ashtonshaw psychological therapies
Ashton Shaw 
Specialist Psychology Services
Ashton Shaw Specialist Psychology Services Data Protection & Privacy Policy

Collection of Data
Ashton Shaw Specialist Psychology Services (Ashton Shaw SPS) collects (stores and processes) personal and/or sensitive personal data. This is necessary in providing Psychological Services under HCPC guidelines. The collection (storing and processing) of client data is a legitimate activity, with appropriate safeguards in place.  Any data will be used as originally intended and be kept and stored only for as long as is strictly necessary. This data protection and privacy policy provides information about the personal information we process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR).

Our ICO registration number is: ZA161026

Why do we collect at information about you?
We may collect information about you because you are a patient or client.
We process the data because it is in our legitimate interests as a clinical psychologist to do so. We need to see and analyse documents containing this information in order to provide our expert advice, to carry out an assessment or to deliver psychological intervention.
As a client or patient of  Ashton Shaw SPS our lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.

What information do we collect about you?
Basic personal information (i.e. contact details), current functioning (i.e. presenting difficulties), personal history (i.e. family background, significant events, psychological history, educational history, physical health history), psychometrics/outcome data (i.e. self-report assessment measures), neuropsychological (i.e. assessment of IQ or memory functioning), clinical observations (i.e. in session or school observations), subjective opinion (i.e. clinical opinion stated in assessment report), financial information (i.e. invoice and payment records), external information (i.e. reports from other health professionals) and process notes (i.e. notes taken during a therapy session), medical conditions (if relevant), prescribed medication, sexuality and offences (including alleged offences).

To make sure that you are assessed and/or treated safely and appropriately,  your personal information, such as your name, address, as well as all contacts you have with Ashton Shaw SPS such as appointments and the results of assessments and letters relating to your care/report. Your data is kept confidential within Ashton Shaw SPS at all times.
Personal data pursuant to legitimate interests in running our business such as - Invoices and receipts is also processed.

Storage of Data
We take your privacy very seriously. We are committed to taking reasonable steps to protect any individual identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems.
All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules. 
Special category data and personnel files held electronically are encrypted with restricted access. We do not collect or store special category or other personal data other than electronically – we do not hold this information as hard copies.

Processing of Data
All reasonable steps to minimise the risk of data breaches are taken to protect your data. This includes: pseudonymisation where possible, encryption, and password protection for any devices that store data, including mobile phone. Any electronically transmitted data (i.e. reports, appointment letters) are in the form of a password protected document (PDF). The password is pre-arranged with the receiver and not transmitted via the same medium as the data.

Any information from or liaison with external sources will only be carried out with the knowledge and consent of the client.  Consent to liaise with or collect information from external sources (i.e. school) is gained from the client, recorded and updated as necessary.

Patients/Clients (Therapy or private assessment)
In many circumstances we will not disclose personal data without consent.
Your information may be shared with outside organisations if they are directly involved in your care/case, for instance, your insurer if they are funding your treatment, your GP, or others involved in your care. We will discuss with you who we would discuss your care with, and what details we would share with them.

If your health is in jeopardy (with your agreement) we may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team or your emergency contact person).
In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint we may need to share personal information with other relevant bodies.

If we do need to share your information, we will always try and ask for your permission for this. We may not be able to ask your permission under special circumstances where we are legally required to do so.

Client’s Rights

Sharing of Your Data
Your data will not be shared with a third party unless it is at your request / you have given consent. There are some specific exceptions to this (please see information above and below). Client’s will be sent a review copy of any reports / letters etc prepared by Ashton Shaw SPS prior to the communication being sent out to a third party. The client will be asked to request any changes within 5 working days.

How you can access your information and correct it, if necessary?
Ashton Shaw SPS tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation.

We will then supply to you:
A description of all data we hold about you
Inform you how it was obtained (if not supplied by you)
Inform you why, what purposes, we are holding it
What categories of personal data is concerned
Inform you who it could be disclosed to
Inform you of the retention periods of the data
Inform you around any automated decision making including profiling

Let you have a copy of the information in an intelligible electronic form unless otherwise requested.

To make a request to Ashton Shaw SPS for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, please address these changes to the contact address below.

Rectification / Erasure Procedure:
Clients are requested to inform Ashton Shaw SPS regarding a change to any personal information as soon as reasonably possible to ensure data is kept accurate and up-to date.

If a mistake has been made in the processing of personal data, for example the incorrect date of birth has been recorded, this will be changed as soon as Ashton Shaw SPS is made aware of the mistake. The mistake will be corrected on all stored and processed (where reasonably possible) data types for that client.

The client can request information which is recorded as part of a document (assessment/discharge/update reports etc.) to be changed for up to 12 months after the date stated on the document. Incorrect factual information will be changed, and document recipients will receive a copy of the updated document. If the client is challenging the clinical opinion stated in the report that will be discussed on a case-by-case basis. But the clinician may be unable to make the requested changes in these instances.

Clients can request deletion of their stored data at any time via email or postal address: or Room 37, 3a Bridgewater Street, Liverpool, L1 0AR.

Note these rights are not absolute and can be overridden by other legitimate interests e.g. court subpoenas, defence of legal claims, safeguarding or risk concerns.  If we become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that we inform an authority without seeking your permission. In such a situation, the law may require that we share your personal information without your knowledge.

Breach Procedure
If a data breach occurs the client and The Information Commissioners Office (ICO) will be informed within 72 hours. ICO recommendations will be followed and policy / procedures will be updated to prevent any repetition. Any reasonable steps will be taken to reduce impact of the data breach.

Retention of Data
We do not keep your data for longer than is necessary.

For adult clients, data from all categories (unless specified differently below) will be retained for a period of 8 years after the date of last contact between the patient and clinician, or eight years after the death of the client if sooner.

For children & young people (i.e. under 18 years of age) data is retained from all categories (unless specified differently below) until the client’s 25th birthday or 26th if young person was 17 years at conclusion of treatment, or 8 years after death.

For clients with learning difficulties data from all categories (unless specified differently below) is retained for a period of 10 years after the client’s death.

For all psychometric / neuropsychological data the raw data will be deleted / shredded on completion of related report including these outcomes; only the report will be retained.   Any recorded information (i.e. answerphone messages) will be deleted on processing. All emails regarding client (direct or indirect) will be permanently deleted once client is non-active. Data may be copied from emails and stored electronically (as detailed above). Outcome data maybe anonymised, recorded and retained permanently as part of a large data set; individual client data will not be identifiable.  Financial information (i.e. invoices) will be kept for a period of 7 years for tax purposes.

Complaints or queries
Ashton Shaw SPS tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact the Data Protection Officer (Dr Kerry Ashton Shaw) who will investigate the matter on your behalf.

If you are not satisfied with the response from Ashton Shaw SPS or believe we are not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
Contact information ICO:

Telephone: +44 (0) 303 123 1113

child and adolescent mental health support