Privacy Policy

1. Who We Are

Rosie Quayle Speech and Language Therapy is the data controller responsible for your personal information.
Email: rosie@rosiequayle.co.uk
Website: www.rosiequayle.co.uk
Address: The Leverets, Tompkins Lane, Marsh Gibbon, Bucks. OX27 0EX

2. What Personal Data We Collect

2.1 Contact and Identity Information. We collect information you provide when contacting us or booking, including full name, date of birth, email address, telephone number, postal address, and GP or other healthcare professional details where relevant.

2.2 Health and Clinical Information. In providing speech and language therapy, we collect special category personal data relating to health. This includes medical and developmental history, details of the presenting difficulty, assessment results, therapy notes, progress records, and information about other professionals involved in care.

2.3 Children's Data. Where we provide services in relation to a child, we collect personal information about the child from their parent or person with parental responsibility. We do not collect data directly from children under 13 without parental consent.

2.4 Financial Information. We collect payment information to process fees. We do not store your full card or banking details on our systems.

2.5 Website and Communications Data. When you visit our website, we may collect your IP address, browser type, pages visited, and the content of messages you send us.

3. How We Use Your Personal Data

We use your data to arrange, manage, and deliver appointments; maintain clinical records; process payment; communicate with you about appointments and updates; liaise with other healthcare professionals with your consent; comply with legal and professional obligations; improve our services; and respond to complaints or queries.

4. Legal Basis for Processing

4.1 General Personal Data. We rely on contract performance, legal obligation, legitimate interests, and consent as our legal bases under UK GDPR Article 6.

4.2 Special Category Data (Health Information). Health information is processed under UK GDPR Article 9(2)(h) (provision of health or social care treatment), Article 9(2)(b), Article 9(2)(c), and Schedule 1 of the Data Protection Act 2018 where applicable.

4.3 Children's Data. Where we process data about a child under 13, we rely on parental consent as the lawful basis.

5. How We Share Your Data

We do not sell your personal data. We may share it with other healthcare professionals with your prior consent; with secure third-party service providers bound to protect your data; with statutory authorities where we have a safeguarding duty or legal obligation; and with our professional regulatory bodies if required.

6. International Transfers of Data

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR. Please contact us if you would like more information.

7. How Long We Keep Your Data

Clinical records for adults: minimum 8 years from last treatment. Clinical records for children: until the client reaches age 25 (or 26 if treated at age 17), or 8 years from last treatment if longer. Financial records: 7 years (HMRC requirements). General correspondence: up to 3 years. After the applicable period, data is securely deleted or destroyed.

8. How We Keep Your Data Secure

We take appropriate technical and organisational measures including encrypting data in transit and at rest, using password-protected and access-controlled systems, using secure third-party platforms, locking physical files, and regular review of our data security practices. We will notify you and the ICO of any breach likely to result in risk to your rights and freedoms.

9. Your Rights

Under UK GDPR you have the right of access; right to rectification; right to erasure (subject to legal and professional retention obligations); right to restriction; right to data portability; right to object; rights relating to automated decision-making; and right to withdraw consent. To exercise any of these rights, please contact us. We will respond within one month and will not charge a fee unless a request is manifestly unfounded or excessive.

10. Cookies

Our website uses essential cookies (necessary for operation) and, with your consent, analytics cookies to understand how visitors use the site. You can change your cookie preferences at any time via your browser settings.

11. Links to Other Websites

Our website may contain links to other websites. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website. We will notify existing clients of material changes by email where possible.

13. How to Complain

If you are unhappy with how we have used your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.