Privacy Policy

At Esher Groves Healthcare Limited, privacy is one of our fundamental values. Our patients trust us with personal information and matters of privacy, confidentiality and discretion are paramount to us. We want to give our patients the assurance that we respect their privacy and will ensure that measures are in place for their safety.

This policy explains when, how and why we collect data, the purpose of collecting and processing data, the conditions under which we may disclose data to others and how we keep it secure.

This privacy policy may change from time to time. We will update our patients of any important changes and visitors to our website are invited to check this page occasionally to stay abreast of any changes. By using our website, you agree to be bound by this policy.

If you have any questions or concerns regarding this policy, please contact us by email at hello@ eshergroves.com or by post at Esher Groves Healthcare Ltd, 13-17 Church Street, Esher, Surrey KT10 8QS.

About us

We are Esher Groves Healthcare Limited, the data controllers, providing one-to-one and small-group psychiatric out-patient treatment.

Esher Groves Healthcare Limited is registered in England and Wales as company number 10532618. We are registered with the Information Commissioner’s Office (ICO), registration reference A8251620.

Purpose

Our mission is to provide specialist treatment for mild-to-moderate depression and associated conditions such as anxiety and stress.

We collect personal data from our patients and process this data with the purpose of providing treatment, devising treatment plans, monitoring progress and ensuring the safety of patients and those around them.

We keep a record of our activities relating to patients and prospective patients in order to provide our service.

We keep a record of those who express an interest in our services (including but not limited to medical and psychological treatments) and we use this to communicate directly about the services of interest.

We also keep data of our actual and potential clinical partners, employees and professional contacts in order to manage these relationships.

What data do we collect?

When someone is interested in our services, they may be referred to us by another clinician or they may enquire directly via telephone, email or website.

Personal data about our patients is collected directly from each individual. This may be done initially by phone or email, and is then followed up with a detailed face-to-face assessment with a doctor, psychologist or therapist. Our patients can access the data about them and update this information as it changes.

We collect and process both quantitative and qualitative personal information from our patients which includes, but is not limited to:

  • Name

  • Contact details

  • Biographical information

  • Psychiatric history

  • Medial history

  • Family history

  • Alcohol and drug use

  • Medication history

  • Employment history

  • Relationships and intimate life

  • Personality assessment

  • Cognitive functioning

  • Interests and goals

Why do we need this information?

As part of the process of psychiatric and psychological treatment, we endeavour to build a personalised, in-depth understanding of each individual.

We use all of this information to develop treatment plans and to provide services of the highest quality which are both effective and safe.

How do we share this information?

We will only ever share personal information with other professionals directly involved in a patient’s care, such as a General Practitioner or other medical specialist, psychologist, psychotherapist or other agency with the express consent of the patient.

The only exception to this is where Esher Groves Healthcare Ltd is compelled to share information with law enforcement agencies, or where there is deemed to be a significant and time-sensitive risk to the patient or other individuals. In such situations, the consent of the patient to share information would still be sought.

Lawfulness of processing

We collect and process patients’ personal data to the extent of the consent which has been granted. Patients are entitled to revoke such consent, although the ability of Esher Groves Healthcare Ltd to provide an effective clinical service may then be limited.

The lawfulness of the processing performed during the period when consent existed is not affected by a consent being withdrawn. Personal data will be processed until consent is withdrawn.

We will further process personal data to the extent that we are required to do so by law or decision by a competent authority.

Principles of processing

We will:

  • Process personal data lawfully, fairly and in a transparent manner.

  • Collect personal data for the specified, explicit and legitimate purposes stated in this policy, and will not process personal data in a manner that is incompatible with these purposes.

  • Collect and process personal data that is adequate, relevant and limited to what is necessary for the purposes for which they are collected and processed.

  • Process personal data only for as long as is necessary for the purposes for which it was collected.

  • Take appropriate technical and organisational measures to prevent unauthorised access, unlawful processing and unauthorised or accidental loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.

  • Take all reasonable steps to ensure that personal data is accurate and updated without delay if we are informed or otherwise become aware of incorrect data.

Data processors

We will appoint data processors to process personal data by means of storage of data and operation of our computer systems. Such processing will include hosting the platform, storage of personal data, reading personal data in the event of support or maintenance, deletion and/or modification of personal data and transfer of data, all as instructed by us. We will enter into data processing agreements with each data processor appointed by us. By consenting to this Privacy Policy, and by submitting your data, you explicitly consent to the possible transfer of your personal data to the data processors as stated herein.

Transfer of personal data

All other data processors appointed by us will store the personal data on servers that are within the EU/EEA borders and which are controlled by the data processors.

Security

We ensure that appropriate technical and organisational measures are taken to protect personal data against unauthorised access or destruction, illegal processing or accidental loss or damage.

We use a secure server where personal data is processed and limit access to personal data within the organisation. Authorisation to access personal data is given only to individuals within the organisation, or within the data processor and its sub-processor, for the sole purpose of carrying out their respective duties.

We, or, if relevant, the data processor, will only transfer personal data to third countries if such transfer is in accordance with the EU Privacy Shield Framework, EU Standard Contractual Clauses for transfer to third countries, or another specifically stated lawful basis for the transfer of personal data to a third country.

Patient rights

Patients are entitled to request access to and rectification of personal data. There is also the right to file a complaint with the supervisory authority, www.ico.org.uk

Our use of cookies

Esher Groves Healthcare Ltd uses cookies to provide a more user-friendly site. Third party cookies may also be used (for example, Google Analytics or other tools) for analytical purposes and the improvement of traffic and visitor experience.

In order to restrict cookies from being installed on a computer or to restrict the processing of associated data, browsers may in some cases allow opting out from cookies or anonymising the IP address.