Privacy Notice


Clinical Neuropsychology Limited

May 2023


This notice describes how we collect and use personal data about you, in accordance with the Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”).


Clinical Neuropsychology Limited is a company that provides clinical neuropsychology services to the medical profession, legal profession, insurers and the public.


Clinical Neuropsychology is a branch of applied psychology that focuses on the assessment and rehabilitation of cognitive, emotional and behavioural problems arising as a consequence of damage, disease or dysfunction affecting the brain.


Clinical Neuropsychology Ltd is registered in England and Wales as a limited company under number 08086965 and our registered office is at 157 Redland Road, Redland, Bristol, BS66YE.


Clinical Neuropsychology Limited is both a “data controller” and a “data processor” within the meaning of the GDPR. Our data point of contact is Professor Martin Bunnage.


We may amend this privacy notice from time to time. If we do so we will supply you with and / or otherwise make available to you a copy of the amended privacy notice.



How we collect your personal data


We may obtain personal data about you when:


1.     You contact us to enquire about the services we provide.

2.     You or someone you are connected with you (such as your solicitor, medical practitioner, or employer) engage us to provide our services.

3.     We are engaged to provide services to a client with which you are connected, for example, a claimant or defendant in litigation or an employee in your business.

4.     During the provision of those services.



The kind of information we hold about you


The information we hold about you may include:


1.     Your personal contact details, such as name, address, email address, employer.

2.     Your personal details such as your date of birth, gender, nationality.

3.     If we provide you with a service, your personal, social, medical, psychological and legal history and problems.

4.     The results of any psychometric assessment conducted.

5.     Details of the services we have provided and copies of correspondents and communications with you.  

6.     Personal information contained in records, reports and other evidence provided to us by, if relevant, your treating healthcare team, your employer or the legal professionals involved in your litigation.



The purpose and legal basis for which we use your personal data


We may process personal data for the following purposes:


1.     To enable us to supply professional services for the performance of our engagement with you.

2.     In the performance of our contract with someone connected to you, for example, your solicitor or employer.

3.     To fulfil our legal and regulatory obligations under relevant laws in force.

4.     In compliance with our professional obligations as registered Practitioner Psychologists with the Health Care and Professions Council.

5.     For our own legitimate interests, including management purposes, business development and marketing, provided that those interests do not override your interests, rights and freedoms which require the protection of personal data.


We may process your personal data for more than one lawful basis, depending on the purpose for which we are using your data.


It is a requirement of our contract with you that you provide us with the personal data we request. If you do not provide the information we request we may not be able to provide professional services to you.



Retention of personal data


We will only retain for personal data for as long as is necessary to fulfil the purpose for which it is collected. In accordance with statutory and legal obligations we will retain your personal data as follows:


1.     Where data is collected for the purpose of litigation we will retain your personal data throughout the period of litigation until we are informed the litigation has concluded and for 6 years thereafter.

2.     Where the data is collected for the purpose of healthcare we will retain your personal data for 20 years after our last contact with you unless you are serving in the armed forces or serving a prison sentence in which case your records will be kept indefinitely.


You are responsible for retaining information we send to you.



Data Sharing

We will share your personal data with third parties where we are required to by law, where it is necessary to administer the relationship between us and / or your client, where it Is necessary to provide the professional service for which we have been engaged and where we have another legitimate interest in doing so.


“Third Parties” includes third-party services providers. The following activities are carried out by third-party service providers: IT and cloud services (including computer backups, psychometric assessment delivery and scoring, business accountancy, file sharing and email communications), business administration services (including practice management, bookkeeping and accountancy services), marketing services and banking services.


All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.


We will also share your personal data with other third parties in providing our professional services with your permission.


We may also need to share your personal data with a regulatory authority or to otherwise comply with the law.


We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.





Transfer of personal data outside the EEA


Some cloud based services we use store electronic data outside of the EEA. This means that we may transfer personal data we collect about you to countries outside of the EEA, including to the United States, New Zealand and Canada, in order to perform our contract with you. The services we use are from reputable companies that offer privacy statements that specify the measures they take to ensure the secuirty of your information. We are happy to share these upon request.




Data security


We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.


In addition we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only access your personal data on our instructions and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.



Your rights in connection with personal data


Under certain circumstances, by law you have the right to:


1.     Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check we are processing it lawfully.

2.     Request a correction of personal data we hold about you.

3.     Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have a right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

4.     Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.

5.     Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want to establish its accuracy or the reason for processing it.

6.     Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.


If you want to exercise any of the above rights, please contact us.


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.



Your duty to inform us of a change


It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us.



Complaints


If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with GDPR or DPA 2018 in some way, you can complain to us.


Please send any complaints to

Professor Martin Bunnage.


If you are not happy with our response, you have a right to lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.