Policies

Applied Psychology Solutions (APS) is a company offering clinical psychological services (specialising in court related work). This privacy policy explains how we use any personal information we collect about you, as a past, present, future employee or associate, a service user (client or patient) or when you use our website.

Applied Psychology Services provides expert witness services and psychological therapy and assessment services based at  20 Station Road, Cambridge. This privacy notice provides information about the personal information we process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR).

Our ICO registration number is Z1743521

Please contact Paul Newns at information.security@apsy.co.uk with any questions or requests about the personal information we process.

1. What are your rights?

 

We are committed to protecting your rights to privacy. They include:

  • Right to be informed about what we do with your personal data
  • Right to have a copy of all the personal information we process about you
  • Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is incomplete
  • Right to be forgotten and your personal data destroyed
  • Right to restrict the processing of your personal data
  • Right to object to the processing we carry out based on our legitimate interest

2. Why do we collect at information about you?


We may collect information about you because you are a patient or client of ours. You may be an associate or employee. You might be a claimant who is part of a legal or litigation claim.
We process the data because it is in our legitimate interests as an expert witness or clinical psychologist to do so. We need to see and analyse documents containing this information in order to provide our expert advice, to carry out an assessment or to deliver psychological intervention.
Another lawful reason for us processing your data may be Legal Obligation. If we are processing "special category data" about you, this is our second lawful reason to do so. This is likely to apply if you are being assessed as part of a litigation claim.
As a client or patient of APS our lawful reason for processing "special category data" is that it is necessary for the purposes of the provision of health or social care or treatment.
If you are an employee or associate of APS we will have a contract with you, which will be our lawful reason to process your data.


3. What information do we collect about you?


We collect information about you that may include personal or sensitive information, such as:

  • First name or given name
  • Family name or surname
  • Address
  • Telephone numbers
  • Date of birth
  • Gender (or preferred identity).
  • Age.
  • Date of Birth.
  • Relationships & children
  • Occupation.
  • Address.
  • Telephone/SMS number
  • Email address

To make sure that you are assessed and/or treated safely and appropriately, we record your personal information, such as your name, address, as well as all contacts you have with the Company such as appointments and the results of assessments and letters relating to your care/report. Your data is kept confidential within the Company at all times and is only shared with staff when they need it to carry out their job.
We also process personal data pursuant to our legitimate interests in running our business such as:

  • Invoices and receipts
  • Accounts, VAT and tax returns

Patients/Clients (Therapy or private assessment)


When you are a patient or client of APS we record all your treatment and details of your appointment so that your clinician can plan your treatment correctly. In addition to the personal information above, we may also collect information regarding:

  • Medical conditions (if relevant)
  • Prescribed medication.
  • Psychological history and current difficulties.
  • Sexuality
  • Offences (including alleged offences)
  • Financial information, including bank account details (if you are a private patient/client of APS)

We may collect some of this information from your insurance company if you have one, and some of this information will be collected directly from you.


Clients undertaking Court Reports


In the case of a court report we retain the information as required by the courts or your solicitor.
In addition to the personal information above, we may also collect information regarding:

  • Medical conditions (if relevant)
  • Prescribed medication.
  • Psychological history and current difficulties.
  • Sexuality
  • Offences (including alleged offences)

We may be given some of this information from your solicitor or the party instructing us for the purposes of litigation, and some of this information will be collected directly from you.
In many cases, an individual has consented to the transfer of their personal data to us. Where an individual has consented, he or she may easily withdraw it by notifying Name at the Name's email address out above.


Job applicants, current and former APS employees and associates


When individuals apply to work at APS, we will only use the information you supply to us to process your application and to monitor recruitment statistics. Data that we collect about you, in addition to the above, may include:

  • Pay and bank details, pay slips
  • Curricula vitae, contracts of employment, references and appraisals
  • Health information ( in reliance on the occupational health exemption contained in the Data Protection Act 2018)

Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a 'disclosure' from the Disclosure and Barring Service we will not do so without informing you beforehand unless the disclosure is required by law.


Web access collection of information


We collect information about you when you register with us or place any order for services. We also collect information when you voluntarily complete contact forms. However, in this case they will be unable to engage in the particular website activity as we would not have the contact details to send the requested information. APS always tries to minimise the amount of personal information that we require in order to provide a specific service or feature.


4. How do we store the information about you?


We take your privacy very seriously.
We are committed to taking reasonable steps to protect any individual identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems.
All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.


5. How long do we keep your information for?


We do not keep your data for longer than is necessary.
Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.


Patients/Clients (Therapy or private assessment)


Personal data in legal cases is retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed on the conclusion of the case.


Clients undertaking Court Reports


Personal data in legal cases is retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed on the conclusion of the case.


Job applicants, current and former APS employees and associates


Personal information about unsuccessful job candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. Once a person has taken up employment with APS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person's employment.
Personal data relating to employees who have left our employment is retained for up to six years as necessary. This is the time limit for bringing a breach of contract claim. In some case we destroy it as soon as the employee leaves


6. Who do we share your personal information with?


Your information is kept confidential within the Company at all times and is only shared with staff when they need it to carry out their job. All staff are required to work to strict professional and contractual codes of confidentiality and where possible we will anonymise information so that individual patients cannot be identified.
If we become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that we inform an authority without seeking your permission. In such a situation, the law may require that we share your personal information without your knowledge.
By contacting the Information Security Officer, by email and/or using the address below you can also get more details on:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date

Special category data and personnel files held electronically are encrypted with restricted access. We do not collect or store special category or other personal data other than electronically – we do not hold this information as hard copies.

Patients/Clients (Therapy or private assessment)


In many circumstances we will not disclose personal data without consent.
Your information may be shared with outside organisations if they are directly involved in your care/case, for instance, your insurer if they are funding your treatment, your GP, or others involved in your care. We will discuss with you who we would discuss your care with, and what details we would share with them.
If your health is in jeopardy (with your agreement) we may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).
However, when we investigate a complaint we may need to share personal information with other relevant bodies.
If we do need to share your information, we will always try and ask for your permission for this. We may not be able to ask your permission under special circumstances where we are legally required to do so.


Clients undertaking Court Reports


We share personal data internally strictly on a need to know basis.
We do not share personal data with anyone external to the organisation, other than with:

  • Those who have instructed us as an expert witness
  • Outsourced service providers such as photocopying companies and digital dictation services, pursuant to GDPR compliant written contracts
  • With others pursuant to a court order

7. How you can access your information and correct it, if necessary?


APS tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a 'subject access request' or 'Right of Access' under the Data Protection Act and the General Data Protection Regulation. We will then supply to you:

  • A description of all data we hold about you
  • Inform you how it was obtained (if not supplied by you)
  • Inform you why, what purposes, we are holding it
  • What categories of personal data is concerned
  • Inform you who it could be disclosed to
  • Inform you of the retention periods of the data
  • Inform you around any automated decision making including profiling
  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested.

To make a request to APS for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, please address these changes to the Information Security office, via "How to contact us".


Clients undertaking Court Reports


If your concern is related to a case with a solicitor that we are working for, please refer the queries through them. We may not be able to comply with a request to correct information we hold about you where it pertains to a litigation claim – this would need to be discussed with your solicitor.


8. Complaints or queries


APS tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact the Data Protection Officer who will investigate the matter on your behalf.
If you are not satisfied with the response from APS or believe we are not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner's Office (ICO)


Contact information ICO:


Website: https://ico.org.uk/concerns/
Email: casework@ico.org.uk
Telephone: +44 (0) 303 123 1113


9. Who we are and how to contact us


Applied Psychology Solutions is the company that you are supplying your personal information to. The company Chief Information Security Officer (Paul Newns) is the Data Protection Officer for APS and can be contacted by:


Email: information.security@apsy.co.uk

Post:
Information Security Officer
Applied Psychology Solutions Ltd.
20 Station Road
Cambridge
Cambridgeshire
CB1 2JD