Privacy Policy

Unmasking Minds ADHD Clinic
(GDPR & UK Data Protection Act 2018 Compliant)

1. Introduction

Unmasking Minds ADHD Clinic is committed to protecting your personal information, respecting your privacy, and handling data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal data when you access our website, services, assessments, or communicate with us.

We process personal data in accordance with:

UK General Data Protection Regulation (UK GDPR)

Data Protection Act 2018

CQC expectations for safe data handling

NHS Code of Practice for Confidential Information

By using our services or website, you agree to the terms outlined in this Privacy Policy.

2. Who We Are

Organisation: Unmasking Minds ADHD Clinic
Data Controller: Unmasking Minds ADHD Clinic
Contact: [Insert clinic email address]

We provide ADHD pre-assessments, clinical assessments, consultations, coaching, community support, and related administrative services.

3. Personal Data We Collect

Information You Provide Directly

Name and contact details

Date of birth

Pre-assessment questionnaires and screening forms

Clinical assessment information

Medical and neurodevelopmental history relevant to ADHD

Risk and safety information

Clinical notes, reports, and outcomes

Consent forms and agreements

Payment and billing information

GP and healthcare professional details (where relevant)

Emergency contact details

Information Collected Automatically

Website analytics data (such as IP address and cookies)

Online form and survey responses

Appointment booking and attendance information

Special Category Data

As an ADHD clinic, we may process special category data including mental health and neurodevelopmental information. This data is processed only where necessary to provide appropriate care and support.

4. How We Use Your Information

We use your personal data for the following purposes:

Clinical Care

ADHD pre-assessment and assessment services

Determining suitability for services

Providing consultations, coaching, and guidance

Preparing clinical documentation and reports

Coordinating care with clinicians and prescribers

Administrative Purposes

Managing client records

Booking and managing appointments

Communicating with you regarding services

Processing payments

Responding to enquiries

Quality assurance and service improvement

Legal and Safety Purposes

Safeguarding and risk management

Compliance with CQC and legal requirements

Responding to lawful requests from regulatory or legal bodies

Contacting emergency services where there is a serious risk of harm

Your data is never used for unrelated marketing or non-care purposes.

5. Lawful Basis for Processing

We process your data under one or more of the following lawful bases:

Consent – where you have given clear permission

Contract – to deliver services you have requested

Legitimate Interests – for administration and communication

Legal Obligation – for safeguarding and regulatory compliance

Vital Interests – where there is an immediate risk to health or safety

Healthcare Provision – for processing special category clinical data

6. How We Store and Protect Your Data

We store your information securely using:

Encrypted Google Workspace systems

Secure CRM systems (including GHL)

Password-protected and access-controlled devices

Restricted access based on professional role

Encrypted communications where appropriate

We follow CQC guidance and industry best practices to ensure data security.

7. How Long We Keep Your Information

We retain information in line with legal and clinical requirements:

Clinical records: 7 years

Assessment data: 7 years

Financial records: 6 years

Emails and correspondence: 1–3 years, depending on relevance

Data is securely deleted once retention periods expire.

8. Sharing Your Information

We only share your information when necessary and lawful, including with:

Assigned clinicians and assessors

Prescribers or healthcare partners (with consent)

Your GP (with consent, unless safeguarding applies)

Emergency services where there is a serious risk

Legal or regulatory authorities when required

We do not share your information with employers, family members, or third parties without your explicit consent.

9. Your Rights Under GDPR

You have the right to:

Access your personal data

Request corrections or updates

Request deletion (where applicable)

Withdraw consent

Restrict or object to certain processing

Request copies of your records

To exercise these rights, please contact us using the details provided above.

10. Confidentiality and Safeguarding

All information you share with us is treated as confidential. Confidentiality may only be breached where:

There is a risk of serious harm to you or others

A safeguarding concern involves a vulnerable adult or child

Disclosure is required by law or court order

Where possible, you will be informed before any disclosure is made.

11. Cookies and Website Data

Our website may use cookies to support functionality and analytics. You can manage or disable cookies through your browser settings at any time.

12. Updates to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website or upon request.