Privacy Policy

On the 25th May 2018, the data protection system across the EU (including the UK) changed. The GDPR replaces the provisions of the Data Protection Act 1998 (DPA). The GDPR preserves the rights provided under the current law and also provides new rights and enhanced protection for individuals (known as Data Subjects).

For the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016/679 (“Data Protection Law”), CNWL Talking Therapies is both a “Data Controller” and a “Data Processor.” This means that we are responsible for and control the collection and processing of, your personal information.

We keep contact information for you and others involved in your care, information about your background, assessments, results of questionnaires, our plans for your future care, details of the care we give you and correspondence related to your care. You have the right to change or complete any inaccurate or incomplete personal information held about you.

It is important that you tell us within one week if you change your details, telephone numbers or address because we will continue to use the address and telephone numbers you have given us until you tell us they have changed.

The information we record can come from a variety of sources. This can be when you interact with us directly, indirectly or through a third party: This includes when you phone us, visit our website or get in touch through the post, or in person, or are referred by your GP or another service with the purpose of accessing Talking Therapies services.

We also get information from referral letters, directly from GP clinical records and what you and others involved in your care tell us if we think it is clinically relevant.

Information entered on the CNWL Talking Therapies website to book courses will be transferred into the Trust clinical database, Insight. This information will be used to keep you informed about the courses and be associated with the questionnaires you fill in so we know if you are improving, which will help us make decisions about any future care you may need.

The information you submit using the Wysa chatbot on our Kensington and Chelsea service webpage will only be used to make a referral to the service. It is held securely on our clinical system (IAPTUS). The information will be held for 90 days then deleted from the Wysa app but held within the clinical system (IAPTUS) after that time only.

The referral information is shared with your clinician prior to your appointment. If you indicate that your safety is at risk it may also be shared with your GP.

If you would like further information about how your data is managed on the chatbot see the separate Wysa Privacy Policy: Everyday Mental Health by Wysa Privacy Policy

CNWL Talking Therapies is committed to keeping any information you share with us private and secure. 

We keep information about your care on the trust computer system and on a dedicated specialist computer system. We may also keep information on paper records.

Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation. We will also share information where we are legally obliged to do so.

We will only keep your information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations.

We will only use this information for the purposes of providing you with a service in support of your health. We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

The paper records contain notes and copies of documents related to your care. Our computer systems contain electronic records of your care. These systems are used by staff to plan and monitor the quality of your care, to continually improve the quality of the services that we offer and plan future services.

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our contractual and other agreements.

There are a number of rights that you have relating to your personal information:

• You can request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.  Please make all requests for access in writing, and provide us with evidence of your identity.

• You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

• If you have given your consent to use personal information, you can withdraw your consent at any time.

• You can ask to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

• You can ask to be provided with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

• You can ask to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.

We collect the following information from people visiting the website:

• Site usage information, using cookies and page tagging techniques