Optima Speech Therapy
Privacy and GDPR Statement
Registered company number: 657346
Tax reference number: 9312593A
Data Protection Officer (DPO): Kate Beckett available at hello@OptimaSpeechTherapy.com
Last updated: 7th September 2022
Pages: 8 Page document
A physical copy of this document is available upon request. Please email address: firstname.lastname@example.org
Optima Speech Therapy is committed to protecting and respecting your privacy. This Privacy and GDPR Statement is meant to help you understand what data we collect, why we collect it, and what we do with it. We have tried to make it as simple as possible but if you have any questions please contact us on hello@OptimaSpeechTherapy.com
This Privacy and GDPR Statement (“Statement”) relates to the services (“Services”) and/or products (“Products”) listed on this website www.optimaspeechtherapy.com (“Website”) and provided in the Clinic. Reference to “we”, “us” or “our” is referring to Optima Speech Therapy. Any reference to “you” or “your” is referring to all users of the Website and Clinic and the recipient of any Product or Service. “The Customer” refers to an individual who has availed of a Product or Service. “Clinic” refers to the office facilities based at Wicklow House, Market Square, Wicklow Town, A67 W589. “Initial Assessment” is the assessment process undertaken when Services are first engaged. “Home Programme” is the personalised Product produced upon receipt of full payment. “Therapy Session” is time spent face-to-face carrying out therapy activities. “Therapy Block” is a number of therapy sessions. All the above products and services result from the information you provide at the time of initial assessment. Repeat assessments may be required to monitor progress and/or at the beginning of a new therapy block.
Confidential Data Storage
We use two cloud-based software’s to store and record your personal data.
Storage Service is provided by Sync is used to provide a secure private cloud storage service which provides end-to-end encryption meeting EU, UK, USA and Canadian GDPR compliance. Sync stores data across multiple SSAE16 type 2 certified datacentre locations with SAS RAID storage. This a service provided and paid for by us to protect your data and is governed by the Sync terms and conditions which can be viewed at https://www.sync.com/terms/
Clinic Management Software is provided by Pabau a Cyber Essential Certified system that complies with the Data Protection Act 2018. For more information see https://www.pabau.com/security/ This a service provided and paid for by us to protect your data and is governed by the Pabau GDPR statement which can be viewed at https://www.pabau.com/gdpr/
1. Information we collect
We hold personal data as part of conducting a professional service. The data falls under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.
1.1 Healthcare records
Healthcare records. A healthcare record refers to all information collected, processed, and held both in manual and electronic formats pertaining to you/your child and your/their care. Speech and language problems can be complex, and a wide range of information may be collected so that we can best meet your/their needs, and to maintain a high-quality service which meets best practice requirements. In order to provide a high-quality service, a range of information may be collected.
Examples of data collected and held on all current and active customers include but are not limited to the following:
- Contact details: Name, address, phone numbers, email address,
- Personal details: date of birth,
- Other contacts: name and contact details of GP and any other relevant healthcare professionals involved,
- Medical history such as any relevant illnesses, medications, and relevant family history,
- Reports from other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child and Adolescent Mental Health Services), Occupational therapy, Physiotherapy, Ophthalmology,
- Parent/guardian details,
- Carer details,
- Description of family,
- Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth,
- Developmental data: developmental milestones, feeding history, audiology history.
1.2 Educational records
Relevant Individual Educational Plans (IEPs), progress notes from educational staff and school reports may be held.
1.3 Clinical records
Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, emails, text messages and transcripts of phone communications. Audio and video files may also be collected and stored.
1.4 General administrative records
We may hold information regarding attendance reports and accident report forms.
1.5 Financial records
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. We may hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, customer name, address and record of invoices and payments made.
2. Where we get our information
2.1 Personal data will be provided by the customer, carer, family or in the case of a child (under 16 years), their parent(s)/guardian(s). This information will be collected as part of a referral form completed via the Website using Pabau Clinical Management System prior to, or on the date of first contact. Information may also be provided directly from relevant third parties such as schools, medical professionals, and allied health professionals, with prior consent from the customer, parent(s)/guardian(s).
3. How we use the information that we collect
3.1 We use the information we collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of Optima Speech Therapy, such as running our electronic booking system, keeping our accounts and updating you of any changes in policies or fees.
3.2 Data retention periods
The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means.
3.3 Clinical Records
We keep both physical and electronic records of clinical data in order to provide a service.
3.3.1 The preferred format for clinical data is electronic.
3.3.2 Video records/ voice recordings and photos relating to customer care/video conferencing records may be recorded with consent, analysed, and then stored in the Sync and/ or Pabau for the duration of the therapy. These records remain the property of the Customer who may amend the material held on Sync and/or Pabau. If data is amended and/or deleted you acknowledging that no other copy of the material is available and deletion will result in the permanent loss of access to documents and materials you have paid for.
3.4 Financial Records
We keep electronic and paper records of financial data from those who use our Products and Services. Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.
Financial Data is kept for 6 years to adhere to Revenue guidelines
Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.
3.5 Contact Data
Contact Data is kept for 6 years to allow processing of Financial Data if required. (This may be retained for longer for safety, legal request, or child protection reasons.)
If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the maximum periods set out above.
4. Information we share
4.1 We do not share personal information with companies, organisations or individuals outside Optima Speech Therapy unless one of the following circumstances apply:
- With your consent: We will share personal information with other relevant health care providers or educational providers when we have your written consent (by letter or email) to do so. We require opt-in consent for the sharing of any sensitive information.
- For legal reasons: We will share personal information with companies or organisations outside of Optima Speech Therapy if disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal processes or enforceable governmental request.
- Meet the requirements of the Children First Act 2015.
- Meet the requirements of Tusla for the protection of children
- To protect against harm to the rights, property or safely of Optima Speech Therapy, our customers or the public as required or permitted by law.
4.2 The following third parties are engaged for processing data:
- Accountant Financial Processing financial accounts.
5. Sharing Data
5.1 Legal requirements. Optima Speech Therapy is required to share data with external parties in the following circumstances:
- Compliance with local tax audit laws
- Compliance with child protection
- Compliance with law enforcement
5.2 Financial requirements. Optima Speech Therapy also is required to share Financial data to comply with local tax laws
5.3 Other parties. Any transfers outside the above which contain Personal Identifying Information (PII) to third parties including but not limited to hospitals, GPs, nursing homes, are only made once the owner of the data has given express written permission by letter or email to do so.
6. How and when we obtain consent
6.1 Consent will be sought on the Website order form and will have a link to this policy for transparency. Users will be directed to read this Statement and to tick agree to the Terms and Conditions. Services cannot be initiated without ticked consent to our “Privacy and GDPR Statement” and “Terms and Conditions”. Should a customer wish to withdraw their consent for data to be processed, they can do so by contacting Optima Speech Therapy at email@example.com
7. How we protect your data
7.1 In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in several ways:
- By limiting the data that we collect in the first instance. All data collected by us will be collected solely for the purposes set out at section 1 above, and will be collected for specified, explicit and legitimate purposes. The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to in section 5.1. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include, inter alia, the assessment, diagnosis and treatment of speech, language and communication disorders.
- By transmitting the data in certain specified circumstances only. Data will only be shared and transmitted, be it on paper and/or electronically as set out in section 3.
- By only keeping the data that is required, when it is required and by limiting accessibility to any other third parties.
- By disposing of/destroying the data once the individual has ceased receiving treatment. Within 2 years of the completion of the Service apart from the special categories of personal data as set out at 1.1 above. Where data is required to be held by us for longer than the period of 2 years, we will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, pseudonymisation of personal data, and/or safe and secure storage facilities for paper/electronic records.
- By retaining the data for only as long as is required. Which in this case is 2 years, except for circumstances in which retention of data is required in circumstances set out at part 1.1 above or in certain specific circumstances as set out at Article 23(1) of the GDPR.
- By destroying the data securely and confidentially after the period of retention has elapsed. This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records or a copy of records can be requested by the individual in writing by letter or email.
8. Protecting your Rights to Data
For children under the age of 16, data access requests are made by their parents/guardians. When a child turns 16, then they may make a request for their personal data in writing by letter or email. However, this is subject to adherence with the Children First Act.
8.2 Vulnerable adults
For vulnerable adults who may not have capacity, data access requests may be made by their family in writing by letter or email along with professional proof that the individual lacks capacity unless this has already been supplied during the therapy Service.
9.1 We are acutely aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible Service.
9.2 All persons working in, and with Optima Speech Therapy in a professional capacity are briefed on the proper management, storage and safekeeping of data.
9.3 All data used by us, including personal data may be retained in any of the following formats:
- Electronic Data
- Physical Files
9.4 The type of format for storing the data is decided based on the format the data exists in. Where applicable, we may convert physical files to electronic records to allow us to provide a better service to customers.
9.5 Data Security. We understand that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which we use to ensure that the data is kept safe.
- Electronic Data. All electronic data is contained in but not limited to the following systems: e.g. Email system, CMS, Shared Folders, etc.
- Laptop storage System:
- This system is physically located in Ireland,
- This system provider is aware of their requirements for GDPR compliance,
- This system has a Live Update for security enabled,
- Kate Beckett is a sole trader and is the only person working in Optima Speech Therapy to have access to records,
- All persons require a Log on and Password in order to access the records.
- Physical Files:
- All physical data is located in Wicklow, Co Wicklow,
- Kate Beckett is the sole person working in Optima Speech Therapy to have access to these records,
- These records are kept secured with a lock and key in an alarmed property.
- Security Policy.
- Optima Speech Therapy understands that requirements for electronic and physical storage may change with time. As such, the data controller inOptima Speech Therapy reviews the electronic and physical storage options available,
- All physical devices used by persons working in Optima Speech Therapy which may contain any identifiable PII are kept in the physical location above in an alarmed property,
- All persons working in Optima Speech Therapy are aware and briefed on and refresh the requirements for good data hygiene. This briefing compliance is monitored by the Optima Speech Therapy data controller and includes but is not limited to:
- Awareness of customer conversations in unsecure locations,
- Enabling auto-lock on devices when leaving them unattended, even within Optima Speech Therapy,
- Use of non-identifiable note taking options such as use of initials, not names,
- The awareness of Optima Speech Therapy procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.
The Website, Products and Services cannot be replicated, reproduced, or duplicated for use by any other person/persons/organisation. The Product(s) and/or Service(s) provided by us are personalised and individualised to you/your child based on the information you provide to us at a specific time. We are not responsible if you do not declare information that may impact on the therapy approach or targets used for the Product(s) and/or Service(s). The Product(s) and/or Service(s) are intended for the specified individual and we are not responsible if you offer your purchased Product(s) and/or Service(s) to another individual other than that which it was intended for. Therapy results may be considered subjective and we make no guarantee of improvement or cure from the use of our Product(s) and/or Service(s). We provide these Product(s) and/or Service(s) based on clinical practice. Direct therapy with a Speech and Language Therapist is the gold standard for treatment. This Product and Service is an alternative for parents/carers by choice or where access and availability does not allow direct intervention.
If you do not understand anything in these Terms or need more information please contact us at firstname.lastname@example.org. Depending on your question, we may suggest you take independent advice via Citizens Information via www.citizensinformation.ie or 0761 07 4000.
Empowering parents with an original, proactive and easy-to-use service for speech therapy.