Effective Date: 28/11/2024

​

At Atrom Mindcare Limited (referred to as "we," "us," or "our"), protecting and respecting your privacy is our priority. This privacy notice explains how we collect, use, store, and safeguard your personal data when you access our services, including online appointments. in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1.Information We Collect

We collect and process personal data when you interact with us through our website, book appointments, or use our healthcare services. The types of data we may collect include:

• Personal Information: Name, contact details (email, phone number, address), date of birth, and information provided during account creation or appointment booking.

• Medical Information: Health data provided during consultations, medical records, prescriptions, and other relevant health information.

• Payment Information: Details necessary to process payments for our services.

• Technical Information: IP address, browser type, and device details collected through cookies or similar technologies.

2.How We Use Your Information

We use your personal data for the following purposes:

• Managing your bookings and online appointments.

• Providing healthcare services.

• Processing payments for services.

• Sending appointment reminders and communications regarding your treatment.

• Compliance with legal and regulatory obligations.

• Improving our website and services.

 

3.Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for us to process your data.

• Contractual Obligation: When processing is necessary for providing healthcare services.

• Legal Obligation: To comply with legal and regulatory requirements.

• Legitimate Interests: For improving our services and operating our clinic.

Please note that when the processing is related to your care or treatment or when there is another lawful basis that we can use, we do not rely on consent as the lawful basis under the UK GDPR. Consent under the UK GDPR gives the data subject (patient) a right to stop the processing and a right to erasure. If we could not comply with this right, for example, where we have a statutory duty to process the information, then consent would not be valid.

 

However, where you have provided personal information in confidence and we need to share it in ways you could not reasonably expect, we will ask for your consent under ‘common law’ (except where we are required to do so by law). Common law consent comes from the ‘Common law duty of confidence’. This is not a written law but is based on case law. Common law consent is not the same as consent under the UK GDPR and does not include a right to erasure.

​

Conditions for Processing Special Category Data (Article 9):

1. Provision of Healthcare (Article 9(2)(h))

   • Processing is necessary for medical diagnosis, the provision of healthcare or treatment, or the management of healthcare systems.

2. Public Interest in Public Health (Article 9(2)(i))

   • If the processing is necessary for ensuring high standards of quality and safety in healthcare.

3. Explicit Consent (Article 9(2)(a))

   • Where required, for non-standard uses of patient data (e.g., research, marketing, or sharing with external parties beyond the scope of usual care).

4. Legal Claims (Article 9(2)(f))

   • To establish, exercise, or defend legal claims (e.g., in cases of malpractice or disputes).

 

4.Sharing Your Information

We will not share your personal data with third parties unless it is necessary for the following:

• Healthcare Providers: Sharing information with other professionals involved in your treatment.

• Payment Processors: Secure third-party processors for billing.

• Regulatory Bodies: Compliance with legal and regulatory requirements.

• Service Providers: Providers of IT, security, and administrative services.

• Legal Reasons: When required to comply with applicable laws, enforce our terms and conditions, or protect our rights, property, or safety.

National Data Opt-Out (NHS clients):

Atrom Mindcare Ltd reviews all of our data processing on a regular basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities. All new processing is assessed to see if the national data opt-out applies.

Currently, we do not share data for planning or research purposes to which the national data opt-out applies. We review all of the confidential patient information we process to ensure that it is not being used for research and planning purposes. It is your individual right to stop your information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters.

​

5.Data Security

We implement appropriate technical and organisational measures to protect your data from unauthorised access, alteration, or disclosure. These measures include:

• Encryption for data in transit and at rest.

• Secure storage solutions.

• Regular monitoring and audits of our systems.

6.Data Retention

We retain your personal and medical data only as long as necessary to fulfil the purposes for which it was collected, in line with legal requirements for healthcare data. Once retention periods expire, data will be securely deleted or anonymised.

7.Your Rights

You have the following rights regarding your personal data:

·Access: Request a copy of your personal data.

·Correction: Request corrections to inaccurate or incomplete data.

·Erasure: Request deletion of your data under certain conditions.

·Restriction: Request limits on processing in specific situations.

·Portability: Request transfer of your data to another provider.

·Objection: You may object to certain processing activities that we carry out based on our legitimate interests.

 

To exercise your rights, please contact us using the details provided below.

8.Cookies

Our website, https://www.atrommindcare.com and https://health.atrommindcare.com/engb/atrom-mindcare-adhd-clinic , uses cookies to improve your experience and analyse traffic.

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us remember your preferences and provide a better user experience. You can adjust your preferences for cookies using our cookie banner. If you have any further questions about the cookies that we use please contact using the details below.

Types of Cookies We Use

• Necessary Cookies: Essential for website functionality.

• Performance Cookies: Help us understand how visitors interact with the website.

• Functional Cookies: Remember your preferences and settings.

• Advertising Cookies: Provide relevant ads based on your interests.

Managing Cookies

You can manage or delete cookies through your browser settings and by using our cookie consent banner. For more general  information, visit www.allaboutcookies.org.

9.Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any updates will be posted on this page, and where necessary, we will notify you via email.

10. Complaints

If you have any concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns. You can reach us using the details in the "Contact Us" section below.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK’s independent authority for data protection.

Contact Details for the ICO:

• Website: https://ico.org.uk/make-a-complaint

• Telephone: 0303 123 1113

• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10.Contact Us

If you have any questions or concerns about this privacy Notice or your personal data, you can contact us at:

• Atrom Mindcare Limited

• Address: The Civic Building - Regus, 323 High St, Epping, CM16 4BZ

• Email: contact@atrommindcare.com

Website: https://www.atrommindcare.com and https://health.atrommindcare.com/en