@theretreatyork5 July 2020
Happy 72nd birthday to our incredible @NHSEngland 📸 and a huge thank you to all the staff and volunteers that have worked selflessly during unprecedented time 👏👏 #clapforNHS #NHSBirthday #NHSheroes https://t.co/eammu5BrTc
This Fair Processing Privacy Notice explains how The Retreat York collects, uses, stores and shares personal data and how we maintain patient confidentiality when a patient is referred or treated at the centre.
We are a private mental health provider that provides services in:
The Retreat York is a company registered in England and Wales. Our company number is 4325622.
For the purposes of this notice, The Retreat is the data controller for the information we receive. We are registered with the Information Commissioner’s Office (ICO) at: https://ico.org.uk/ESDWebPages/Search
Our Registration Number is Z6470446.
To support The Retreat in providing a service to you we first of all need to collect information from you to diagnosis your situation. This is done through a number of ways:
We collect information from you to enable us to deliver a high quality care and treatment service to you. This is because as we form a relationship with you it is important that we have a complete picture of your history and can do assessments to develop plans to improve care and treatment. Collecting information about you:
The data we collect includes:
All medical information collected is classed as special category data.
The legal basis relied on to process your data is based on a need to fulfil a contract requirement with you as per Article 6(1)(b) (the processing is necessary for a contract) and Article 9(2)(a) (explicit consent) and 9(2)(h) (special category data) where the processing is necessary for the provision of health or social care treatment or ‘pursuant to contract with a health professional. This is because you have placed a request with us to provide a service to you.
Where information is required for us to pursue our legal obligations the legal purpose for processing the data will be Article 6(1)(c) (processing is necessary for a legal obligation) and Article 9(2)(b) (the processing is necessary for exercising specific rights as a data controller for sensitive data).
However, we may also have ‘legitimate interests’ as a business to pursue which help us to achieve our vision and work arrangements for example employment arrangements, research analytics, improving services, complaints, legal claims etc. Where we process your information for a ‘legitimate interest ‘we will always make sure that your rights and freedoms are taken into account and will not process any information where an imbalance or privacy issue exists.
Any other uses of data will be explained at the point of collection and will apply to all relevant statutory provisions.
We will never share any personal information with any third parties unless we have your explicit consent to do so. Organisations that we primarily share information with include:
Subject to stricter requirements data may be shared where there are exceptional circumstances and where we are required to share to comply with the law. These include:
This may be in respect of:
Research plays a pivotal role in the development of Health and Medical Care Services. Where we are proactive in research studies we will always ask you for your explicit consent and advise you about how the information will be used before you are directly entered into a trial as a participant unless legislation permits otherwise. This reflects our true aims and values as an organisation.
The Retreat does not participate in any direct marketing. However, we may send you text messages to remind you of your appointment if you have formally agreed to this beforehand. You can opt out of this service at any time. Please contact your clinician to update your choices asap so that we can ensure that we are sending you the right communication through the right format.
Under GDPR, all patients and staff have certain legal rights in respect of their data. These include:
All personal data submitted for employment and administration purposes e.g. applying for a job role will be processed on the basis of Article 6(1) (consent) and Article 9(2)(b) (necessary for the performance of a contract) of the General Data Protection Regulations (GDPR). If we do not offer you a role then your data will be kept for 6 months before it is securely destroyed onsite. Any other use of the data will be explained at the point of collection with reference to any relevant statutory provisions.
The Retreat has surveillance cameras onsite to monitor the security and safety of the estate as well as our staff and patients. The Retreat’s CCTV surveillance provision is managed by the Estate and maintained by our outsourced provider SWAT. All CCTV footage is retained for 30 days.
All data held by the Retreat is retained in respect of our Corporate Retention Schedule.
a) Referrals:These are retained for a period of 10 years from the date of the initial referral.
b) Assessments & Out Patient Data:These are retained for a period of 20 years from the date of your discharge from the centre.
As a business we take the protection of all personal data very seriously. Appropriate technical and organisational measures have been implemented to protect people’s personal data from abuse, loss, theft, alteration and misuse of data. All data is stored on secure servers and cloud based solutions which have encrypted back up data measures in place. All data uses SSL encryption for data to be encrypted at rest and transfer. Access to data is protected to authorised personnel and password management tools, data encryption and two factor authentications are used, where possible.
As a general rule, we do not transfer or process personal data outside the European Economic Area unless we have your specific consent to do so or where the nature of the processing requires it (for example, because you have chosen to use an email or other communications service which routes data outside the EEA).
In addition, any personal information that is submitted for publication on our website will also be published on the internet making it available around the world.
Our Website uses technology called ‘cookies’ to enable us to deliver a better user browser experience and to help us understand your preferences and habits. This involves a cookie file being placed on your device each time you visit our website. Cookies do not contain any person-identifiable information.
The Retreat York uses three types of cookies:
Session Cookies:These enable the tracking of your movement across the website and save information to make life easier. For instance, a session cookie might save an item to your shopping basket, which without would force you to order the item again separately.
Persistent Cookies: These enable your preferences and settings to be saved each time you visit our website. This enables you to use the site faster and reduces the need to re-enter data.
Third Party Cookies: These enable us to track your user activity outside the website and optimise campaigns and analytics better.
For the purpose of error capture and analysis, we capture log files which contain information about you and/or your computer. This includes:
No data processing or transformation is undertaken with this data. We do however analyseusage of the site to ensure our pages and services are relevant and current and that information can be delivered effectively.
The Retreat aims to meet the highest of standards when collecting and using personal data. As a business we treat all complaints we receive very seriously. We encourage anyone to bring concerns to our attention if they think we are using their data in an unfair or misleading way.
If you have any queries about how your data rights or how your data is being processed and handled then please contact our Data Protection Officer at:
107 Heslington Road
York, YO10 5BN
The Information Commissioner’s Office (ICO) is the UK’s independent supervisory authority responsible for overseeing all data protection issues. If you are still dissatisfied with how your data is being processed or handled by us following our complaint procedure then you can submit a complaint to the Information Commissioner’s Office (ICO) to ask for an independent review at the following address:
Information Commissioner's Office
Wycliffe House, Water Lane
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510
Last Updated: 19thJune 2019