General Data Protection Regulation Policy

Table of Contents

Purpose and Scope

Autism Arena is committed to safeguarding the privacy of parents and their children during online consultations and ensuring that data is processed in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, and protect the personal data of the families we work with.

Data Controller

Autism Arena is the data controller for the personal data you provide. This means we are responsible for determining how your data is processed and ensuring it is protected.

Data Collection

During online consultations, we may collect the following personal data:

  • Personal Information: Names, contact details, and relationship to the child.
  • Health Information: Details about the child’s health, developmental history, and any medical or psychological reports.
  • Consultation Records: Notes, recordings (with consent), and recommendations made during the consultation.

Purpose of Data Collection

The personal data collected is used for the following purposes:

  • To provide accurate and effective consultations and follow-up advice for your child.
  • To create and maintain records for continuity of care.
  • To comply with legal obligations and professional standards.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: By participating in online consultations, you consent to the collection and use of your data as described in this policy.
  • Contractual Necessity: The processing is necessary to provide the consultation services you have requested.
  • Legitimate Interest: We have a legitimate interest in ensuring the continuity of care and improving our services.

Data Sharing

We may share your personal data with:

  • Healthcare Professionals: Other doctors, specialists, or therapists involved in your child’s care, with your consent.
  • Service Providers: Third-party providers who assist in delivering the consultation services (e.g., video conferencing platforms), who are bound by confidentiality agreements and GDPR compliance.
  • Legal Authorities: If required by law or in response to legal proceedings.

Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption: All data transmitted during online consultations is encrypted.
  • Access Control: Only authorised personnel have access to your data.
  • Data Storage: Your data is stored securely on GDPR-compliant servers.

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal or reporting requirements. Personal information will be securely stored for a period of three months following the end of your consultation unless we have been required to share information with a third party due to safeguarding concerns.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, where applicable.
  • Restriction: Request restriction of processing of your data.
  • Portability: Request transfer of your data to another organisation.
  • Objection: Object to the processing of your data based on legitimate interests.

To exercise any of these rights, please contact us at info@autismarena.org.uk.

Consent Withdrawal

You have the right to withdraw your consent to data processing at any time. This may affect the services we can provide. To withdraw consent, please contact us at info@autismarena.org.uk.

Complaints

If you believe your data has been handled in a way that does not comply with this policy or GDPR, you have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK.

Changes to This Policy

We may update this policy from time to time. Any changes will be communicated to you and posted on our website.

Contact Details

If you have any questions or concerns about this policy or our data practices, please contact:

Chief Executive Director: Gillian Rogers

Email: gillian@autismarena.org.uk

This policy came into effect on 1st October2024.

We are committed to reviewing our policy and good practice annually.

This policy was last reviewed on: 01/10/24

Signed:

General Data Protection Regulation Policy

Date: 01/10/24

Skip to content