top of page

Privacy Policy

1. Who we are

NeuroKind Clinical Psychology is a clinical psychology practice based in Derby, providing autism, ADHD and cognitive assessments, therapy, consultation and training services.  We operate as independent Clinical Psychologists working together to provide Gold Standard NICE aligned services.  We are the *data controller* for the personal information described in this policy.

Our clinicians, Dr Katie Fanning (HCPC Registration No. PYL24921) and Dr Lucy Weaving (HCPC Registration No. PYL06571), are also bound by the Health and Care Professions Council (HCPC) Standards of Conduct, Performance and Ethics, which include specific obligations around confidentiality and record-keeping in addition to our duties under data protection law.

 

We are registered with the Information Commissioner's Office (ICO) under registration number

Dr Katie Fanning (ZA380188) and Dr Lucy Weaving (ZB668402). You can verify our registration at: [ico.org.uk/ESDWebPages/Search](https://ico.org.uk/ESDWebPages/Search).


If you have any questions about this policy or how we handle your information, contact us at neurokindpsychology@gmail.com.

2. The personal information we collect

We collect different information depending on how you interact with us:

a) When you visit our website

  • Pages viewed and general browsing activity, via Wix's built-in site analytics

  • Technical information such as IP address, browser type and device type, collected automatically by our website host, Wix.com


b) When you contact us or book a discovery call

  • Name, email address, and any message content you submit via our website contact form

  • Phone number, if you call or provide one


c) When you become a client

  • Identifying information: full name, date of birth, address, contact details

  • Information relevant to assessment or therapy, including developmental history, family/household information, school or workplace information, and information from third parties such as teachers, GPs, or family members (collected with appropriate consent)

  • Special category data under UK GDPR: this includes health information, and may include information about disability, ethnicity, or other characteristics where clinically relevant. This is collected and processed with your explicit consent, and because it is necessary for the provision of healthcare under UK GDPR Article 9(2)(h) and the Data Protection Act 2018.

  • Assessment outputs: clinical notes, questionnaire results, observational records, and your final report and recommendations

  • Payment information necessary to process invoices (we do not store full card details ourselves)


We collect this information directly from you, from people you authorise to provide information about you (such as a parent, partner, teacher, or employer), and in some cases from other professionals involved in your care (such as your GP), always with appropriate consent.

3. How we use your information

We use your personal information to:

  • Respond to enquiries and book discovery calls or appointments

  • Carry out clinical assessments, formulate diagnoses, and provide therapy, consultation, or training services

  • Produce clinical reports and recommendations

  • Communicate with you about your care, including appointment reminders and follow-up

  • Maintain accurate clinical records as required by our professional regulatory body (HCPC) and for clinical governance

  • Process payments and maintain financial records

  • Comply with our legal and regulatory obligations

  • Improve our website and services (using anonymised or aggregated analytics where possible)


4. Our legal basis for processing

  • Responding to general enquiries - Legitimate interests 

  • Booking and delivering clinical assessments/therapy - Contract, and explicit consent for special category (health) data 

  • Maintaining clinical records - Legal obligation (professional regulatory requirements) and explicit consent 

  • Website analytics - Legitimate interests / consent (cookie preferences) 

  • Marketing communications - Consent — we will never add you to marketing communications without your explicit opt-in 


Where we rely on consent, you have the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of anything we did before you withdrew it, and in some cases we may still be required to retain clinical records even if consent for ongoing communication is withdrawn, due to our professional record-keeping obligations.

5. Where your information is stored, and who we share it with

We use the following third-party services to deliver our work. Each acts as a data processor on our behalf, or holds limited information for their own legitimate operational purposes:
 

  • Wix.com — hosts our website, including the contact form. Information submitted through our contact form is processed and stored by Wix on our behalf. See [Wix's Privacy Policy](https://www.wix.com/about/privacy) for details of their own safeguards.

  • Gmail  (Google Workspace/Google) — our business email is hosted by Google. Email correspondence containing your personal information is stored within Google's infrastructure. See [Google's Privacy Policy](https://policies.google.com/privacy).

  • Halaxy — our clinical practice management software, used to securely store electronic patient records, scheduling, and clinical documentation. See [Halaxy's Privacy Policy](https://www.halaxy.com/privacy) for details of their security measures and data handling.

  • Paper-based records  — some assessment materials (e.g. observational notes, questionnaires completed in session) are recorded on paper before being securely stored or transferred to your electronic record. Paper records are kept in locked storage at our clinic premises and are disposed of via secure confidential shredding once transferred or no longer needed.


We do not sell your personal information to third parties, and we do not share clinical information with anyone outside our practice without your consent, except:
 

  • Where we are legally required to do so (for example, a court order, or a safeguarding obligation where there is a risk of serious harm to you or another person)

  • Where sharing is necessary to protect your vital interests or those of another person

  • With other professionals directly involved in your care, with your consent (for example, sharing a report with your GP or school at your request)


Some of our service providers (such as Wix or Google) may store or process data outside the UK/EEA. Where this occurs, we rely on their compliance with UK GDPR-recognised safeguards, such as Standard Contractual Clauses or adequacy decisions.

6. How long we keep your information

We retain personal and clinical information for the following periods, in line with professional record-keeping guidance for health records:

  • Adults: 8 years from the date of last contact or the end of treatment

  • Children and young people: until their 18th birthday, plus a further 7 years thereafter


After these periods, records are securely and permanently deleted or destroyed.

General enquiry information (e.g. messages from people who do not go on to become clients) is retained for no longer than 12 months, unless you ask us to delete it sooner.
 

7. Your rights

Under UK GDPR, you have the right to:

  • Access a copy of the personal information we hold about you

  • Rectification of inaccurate or incomplete information

  • Erasure of your information in certain circumstances (this is more limited for clinical records, due to our legal obligation to retain them for the periods set out above)

  • Restrict or object to our processing of your information in certain circumstances

  • Data portability, where processing is based on consent or contract and carried out by automated means

  • Withdraw consent at any time, where consent is our legal basis for processing


To exercise any of these rights, contact us at neurokindpsychology@gmail.com. We will respond within one month, as required by law.  

If you are unhappy with how we have handled your information, you have the right to complain to the Information Commissioner's Office (ICO): Website: ico.org.uk, Helpline: 0303 123 1113

We would, however, appreciate the chance to address any concerns directly first.
 

8. Children's information

We carry out assessments involving children and young people. Where a child is the subject of an assessment, their personal and clinical information is processed based on consent given by a parent or legal guardian (or, where appropriate and the child has sufficient understanding, by the young person themselves — known as "Gillick competence"). We take particular care to ensure information is held securely and only shared with those who need it as part of the child's care or education.

9. Cookies

Our website uses cookies, primarily through functionality built into the Wix platform (for site operation and basic analytics). You can control cookie preferences through our website's cookie banner, and through your browser settings. For full details on the types of cookies used, see Wix's [Cookie Policy](https://www.wix.com/about/cookie-policy).

10. Security

We take the security of your information seriously. This includes:

  • Storing electronic clinical records within Halaxy's secure, access-controlled system

  • Restricting access to clinical records to authorised clinicians only

  • Keeping paper records in locked storage and disposing of them via confidential shredding

  • Using secure, password-protected email and devices


No method of electronic storage or transmission is 100% secure, but we take reasonable and appropriate steps to protect your information against unauthorised access, loss, or disclosure.

12. Contact us

If you have any questions about this policy, or wish to exercise any of your data protection rights, please contact:
NeuroKind Clinical Psychology
Willow House, Willowpit Lane, Hilton, Derby, DE65 5FN
Email: neurokindpsychology@gmail.com
Phone: 07971 687620

bottom of page