GDPR Compliance

Data Controller: Hema Desai

Data Processors: Hema Desai, Nooreen Sidi, Carolyn Green, Rose Holdsworth Moore, Maryam Hamodi, Katerina Palli, Bella Heald

We retain a certain amount of information about our clients for the purposes of speech and language therapy and specialist teaching/assessing services.

The information we hold about our clients will include:

  • Name and date of birth

  • Name of parents/carers

  • Address and email address

  • Telephone numbers

  • School/Educational address and contact details

  • Referral source

  • Initial case history form

  • Professional reports/Educational Health Care Plans about client

  • Assessment reports

  • Progress notes

  • Client targets and termly reviews

  • Workbooks

We record details of medical and developmental history as appropriate and necessary for assessment and teaching. The information we collect and retain is for this specific and legitimate purpose only. It is limited and relevant to teaching/therapy.

This information is confidential. We will not share any of this information with a third party without explicit consent unless needed to for child protection purposes.

Information will be kept for as long as is needed to fulfil our professional obligations through the Health and Care Professional Council (HCPC).

We will never sell your details to a third party.

We do not employ agents to process personal data.

Information held on devices including Laptops, IPADs and phones is securely held, and is password protected. We engage the services of Dropbox to store documents. Dropbox guarantees secure storage and encryption and is also compliant with GDPR regulations. Click here for more information.

We also hold information on Writeupp software which is GDPR compliant https://help.writeupp.com/en/article/is-writeupp-gdpr-compliant-1ih2158/

All online sessions are conducted on Zoom which is GDPR compliant: Zoom GDPR Compliance

Hard copies of information are kept securely in locked cabinets and in a locked building. As part of our business involves home visits and school visits, some information is transported while travelling to off-site visits. Only data that is needed for that visit is carried and care is taken to ensure the security of data.

Emails are sent via Gmail, which may not be 100% secure. If you would prefer that information is not sent via this platform please do let us know. Sensitive information sent via email will be password protected.

We are registered with the Information Commissioner’s Office (ICO). In the event of a breach of data security we will notify clients and the ICO immediately we become aware of this.

You have a right to withdraw your consent to the retention of your data. You must give this in writing. You also have the right to request a hard copy of information we hold about your child as well as the right to request your record be amended if you believe that it is wrong. We will provide access to your child’s records within 30 days of receipt of all necessary information.

If you have any further questions about how we use your information, please contact info@connectlit.com

Further information about data protection legislation and your rights is available from the Information Commissioner’s Office.