• By accessing DiverseOT in the United Kingdom, we will collect and use information about you. This information includes your name, address, email, phone number and information such as date of birth and medical history.
• The information that you provide when you register with DiverseOT is necessary so that we can enter you into a contract with us to enable us to provide relevant assessment, therapy, support and advice to yourself.
• Information about you may be collected via spoken or written liaison with yourself and other health professionals with your consent. For under 16’s and with parental consent, information may also be collected from other professionals working with the child/young person (e.g. teachers, Educational Psychologists, other Speech and Language Therapists). Information might also be collected about family members where this is pertinent to your child/young person (e.g. contact details and relevant medical or developmental history). 
• The www.DiverseOT.co.uk website can be used without providing any personal information. 
• Initial enquiries via telephone or email may lead to the recording/storing of personal information. If an enquiry does not result in you/your child/young person being seen by DiverseOT Therapists, then this information will be deleted once the enquiry has been dealt with. 
• The website may contain links to other internet sites which are outside of our control and are not covered by this privacy policy. Diverse OT is not responsible for data which you provide through any such linked websites. 

• DiverseOT collect and use your information in the following situations: Where use of your information is necessary for us to perform the contract or duty of care with you for you or your child/young person. These include the Terms and Conditions of Therapy. 
• Where our use of your information is for one of “legitimate interest” under article 6 of GDPR and we have made sure that your information, and your rights in relation to the information, are protected. We cannot adequately deliver a service to you/your child/young person without processing their personal information. As it is both a necessity for our service delivery and a benefit to you/your child/young person, we have a legitimate interest to store yours/his/her data. 
• Where we believe it is necessary to use your information to comply with a legal obligation to which we are subject. 
•  Data relating to an individual’s health is classified as ‘Special Category Date’ under section 9 of GDPR. The regulations specify that health professionals who are “legally bound to professional secrecy” may have a lawful basis for processing this data. Occupational Therapists are legally bound to keep client information confidential and it is under this condition that we process and store personal information. 
• Where we rely on consent to use your data, you have the right to withdraw that consent at any time. Please see ‘Your Choices and Rights’ section of this policy for more details.

• Personal information collected via email, telephone or face-to-face contacts is stored and used by DiverseOT for the purpose of delivering Occupational Therapy and providing assessment and advice. 
• Any sensitive personal details are stored in a secure confidential system and processed in confidence by DiverseOT. Information will only be used for the purposes of delivering appropriate Occupational Therapy services. 
• With written consent, information about you/your child’s/young person’s needs may be shared with other professionals involved in your/their care, providing it is in your/their best interests e.g. nursery, school, GP, NHS services. A record of consent is kept within our case notes. 
• Unless we am required to do so by law, we will not disclose any personal information collected to another person/professional other than as set out above. We will only share your information with any law enforcement agency, court, regulator, government authority or other third party where it is necessary to comply with a legal or regulatory obligation or otherwise to protest our rights or the rights of any third party. 
• Information on client location may be shared with a trusted person to ensure our personal safety when attending appointments. 
• We do not employ any agents to process personal data. 
• We do not give or sell client details to any third parties. 

• We, and other service providers (i.e. NHS, schools, GP’s Social Services etc) that we liaise with may use the personal information of you/your child/young person to: Prepare, plan and provide targeted Occupational Therapy services appropriate to you/ your child/young person’s needs. 
• Support meetings about you/your child/young person. 
• Help in accessing additional support (e.g. Onward referrals, other services). 
• To communicate with you via email, telephone, mobile messages and SMS in relation to arranging and confirming appointments – general communication between appointments – sending summaries of therapy input, reports and programmes (password protected) – copying into communications with other professionals – sending resources. 
• Carry out clinical audit to assess and improve our service. Results of any audits are always presented with all client identities removed. 
• Support our management and administration processes, e.g. sending invoices and receiving payments 
• Whenever personal identifiers are not needed for the above tasks, they will be removed from the information used. 

• All information about you/your child/young person and the therapy you/they recieve is stored securely to ensure that we have a complete record of our service to them. We keep confidential notes on an online clinical portal which is password protected (or written notes prior to moving to the online system – in a secure locked cabinet) on each client in accordance with Data Protection Regulations. 
• Electronic information (e.g. reports and email correspondence) is stored on a password protected, single-user laptop. 
• Paper-based assessments are uploaded onto the online portal, but a paper copy retained until no further assessment is required and then shredded. 
• Notes are kept in a notebook following a visit with minimal information i.e. initials, date of visit. These are kept in a locked cabinet whilst not being accessed in accordance with Data Protection Regulations. 
• Films and audio recordings may be taken of clients with verbal/written consent. These are temporarily stored on a password protected smart phone. They may be used in order to inform assessment or used as a therapeutic tool.
• A minimal amount of confidential personal information will be physically taken out of our office. When taken away from the office, it will be kept on the person or will be locked in the boot of the therapist’s car. 

• We will keep your information for as long as is necessary for us to fulfil the purposes that are described in this policy. As a rule, however, we will keep; The information you provide when you register with DiverseOT, together with any updates that are made to that information, for the duration of duty of care. 
• If you do not access therapy support for a period of 12 months we may, in accordance with data collection rules, deem your case to be inactive and suspend your/ your child/ young persons case. Your information will be kept and securely store for a further period of 12 months after which it will be deemed that your case is closed. 
• In accordance with guidelines from the Royal College of Occupational Therapists (RCOT), all records will be kept securely until your child/young person reaches the age of 25 years or for 8 years for over 18’s. After this time, all records will be destroyed by shredding or deleting. 

• It is a legal requirement for all Occupational Therapists practicing in the UK to be registered with the Health and Care Professions Council (HCPC). The HCPC has clear standards of conduct, performance and ethics that all registrants must adhere to. 
• Check its the same for OT These standards affect the way in which we process and share information. Specifically: Standard 2: “Communicate appropriately and effectively – you must share relevant information, where appropriate, with colleagues involved in the care, treatment or other services provided to a service user” 
•  Standard 10: “Keep records of your work – you must keep full, clear and accurate records for everyone you care for, treat, or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access” 
•  upload OT HCPC ONE ? For further information the full document can be found at: http://www.hpc-uk.org/assets/documents/10002367finalcopyofscpejuly2008.pdf 
• We are committed to maintaining the security and confidentiality of all individuals who are known to us in a professional capacity. We actively implement security measures to ensure their information is safe. 
• We are constantly working to ensure compliance with current data protection regulations. 

• Data Protection Law lays down wide-ranging rules, backed by criminal sanctions, for the processing of information about identifiable, living individuals. It also gives individuals certain rights in relation to personal data held about them by others. 
• DiveseOT is registered with the Information Commissioner’s Office (ICO) as a Data Controller. You can view our ICO registration by visiting: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/download-the-register/ 

• Data protection legislation gives you as a person/parent/guardian several rights in relation to your information, and you can make several choices about how we collect and use it. For example, you can object to some of the ways in which we use your information. 
• Note that some of the choices or changes you make may impact our ability to maintain your case or provide you with a service, and your account may need to be closed. We will notify you if such an action is necessary. 
• You can contact us regarding: Updating, completing or correcting your contact and personal details we hold on you. 
• Instructing us on how you would like me to contact you relating to therapy matters. For example, via post, email, text, telephone. 
• Instructing us of a third party you do not wish me to share your personal data or child’s/young persons information with. 
• Requesting access to the information we hold about you or your child/young person. 
• Asking that we amend a record if you believe there to be an error, erase or restrict our use of your information. This could impact on any therapy and may result in your case being closed. 

• You can access the information we hold about you or your child/young person by email. 
• Access will be provided to the records within 30 days of receipt of all necessary information. 
• A copy of your or your or child’s/young person’s records will be provided free of charge. 
• Please make a request via email to: info@DiverseOT.co.uk
• If there are further questions about how we collect, store and use personal data, please contact us at  info@diverseOT.co.uk 
​
Further information about data protection legislation and your rights as a service user is available from the Information Commissioner’s Office or by calling 0303 123 1113, 9am to 5pm, Monday to Friday.