Mental Health Team Privacy Statement
General Data Protection Regulation
YMCA Trinity Group (“we”, “our”, “us”) is committed to protecting and respecting your information. This privacy statement describes how we collect and use personal & sensitive information about you in relation to the Mental Health Services. Personal & Sensitive information means any information about an individual from which that person can be identified, and includes identifiers such as a name, an identification number, location data, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
YMCA Trinity Group acts in accordance with the Data Protection Act 2018 (“GDPR”). References in this privacy notice to “personal information” include “personal data & sensitive data” as defined and used in the GDPR.
What information do we collect?
In order to provide you with the services we will collect personal information including your name, date of birth, gender, school name, and reasons for referral. We will collect this information either directly from you, from your parents, or from the school or setting which refers you to the service. Personal data collected from your school or setting as part of the referral process be submitted to us using cloud-based case management software called CharityLog or via secure email. We may also request information to be shared with us by other agencies you are being supported by that directly affect the work we provide in order to provide the best possible care to you. This will be requested only if required and we will ask you, your referrer or parent/carer to complete a separate form.
We may also collect personal information concerning your health, and ethnicity. This is sensitive personal information and known as “special category” personal data under the GDPR. We treat this information very carefully and only use it for the purposes as set out in this notice. All personal & sensitive data will be stored electronically via secure cloud-based CharityLog software or on our own secure systems.
By signing the Privacy Agreement Form, you (or your parent on your behalf) have given your agreement to the processing of this data, in accordance with this notice. If we need to use this information for another purpose not compatible with those set out in this notice, we will let you know and seek your agreement to do so.
Why do we collect your information?
We need to know information about you, including whether you are a current or past user of statutory agencies and other support services, in order to provide you with services to meet your specific needs. We will not however collect any data from you which we do not need. You may withdraw your agreement to provide us information any time however this will affect your referral onto the project.
What do we do with it?
We will use your personal information to provide the relevant services to you. By signing the Privacy Agreement Form, you (or your parent on your behalf) have agreed to us using your personal information in accordance with this privacy statement.
All personal data we hold about you will be shared between the school or setting that refers you, and the Mental Health Services team (including self-employed therapists if appropriate). We are not responsible for the activities of the school or setting that refers you and we would recommend that you speak to them too about how they protect your personal data.
All therapeutic records will be stored within the ethical frameworks of the British Association of Counsellors & Psychotherapists (BACP).
We take all reasonable steps to ensure that your personal & sensitive data is processed securely and no third parties will access your data, other than in the following situations:
- We instruct self-employed workers to provide services on our behalf. If a self-employed therapist(s) is working with you, we will share your personal and sensitive information with that therapist so that they can provide you with the relevant service.
- Our suppliers or subcontractors will have access to your personal information where this is necessary for the performance of any contract we enter into with them which relates to you or the services we provide to you. For example, to provide us with IT services and support. All third party Privacy Notices are available on request.
- Should there be a safeguarding concern, your information will be passed onto the relevant statutory agency, shared with the referrer (e.g. school), and stored securely via our secure online reporting system called My Concern.
- We may also disclose your personal & sensitive information if we are under a duty to do so to comply with any legal obligation, or to protect the rights, property or safety of YMCA Trinity Group, our staff, or others.
All data is transferred securely and in accordance with our Data Transfer Policy, which is available on request.
We collect data to monitor who has accessed the service, so that we can improve provision, and provide aggregated data for monitoring purposes. Individuals cannot be directly identified from this data as we pseudonymise by replacing names with codes. Twelve months after provision ends, we will change the codes so that the data is processed anonymously. we may use this data in the future for any purpose without further notifying you.
How long do we keep it?
We will generally keep your personal and sensitive data for the duration of your referral. We will also keep this data for up to 12 months (or longer where there are legal reasons) following completion in case of re-referral, after which time it will be destroyed if it is no longer required for the lawful purpose for which is was obtained.
However, we will keep data for monitoring purposes as described above. Our retention schedule is available on request.
In the event that your referral is not accepted, we will destroy all information about you, unless it needs to be kept for legal reasons.
Further details are in our Retention Schedule which is available on request.
Under GDPR, in certain circumstances you have the right to:
- See your data, and receive a copy of the personal data we hold about you. To exercise this right, you should submit a Subject Access Request.
- Request that your data to be removed from our records.
- Request correction of the personal data that we hold about you.
- Object to the processing of your personal data.
- Request the restriction of processing of your personal data.
- Request the transfer of your personal data to another party.
If you wish to exercise any of these rights, please submit your request to:
Mental Health Services
YMCA Trinity Group
The Cresset, Bretton
If we are unable to remove all your data (for legal reasons), we will inform you of this in writing, including the reasons why.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”). If you have any concerns about the way in which we process personal data, please do contact us. Alternatively, you can contact the ICO.
Changes to our Privacy Statement
We may make changes to this privacy statement and, if we do, we will post an update on our website.
If you have any questions, comments or requests regarding this privacy notice, please contact us:
YMCA Trinity Group
Mental Health Services
The Cresset, Bretton Centre