Xception Privacy Policy

Xception and Your Information

Xception takes your privacy very seriously. 

We are registered with the Information Commissioner as a Data Controller and our registration is ZB159924. Our registration can be found by searching at https://ico.org.uk/ESDWebPages/Search

If you have any questions or wish to make a request in relation to your information, please contact our Data Protection Lead, Dr Amy Schofield, at: amys@xceptiongroup.com.

Xception collects, uses, stores and shares information about its clients, for the purposes of establishing and maintaining a therapeutic relationship. The relationship is underpinned by the Xception Terms of Service which means that the lawful basis for processing your personal data is because it is ‘necessary to enter or perform a contract’.

All of our mental health therapists are qualified Clinical Psychologists and registered with the Health & Care Professions Council ("HCPC"). All of our other therapists (e.g nutritionists) are registered with their independent bodies.

When we process sensitive / special category data about you, this is lawful because it is ‘necessary for health and social care’ purposes. 

Some of your personal information is transferred outside of the UK to EU Member States or the United States such as when we are using third party systems or providers. We ensure that we, or our suppliers, have the necessary safeguards in place to protect your personal data when transferred.

How Does Xception Collect Your Information?

We will collect information about you, either directly – when you provide it to us through using our services, or indirectly if you are referred to us by someone else (e.g your employer or management team). If we receive referrals from someone else, it is their responsibility to ensure that you are aware and have no objections.

We also collect information about individuals who use our website. Our website privacy and cookie policy can be found below.

The information we collect about you will be stored on computer and electronic systems. The information includes Personal Data;

  • Name

  • Address

  • Date of Birth

  • Email address

  • Contact telephone number

  • Next of kin

  • Insurance information

  • GP details

as well as Sensitive Personal Data, where it is relevant to your use of the service;

  • Wellbeing / contextual information

  • Details of family members and relationships

  • Reason for accessing therapy

How Does Xception Use Your Information?

Xception will use your information in the following ways;

  • To receive and record an initial referral into the service

  • To review the referral and consider suitability for the service and allocation of a therapist

  • To record service take-up

  • To make the allocated therapist aware of the relevant details necessary to initiate a therapeutic relationship

  • To maintain records of the relationship and anonymised notes of the sessions

  • To obtain feedback via questionnaires

  • To perform clinical supervision and ensure that therapy is of good quality and our therapists develop their skills

To undertake some of these activities, your information may be shared internally across our team and externally (if we have consent). We will work to ensure that only the right people have your information and that they are only given the information they need.

With Whom Does Xception Share Your Information?

Xception works hard to ensure that only the right people have your information and that they are only given the information they need.

We may share information with:

  • Your GP practice or other health providers (if you give consent)

Xception uses other companies to help us deliver some of our services such as:

Storage, Forms and Meetings: Google

Clinical appointment and note keeping: Cliniko

Mobile Messaging: WhatsApp

Website: Squarespace

Client Relationship Management: HubSpot

Personal data will never be made available to organisations not involved in delivering services or contracted directly by us without letting you know and giving you a chance to object (aside from in the examples listed in the section below).

We have contracts in place with these organisations (not including Whatsapp) that prevent them from using it in any other way than how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality. Their own privacy policies are available via their websites. 

We want to make sure that the service is available to you in ways that are best for you. You may use the messaging service ‘WhatsApp’ to communicate with therapists. You are not obligated to use Whatsapp or share personal data via this platform. Doing so is at your own risk. Xception has no direct contract with WhatsApp and therefore cannot guarantee the security or compliance of the service. We activate an auto-deletion of your WhatsApp messages after 7 days, or earlier if there is sensitive information shared.

Will Xception Share Information without Asking You?

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. 

Examples might be;

  • Sharing with the police for the detection or prevention of crime

  • Where it is in the wider public interest, for example to keep the public safe 

  • To safeguard children or vulnerable adults

  • The court has told us we must share

  • You present an active risk to yourself and sharing your information will help to keep you safe

What are your Information Rights?

Data protection law provides you with a number of rights that Xception is committed to supporting:

Your Right to Access

You have the right to obtain a copy of information held about you.

  • If you only require a particular part of your record, tell us and this can reduce the time it takes to provide itWe will respond to your request within one month of receipt or will tell you when it might take longer

  • We are required to validate your identity including the identity of someone making a request on your behalf

Right to Object or Withdraw Consent

  • We collect, use, store and share your information because we are permitted by law; in order to deliver your support, but you do have a right to object to us doing this

  • When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time

  • Our Data Protection Lead will be happy to speak with you about any concerns you have

Right to Correction

  • If information about you is incorrect, you are entitled to request that it be corrected. There may be occasions where we are required by law to maintain the original information. Our Data Protection Lead will talk to you about this, and you may request that the information is not used during this time

  • We will respond to your request within one month of receipt or will tell you when it might take longer

Complaints

  • You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Lead or visit the link below for more information.

  • For more detailed information on your rights visit https://ico.org.uk/for-the-public/ 

Does Xception Use Profiling or Automated Decision Making?

No, Xception does not undertake automatic profiling or automated decision making in relation to your information.

Our Data Protection Lead will be happy to speak to you about this if you have concerns or objections.

How Does Xception Protect your Information?

Xception is committed to ensuring the security and confidentiality of your information. There are a number of ways it does this:

  • Staff receive regular training about protecting and using personal data

  • Policies are in place for staff to follow and are regularly reviewed

  • We check that only the minimum amount of data is shared or accessed

  • We use controlled access to systems; this helps to ensure that the right people are accessing data – people with a ‘need to know’

  • We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information

  • We report and manage incidents to make sure we learn from them and continually improve

  • We put in place contracts that require providers and suppliers to protect your data as well

  • We have 2 factor authentication safeguards in place where our systems allow 

  • Clinical notes are always anonymised, (we do not include your name or personally identifiable information).

How Long Does Xception Store Your Information?

We keep your data for various lengths of time, depending on the reason it was collected: 

  • Necessary information on referrals for clinical services are retained for 5 years, unless you use a service, in which case it will be retained with your case file while you use the service and for a period of up to 10 years after that. 

  • Whatsapp messaging or voicemails relating to a new referral or ongoing access to clinical services are deleted after 1 week. 

  • Email contact relating to your care is deleted after a period of 6 months.

  • Data pertaining to information rights requests are kept 3 years from closure of request (6 years if there has been an appeal). We keep information relating to incidents and complaints for a  period of 10 years.

  • Any service related feedback is kept for a period of 10 years.

  • Information regarding the delivery of training or events are stored for a period of 10 years.

Cookies Policy

What are cookies?

A “cookie” is a small text file that is placed on a website user’s device/computer hard drive by a website. There are various types of cookie and they may be essential or non-essential to the operation of the website but all have a purpose.

Website cookie acceptance

When you first visit our site(s) you can choose to accept or decline our non-essential cookies and you can adjust that choice at any time by clicking on the cookies pop up.

We will use a cookie to record if you have accepted the use of cookies on this website. This cookie will be stored on your device/computer if you have consented to our use of cookies by indicating your consent to the pop-up message on the website.

The cookies we use

The cookies we use on the website are:

Google Analytics are used widely by websites to collect information about how website visitors use a site. We will use Google Analytics cookies to collect information about how users use the website and to improve the website. Google Analytics collect information in an anonymous form and will not allow us to identify you or collect any personal information about you. Google Analytics does not track your internet activity after leaving the website.

More information about cookies:

The following links provide more information about cookies:

Amendment of this policy

We regularly review this privacy policy and may amend the content or wording from time to time to ensure it remains relevant and effective. You can see when it was last updated by checking the date at the end of the notice. The published version will be the applicable version.

Last Reviewed: 6.06.2024