents and relevant medical or developmental history.
4. You may use the Let’s Verbalise Ltd website without providing any personal information. However, if you wish to make an enquiry via the website, you are requested to provide relevant contact details, such as your name, e-mail address and contact telephone number to enable us to respond to your enquiry.
5. You may add comments or queries which might also contain personal information.
6. If your enquiry does not result in your child being seen by Let’s Verbalise Ltd then this personal information will be deleted once your enquiry has been dealt with or within 1 year if necessary.
7. If your child is subsequently seen by Let’s Verbalise Ltd these details may be added to their personal record.
8. The website contains links to other Internet sites which are outside our control and are not covered by this privacy policy. We are not responsible for data which you provide through any such linked websites.

D) Our Use of Personal Information:

1. Personal information collected by us via the Let’s Verbalise Ltd website, email, telephone or face to face, is stored and used by us for the purpose of delivering your child’s speech and language therapy.
2. Any sensitive personal details are stored in a secure and confidential system and processed in confidence by Let’s Verbalise Ltd and shall only be used for the purposes of delivering appropriate speech and language therapy services to your child.
3. With your consent, information about your child’s speech and language needs will be shared with other professionals involved in your child’s care, when it is in your child’s best interests. A record of your consent is kept within your child’s case notes.
4. Unless we are required to do so by law, we will not disclose any personal information collected to any person other than as set out above.
5. We do not employ agents to process personal data, for example specialist mailing companies to send out communications.
6. We do not give or sell client details to any third parties.

E) How We Use Personal Information:

We use this information:

1. a) To prepare, plan and provide speech and language therapy services appropriate for your child’s needs
   b) To communicate with you via post, email, telephone, mobile messages and SMS in relation to:
        i. Confirming and preparing for appointments
        ii. General communication in between appointments
        iii. Sending you reports and programmes for your child (always password protected)
        iv. Copying you in to communications with other professionals involved with your child (your child’s initials rather than full name will be used in emails)
        v. Sending you resources
        vi. Sending you invoices and receipts
   c) For clinical audit to assess and improve our service. Results of audits are always
   presented with all client identities removed
        i. For management and administration, for example surnames of clients are included in our password protected accounting database.
        ii. Whenever personal identifiers are not needed for these tasks, if possible we remove them from the information we use.

F) How We Store Personal Information:

1. All information about you, your child and their SLT intervention is stored securely in our systems to ensure that we have a complete record of our service to them.
2. We use a secure electronic cloud-based system called “WriteUpp” which is compliant with General Data Protection Regulations. Prior to being uploaded to this system documents are temporarily stored on a OneDrive cloud-based system which is only accessible via a password held by the Directors.
3. Documents which contain confidential information such as reports and programmes are also individually password protected from the outset.
4. Any paper based confidential information such as assessments are stored securely in accordance with Data Protection Regulations.
5. Videos and photographs may be taken of clients with parental consent. These are stored on a password protected tablet. These may be viewed by the SLT in order to make notes in a client record, measure progress and share with parents and other professionals with parental consent.
6. The minimum amount of confidential information will be taken out of the SLT’s office base. When your child’s information is taken out of the office base it will be kept with the SLT or will be locked in the boot of the SLT’s car (whichever is deemed to be the most secure at that time).
7. In accordance with law, all records will be kept securely until your child is 25 years old. After this time all records relating to your child will be destroyed.

G) Meeting Our Professional Obligations:

1. It is a legal requirement for all SLTs to be registered with the Health and Care Professions Council (HCPC).
2. The HCPC has clear standards of conduct, performance and ethics that all registrants must adhere to.
3. These standards affect the way in which we process and share information. Specifically:
   Standard 2: Communicate appropriately and effectively
   a. “You must share relevant information, where appropriate, with colleagues involved in
   the care, treatment or other services provided to a service user.”
   Standard 10: Keep records of your work
   b. “You must keep full, clear, and accurate records for everyone you care for, treat, or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.”
4. For further information the full document can be found at: https://www.hcpc-uk.org/globalassets/resources/standards/standards-of-conduct-performance-and-ethics.pdf

H) UK Data Protection Law & EU General Data Protection Regulations:

1. Data Protection Law lays down wide-ranging rules, backed up by criminal sanctions, for the
   processing of information about identifiable, living individuals.
2. It also gives individuals certain rights in relation to personal data held about them by others.
3. Hannah McDiarmid nee Jones is registered with the Information Commissioner’s Office (ICO) as a Data Controller.
4. You can view the ICO registration by visiting: www.ico.org.uk and searching for Let’s Verbalise Ltd registration ZA192762

I) Our Lawful Basis For Processing Personal Information:

1. Our lawful basis for processing and storing personal information is one of ‘legitimate interest’ (under article 6 of GDPR).
2. We cannot adequately deliver a service to your child without processing their personal information.
3. As it is both a necessity for our service delivery and of benefit to your child, we have a legitimate interest to process and store their data.
4. Data relating to an individual’s health is classified as ‘Special Category Data’ under section 9 of the GDPR.
5. The regulations specify that health professionals who are “legally bound to professional secrecy” may have a lawful basis for processing this data.
6. SLTs are legally bound to keep client information confidential and it is under this condition that we process and store personal information.

J) Our Responsibilities:

1. We are committed to maintaining the security and confidentiality of your child’s record. We actively implement security measures to ensure their information is safe, and audit these regularly.
2. We will not release your personal details to any third party without first seeking your consent, unless this is allowed for or required by law.
3. We are constantly working to ensure compliance with current data protection regulation.

K) Service-Users Rights:

1. Data protection legislation gives service-users various rights including: being told whether any personal data is being processed, record amendments, being provided with a copy of the information kept, provided with a description of the personal data, why it is required and whether it will be passed to any other organisations.
2. If, for any reason, service-users information is going to be passed to any other organsiation, parental consent will be sought and the information will only be passed on if Let’s Verbalise receive written consent.

L) Subject Access Requests:

1. Subject Access Requests should be provided in writing so that Let’s Verbalise receive an original signature to compare against the records we hold. These requests should be sent to: info@letsverbalise.com and access will be provided within 30 days of receipt of all the necessary information.

M) Changes To Our Privacy Policy:

1. General Data Protection Regulations (GDPR) will apply after 25th May 2018
2. Changes to the GDPR are likely to continue to be made after this date
3. Let’s Verbalise Ltd’s Privacy Policy will be kept under review and any updates will be placed on www.letsverbalise.com or be emailed out to you.
4. This Policy was last updated on 18th May 2018
   If you have any further questions about how we use your information, please contact Let’s Verbalise Ltd at info@letsverbalise.com
5. Further information about data protection legislation and your rights is available from the Information Commissioner’s Office or by calling 0303 123 1113, 9am to 5pm, Monday to Friday