This privacy statement gives you information about how your data / personal information will be used
Introduction: purpose and lawful basis
The law requires transparency about the intended purposes and the legal basis for processing personal data.
‘Processing’ is a broad term to include anything done with personal data. This can include collecting, storing, sharing and disposing of data, for example.
Frith will usually process data on the lawful basis that ‘processing is necessary for the performance of a contract’ with you (GDPR Article 6), but less commonly it may rely on other legal bases, such as: to fulfil a legal or regulatory obligation, to pursue legitimate interests, for a vital interest or on the grounds of you having given explicit consent for a specific purpose. Sensitive data, including medical information, is given extra protection in law, which means data can only be processed if a ‘specific condition’ (GDPR Article 9) is also met – in the case of Frith’s psychiatric work, this will usually be that, ‘processing is necessary for the purposes of….medical diagnosis, the provision of health or social care or treatment…’ but, less commonly, another condition may apply (eg defending legal rights or a claim, or explicit consent).
What information is collected and held about me?
This will vary depending on the type of service you are accessing. Frith may collect the following personal data:
- Your name, date of birth and age, address, email and phone number, GP name and surgery, emergency contact person
- Consultation / appointment date(s) and a summary of the information you provided, the findings or assessment made, any advice given to you, and the follow-up plan
- Your past history and treatment
- Where applicable, information from another relevant professional involved in your care
- Where applicable, information provided by relatives or carers
- Client feedback
- Client contact and other communication preference information
What can my data be used for?
Your data is primarily used to provide a service to you. However, there may be other reasons to process your data, that might include:
- To comply with the requirement to maintain a medical record for its recommended retention period
- To answer enquiries
- To send invoices and maintain accounts
- To contribute to service evaluation and audit
- To obtain and use client feedback
- To discuss cases (anonymously) in supervision
- To comply with obligations such as safeguarding, complaint, claim or other investigations
- To report and investigate any adverse reactions or events, for example with medication
- To keep clients informed about any changes to the service
- To comply with any regulator and professional registration requirements
How will information be obtained?
- Most of the data collected will be provided directly by you – for example when you complete an enquiry form or participate in a consultation
- Sometimes, information may be obtained from others (with your consent) eg a GP or employer
- Sometimes third parties provide information without being asked – for example relatives or employers may occasionally send information. This is ‘third party’ and is ‘their’ information; Frith cannot disclose it without their consent. Similarly, Frith cannot give third parties your information without your consent, except in rare circumstances – when required by law or to prevent serious harm
- (Very limited) information may also be collected to provide general statistics about patterns of website use, but will not be used to identify any individuals
Data subject rights
As a ‘data subject’, you have certain rights. The applicable lawful basis will influence those rights, but certain rights always apply – for example, you can always object to your data being processed for direct marketing.
Do I have the right to access my data?
Yes, and this will be free of charge unless the requests are deemed ‘repetitive’, ‘excessive’ or ‘unfounded’ or if further copies are requested.
You can make the request verbally or by email. You do not have to fill in any specific or extra forms, you simply have to make clear that as a data subject you wish to access your data.
You will have a response within a month.
You may need to prove your identity before records can be released to you.
Certain information is exempt (not shared), such as information from a third party or where sharing the data could cause serious harm.
Do I have the right to request my data is corrected?
You can certainly request correction of any factual errors or omissions. This does not usually extend to medical/clinical opinions, however – although you are always welcome to ask if you can add an entry outlining your different opinion.
Do I have the right to request my data is erased?
This right does not apply to patient clinical records; there are reasons they need to be retained, including the legal obligation to maintain and retain health records and to be able to defend a claim.
How long will my records be kept for?
For psychiatric care via Frith prior to Dec 2025: The NHS Records Management Code of Practice for Health and Social Care 2016 outlines a long retention period of 20 years for mental health records, although very mild adult cases treated successfully in the community may be treated as other adult records and kept for just 8 years. Advice is that doctors should work in keeping with this advice, whether or not they work in the NHS, so if you accessed Frith for psychiatric input then this will apply. Disposal, when it occurs, will be done in a secure manner in line with appropriate technology available at the time. If a third party is used for confidential data destruction, they must also operate within the relevant law and regulations.
For coaching via Frith: the Association for Coaching recommends data retention for a minimum of 7 years (and this is also required by Frith’s insurer).
How will my data be kept secure?
Frith makes use of security measures such as encryption, passwords and secure online backup (ISO 27001 certified) to protect your data from theft or loss.
Who is the data controller?
Charlotte Riches
frith.coaching@posteo.uk
Concerns or complaints
If you have a concern about the handling of your personal information, please raise this directly with Frith and / or you can raise it with the:
Information Commissioner’s Office
Phone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
Please note they advise raising a concern with them within three months of your contact with the organisation concerned.
Medical confidentiality
Patient information (for those accessing psychiatric input up to Dec 2025) is also subject to the duty of confidentiality – none of the above removes the duty to hold your medical information in confidence. Please request a copy of Frith’s confidentiality statement if you require more detail.