At the Mindworks we are committed to be compliant with General Data Protection Regulations (GDPR) 2018. We have a duty to ensure your information is confidential and kept securely. The Mindworks Practice Ltd regards the confidentiality and security of personal data as very important to successful working, and to maintaining the confidence of our clients.
As a Practice we adhere to the GDPR principles insofar that the data we collect is:
1. lawfully processed
2. is collected for specified and legitimate purposes
3. is relevant and limited to what is necessary
4. is accurate
5.is kept for as long as necessary
6. is processed securely
As a client of the Mindworks you have the following rights:
- The right to be Informed
- The right of Access
- The right to Rectification
- The right to Erasure
- The right to Restrict Processing
- The right to Data Portability
- The right to Object
- Rights in relation to automated decision making and Profiling
As a client you must give consent for your information to be used for specific purposes. Each specific
purpose must have specific consent, and you have the right to withdraw your consent at any time. This is outlined further in our Terms and Conditions signed prior to your first appointment with us.
The Data Controllers determine the purposes and means of processing personal data. For the Mindworks Practice the Data Controllers are:
Dr Annemarie O’Connor
The Data Processors are the Mindworks staff members who process this personal data on behalf of
the Data Controllers.
Procedure for a Data Breach:
1. The GDPR 2018 introduces a duty to report certain types of personal data breach to the relevant
supervisory authority (ICO). This will be completed within 72 hours of Mindworks being made
aware of the breach, where feasible.
2. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and
freedoms, we will inform those individuals without undue delay.
3. The Mindworks has a process for detecting a breach, and investigation and internal
reporting procedures are in place. This will facilitate decision-making about whether or we will need to notify the ICO and the affected individuals.
4. There is a record held at the Mindworks of any personal data breaches detected.
5. Information we will provide to individuals when telling them about a breach will include information about the nature of the personal data breach; the name and contact details of your data protection officer; any foreseeable likely consequences of the data breach; the measures taken, or proposed to be taken, to deal with the data breach; and any measures taken to mitigate any possible adverse effects
If you have concerns about the processing of personal data please contact us at firstname.lastname@example.org or in writing to: Token House Business Centre, 11/12 Tokenhouse Yard, London, EC2R 7AS
Requests for Data:
Clients can request a copy of their own personal data held by the Mindworks. We require a signed letter with identification before we can release personal data.
Purpose of Processing Personal Data:
Personal Data that is collected from a client is processed and stored for the purposes of:
• receiving appropriate care and treatment.
• Liaising with referrers or other medical practitioners involved in your care
• Raising invoices for payment
• We may use some of this information for other reasons, for example
- To ensure that the practice runs legally and efficiently
- To ensure that the practice can account for its actions
- In relation to ethically approved audit projects
- To ensure efficient administration of our care services
Lawful Basis of Processing Personal Data:
Consent for processing data is obtained in the Registration Forms and the Terms & Conditions that each client completes before using our service.
Relevant legislation / guides:
Data Protection Act (DPA) 1998
General Data Protection Regulations (GDPR) 2018
This policy is intended to comply with the Data Protection Act and GDPR and will be reviewed annually and updated when required.