Private Patient Privacy Notice

Date of Issue: June 2025, to be reviewed June 2026

Policy Summary

At The Warren Neurodiversity Service, we are committed to protecting and respecting your privacy. This Privacy Notice outlines how we collect, use, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are dedicated to the key principles of data protection, ensuring that we always:

- Process your data lawfully, fairly, and transparently

- Collect your data only for explicit, specified, and legitimate purposes

- Ensure that the data collected is adequate, relevant, and limited to what is necessary

- Keep your data accurate and up to date

- Retain your data only for as long as necessary

- Process your data securely to maintain confidentiality and integrity

Data Controller and Contact Information

The Data Controller responsible for your personal data is:

The Warren Neurodiversity Service

Quatro House, Lyon Way, Frimley, Camberley, GU16 7ER

Email: admn@TheWNS.co.uk

Phone: 01276 916457

The designated Data Protection Officer (DPO) is Lee Barrett, who can be contacted at the above

email address for any data protection queries.

Purpose and Legal Basis for Processing

We process your personal data to:

- Provide neurodiversity assessments, including for autism and ADHD

- Offer therapeutic services tailored to neurodiverse individuals

- Manage appointments and communicate with you regarding your care

- Comply with legal and regulatory obligations

The legal bases for processing your data include:

- Consent

- Contractual necessity

- Legal obligation

- Legitimate interests

Categories of Personal Data Collected

We may collect and process the following categories of personal data:

- Personal Identification Information: Name, date of birth, contact details

- Health Information: Medical history, diagnostic assessments, treatment plans

- Appointment Details: Dates, times, and notes from consultations

- Payment Information: Billing and payment records

Data Sharing and Recipients

We may share your personal data with:

- Healthcare professionals involved in your care

- Administrative staff for scheduling and billing purposes

- Third-party service providers under strict confidentiality agreements

- Regulatory bodies, if required by law

We will not share your information with third parties for marketing purposes without your explicit consent.

Data Storage and Security

Your data is stored securely on encrypted servers located within the UK. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Data Retention

We retain your personal data only for as long as necessary:

- Adults: Medical records for 20 years from last appointment or 10 years after death

- Children: Until age 25 (or 26 if aged 17 at time of last appointment)

Your Rights

Under data protection law, you have rights including:

- Access

- Rectification

- Erasure

- Restriction

- Objection

- Data Portability

To exercise any of these rights, please contact us using the contact details provided above.

Complaints

If you have any concerns about our use of your personal data, you can make a complaint to us at

admin@TheWNS.co.uk

You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: www.ico.org.uk