top of page

Data Protection Policy

The Mental Health Practice

Effective Date: 1 September 2024

 

1. Introduction

This policy outlines how The Mental Health Practice (hereinafter referred to as "the Firm") complies with the General Data Protection Regulation (GDPR) to protect the personal data of our clients, ensuring transparency, accountability, and respect for their rights.

 

2. What is Personal Data?

Personal data refers to any information that identifies an individual directly or indirectly, including but not limited to:

 

Name, address, and contact details

Identification numbers (e.g., national insurance numbers, passport details)

Financial data

Case-related information

3. How We Use Your Personal Data

The Firm collects and processes personal data to:

 

Provide legal advice and services

Fulfil contractual and regulatory obligations

Communicate with clients and third parties involved in cases

Maintain records for legal and compliance purposes

We will only use your data for purposes that are lawful, necessary, and proportionate.

 

4. Lawful Basis for Processing

The Firm processes personal data based on the following lawful grounds:

 

Consent: Where explicit permission is provided.

Contract: To fulfil our obligations under a contract with you.

Legal Obligation: To comply with statutory requirements.

Legitimate Interests: For business operations, provided this does not override your rights and freedoms.

 

5. Your Rights under GDPR

You have the following rights regarding your personal data:

 

Right to Access

You can request a copy of your personal data held by the Firm.

 

Right to Rectification

You can request corrections to any inaccurate or incomplete data.

 

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal and contractual obligations.

 

Right to Restrict Processing

You can request limited use of your data in specific circumstances.

 

Right to Data Portability

You can request that your data be transferred to you or another organization in a structured, machine-readable format.

 

Right to Object

You can object to the processing of your data for specific purposes, including marketing.

 

Rights Related to Automated Decision-Making

You can request human intervention where decisions about you are made solely by automated processes.

 

6. Data Retention

The Firm retains personal data only as long as necessary for the purposes for which it was collected and to meet legal or regulatory requirements.

 

7. Data Sharing

We may share personal data with:

 

Courts, government bodies, and regulatory authorities

Opposing legal parties and their representatives

Quality assurance assessors

Service providers (e.g., IT support, document storage)

We ensure all third-party processors comply with GDPR.

 

8. Data Security

The Firm implements appropriate technical and organizational measures to protect personal data, including:

 

Encryption and secure file storage

Regular data protection training for staff

Access controls and audit logs

 

9. Complaints and Queries

If you have concerns about how your data is handled, please contact:

Tammy Groves

Data Protection Officer

The Mental Health Practice

Oxford Point, 19 Oxford Road, Bournemouth BH8 8GS

07961 053639

TMHPractice@Outlook.com

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/

 

10. Updates to This Policy

This policy may be updated periodically to reflect changes in legal or regulatory requirements. The latest version will always be available on our website or upon request.

 

Signed:

Tammy Groves

The Mental Health Practice

1 September 2024

bottom of page