This Privacy Notice sets out how we protect your ‘data’ (personal details and records)
we do this to comply with the General Data Protection Regulation or GDPR (Europe)
and The Data Protection Act 2018 (UK). A summary of how GDPR is being
implemented, why confidential information is held and how this is protected can be
found by visiting: https://ico.org.uk
It is assumed that by engaging in this assessment or service, you are consenting
to records being kept. For the avoidance of doubt, we (or those who instruct us)
might ask you to sign a consent form. If we believe you lack capacity or if you
are a child we might seek consent from an appropriate adult.
• Keeping records is an essential component of healthcare, which helps in
understanding how best to help and forms the basis of any reports needed. We
usually keep your records for any of the following reasons:
o Preventative or Occupational Medicine.
o Legal defence necessary for the establishment, exercise or defence of
legal claims whenever courts are acting in their judicial capacity.
o Where the data subject has given explicit consent.
o Research.
o Where it is necessary to protect the vital interest of the data subject or
some other person where the data subject is physically or legally
incapable of giving consent.
o Employment relationship.
o Where a data subject has already put information in the public domain.
• Confidentiality is maintained at all times (i.e. your information is not shared)
unless there are exceptional circumstances such as risk to yourself or others.
If believe you or a child is at risk other services such as your GP or police may
be contacted without your consent, as this is a professional obligation. Please
see The British Psychological Society, Generic Professional Practice
Guidelines www.bps.org.uk
• We operate a system of peer review and supervisor review, where we believe
that it would be helpful for a peer or supervisor to review the content of a report
or therapeutic session we will obtain your consent.
• Consultation notes and questionnaires will be held for varying lengths of time
depending on the content (and then carefully disposed of). For example:
o Some records might be held indefinitely if there were any issues of
concern that could lead to a police investigation in the future.
o Where there is a legal obligation to hold those records to report our
transactions to HMRC, we will hold those records for seven years.
o Mental health records are subject to special legislation, e.g. children’s
records are kept until age 26 and adult records for eight years after the
last contact with the service
Www.gov.uk/government/publications/records-management-code-ofpractice-for-health-and-social-care
• All information recorded on paper will be securely stored in a locked filing
cabinet, and if this has to be transported outside of the office, great care will be
taken in other premises and likewise locked in a filing cabinet
• Confidential digital information will be stored in a secure cloud service offering
high levels of security.
• Confidential information sent via the internet will be encrypted and password
protected, the password may be sent separately by text message.
• Letters sent by surface mail, e.g. to GP’s will be marked Confidential.
• All electronic devices (e.g. computers, laptops and phones) and used to access
stored information will themselves be password protected. Disc’s drives will be
encrypted.
• The right of access called a ‘subject access request’ or SAR can be made for
the data we hold, but there may be an administration charge if all records are
requested, as these may be ‘excessive’. These will be provided within one
calendar month of the request being made.
• Where we carry out psychological tests and assessments, we work within the
British Psychological Society’s Statement on the Conduct of the Psychologists
providing Psychometric Expert Evidence to Courts and Lawyers. Under these
guidelines, it is not possible to disclose some of our records to you. We cannot
disclose certain test information under these guidelines or where disclosure
would amount to a breach of a trade secret.
• We may automatically delete all the data that we hold on you within seven days
of the assessment report being produced or sooner if we do not produce a
report.
• Where a request is made by a bona fide data subject (the data subject might
be an organisation or individual), we will require proof of identity in the form of:
o a current passport,
o a driving licence; or
o a birth certificate.
And Also, one of these:
o a recent bank statement dated within the last the months (with full
address); or
o a recent utility statement dated within the last three months (with full
address).
• We might ask records to be collected in person from our office and for the data
subject to bring the original identification documents with them. If records are
sent by post, they can only be sent to the registered address which is proved
by the identity documents.
• In the event of death or incapacity of any medical professional in Advanced
Assessments, arrangements have been made for records to be held by a
named professional colleague who will continue with the above obligations.
• We do not process your information outside of the EEA.
• Where you are under a statutory or contractual obligation to provide your data,
this will be set out in the letter of instruction from the lawyers involved in your
case, the court or by your employer.
• We do not use automated decision making in processing your data.
• You have the right to withdraw consent and ask us to delete the data that we
hold on you. If you have not provided consent, we will not retain your data
unless we were lawfully obliged to.
• This Privacy Notice will be subject to review, as needed or annually by 25 May
each year.
• Advanced Assessments Ltd is registered with the Information Commissioner’s
Office (ICO), and you have the right to complain how we process your data with
the ICO.
Enquiries can be made by contacting the Data Controller in writing:
Tamsin Beeby
Data Protection Officer
Advanced Assessments Ltd
180 Piccadilly
Mayfair
London W1J 9HF