Data Protection Policy
The Mental Health Practice
Effective Date: 1 September 2024
1. Introduction
This policy outlines how The Mental Health Practice (hereinafter referred to as "the Firm") complies with the General Data Protection Regulation (GDPR) to protect the personal data of our clients, ensuring transparency, accountability, and respect for their rights.
2. What is Personal Data?
Personal data refers to any information that identifies an individual directly or indirectly, including but not limited to:
Name, address, and contact details
Identification numbers (e.g., national insurance numbers, passport details)
Financial data
Case-related information
3. How We Use Your Personal Data
The Firm collects and processes personal data to:
Provide legal advice and services
Fulfil contractual and regulatory obligations
Communicate with clients and third parties involved in cases
Maintain records for legal and compliance purposes
We will only use your data for purposes that are lawful, necessary, and proportionate.
4. Lawful Basis for Processing
The Firm processes personal data based on the following lawful grounds:
Consent: Where explicit permission is provided.
Contract: To fulfil our obligations under a contract with you.
Legal Obligation: To comply with statutory requirements.
Legitimate Interests: For business operations, provided this does not override your rights and freedoms.
5. Your Rights under GDPR
You have the following rights regarding your personal data:
Right to Access
You can request a copy of your personal data held by the Firm.
Right to Rectification
You can request corrections to any inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data, subject to legal and contractual obligations.
Right to Restrict Processing
You can request limited use of your data in specific circumstances.
Right to Data Portability
You can request that your data be transferred to you or another organization in a structured, machine-readable format.
Right to Object
You can object to the processing of your data for specific purposes, including marketing.
Rights Related to Automated Decision-Making
You can request human intervention where decisions about you are made solely by automated processes.
6. Data Retention
The Firm retains personal data only as long as necessary for the purposes for which it was collected and to meet legal or regulatory requirements.
7. Data Sharing
We may share personal data with:
Courts, government bodies, and regulatory authorities
Opposing legal parties and their representatives
Quality assurance assessors
Service providers (e.g., IT support, document storage)
We ensure all third-party processors comply with GDPR.
8. Data Security
The Firm implements appropriate technical and organizational measures to protect personal data, including:
Encryption and secure file storage
Regular data protection training for staff
Access controls and audit logs
9. Complaints and Queries
If you have concerns about how your data is handled, please contact:
Tammy Groves
Data Protection Officer
The Mental Health Practice
Oxford Point, 19 Oxford Road, Bournemouth BH8 8GS
07961 053639
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/
10. Updates to This Policy
This policy may be updated periodically to reflect changes in legal or regulatory requirements. The latest version will always be available on our website or upon request.
Signed:
Tammy Groves
The Mental Health Practice
1 September 2024