Privacy Policy
1. Introduction
The Somerville Clinic is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our mental health services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Information We Collect
We collect and process the following personal data:
Personal details: Name, date of birth, address, contact details, emergency contact information.
Health and therapy information: Medical history, GP details, therapy notes, assessments, treatment plans, mental health records, and relevant correspondence.
Administrative information: Payment details, appointment history, communication records, consent forms.
Website data (if applicable): Cookies, IP address, and usage data through analytics tools (see section on cookies).
3. How We Use Your Information
We use your data to:
Provide safe and effective mental health care.
Manage appointments and communicate with you.
Liaise with your GP or other healthcare providers (with your consent).
Maintain accurate clinical and administrative records.
Meet legal and regulatory obligations.
Process payments and invoices.
4. Legal Basis for Processing
We process your data under the following lawful bases:
Provision of healthcare (Article 9(2)(h) UK GDPR)
Contractual necessity (Article 6(1)(b))
Legal obligation (Article 6(1)(c))
Consent (Article 6(1)(a)), when required — e.g., sharing information with third parties not directly involved in your care.
5. How We Store Your Information
Your data is stored securely in:
Encrypted electronic systems and/or locked physical files.
Cloud-based software compliant with UK data protection standards.
We retain your records for a minimum of 7 years after your last contact (or until age 25 for children), in line with NHS and professional guidelines.
6. Sharing Your Information
We will only share your information when:
It is necessary for your care (e.g., with your GP or other professionals).
We are required by law (e.g., safeguarding concerns, court orders).
You have given explicit consent.
We do not sell or share your data with third parties for marketing purposes.
7. Your Rights
Under UK GDPR, you have the right to:
Access your data (Subject Access Request).
Request correction or deletion of inaccurate data.
Restrict or object to processing.
Withdraw consent (where applicable).
Lodge a complaint with the Information Commissioner’s Office (ICO)
8. Cookies (if website used)
Our website uses cookies to improve user experience. You can adjust your browser settings to decline cookies if you prefer.
9. Data Security
We use secure systems, encrypted communications, and access controls to protect your information from unauthorised access, alteration, or loss.
10. Policy Review
This policy will be reviewed on an annual basis. We may update our policy at any time.
Privacy Policy
1. Introduction
The Somerville Clinic is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our mental health services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Information We Collect
We collect and process the following personal data:
Personal details: Name, date of birth, address, contact details, emergency contact information.
Health and therapy information: Medical history, GP details, therapy notes, assessments, treatment plans, mental health records, and relevant correspondence.
Administrative information: Payment details, appointment history, communication records, consent forms.
Website data (if applicable): Cookies, IP address, and usage data through analytics tools (see section on cookies).
3. How We Use Your Information
We use your data to:
Provide safe and effective mental health care.
Manage appointments and communicate with you.
Liaise with your GP or other healthcare providers (with your consent).
Maintain accurate clinical and administrative records.
Meet legal and regulatory obligations.
Process payments and invoices.
4. Legal Basis for Processing
We process your data under the following lawful bases:
Provision of healthcare (Article 9(2)(h) UK GDPR)
Contractual necessity (Article 6(1)(b))
Legal obligation (Article 6(1)(c))
Consent (Article 6(1)(a)), when required — e.g., sharing information with third parties not directly involved in your care.
5. How We Store Your Information
Your data is stored securely in:
Encrypted electronic systems and/or locked physical files.
Cloud-based software compliant with UK data protection standards.
We retain your records for a minimum of 7 years after your last contact (or until age 25 for children), in line with NHS and professional guidelines.
6. Sharing Your Information
We will only share your information when:
It is necessary for your care (e.g., with your GP or other professionals).
We are required by law (e.g., safeguarding concerns, court orders).
You have given explicit consent.
We do not sell or share your data with third parties for marketing purposes.
7. Your Rights
Under UK GDPR, you have the right to:
Access your data (Subject Access Request).
Request correction or deletion of inaccurate data.
Restrict or object to processing.
Withdraw consent (where applicable).
Lodge a complaint with the Information Commissioner’s Office (ICO)
8. Cookies (if website used)
Our website uses cookies to improve user experience. You can adjust your browser settings to decline cookies if you prefer.
9. Data Security
We use secure systems, encrypted communications, and access controls to protect your information from unauthorised access, alteration, or loss.
10. Policy Review
This policy will be reviewed on an annual basis. We may update our policy at any time.
