GDPR Compliance

Understanding your data protection rights and our commitments

Our Commitment to Data Protection

Roughledge Dwell Psychological Services Ltd is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting your personal information and have implemented comprehensive measures to ensure your data is handled responsibly and transparently.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

Roughledge Dwell Psychological Services Ltd
42 Highbury Grove
London N5 2EA
United Kingdom
Email: [email protected]
ICO Registration: ZA654321

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The specific basis depends on the purpose of processing:

Consent

For certain processing activities, we rely on your explicit, freely given consent. You may withdraw this consent at any time by contacting us.

Contractual Necessity

We process data necessary to fulfill our contractual obligations when providing psychological or coaching services to you.

Legal Obligation

We process data to comply with legal requirements, including professional regulatory obligations, tax law, and health and safety legislation.

Legitimate Interests

We may process data based on our legitimate business interests, provided these do not override your fundamental rights and freedoms. This includes activities such as improving our services, ensuring network security, and direct marketing to existing clients about similar services.

Your Rights Under GDPR

You have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information without undue delay and free of charge, unless your request is manifestly unfounded or excessive.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. We will make corrections promptly and notify any third parties who received the data.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

This right is limited when we have legal or professional obligations to retain records, particularly clinical information which must be maintained for specified periods.

Right to Restriction of Processing

You can request that we limit how we use your data in specific situations:

  • When you contest the accuracy of the data
  • When processing is unlawful but you prefer restriction to erasure
  • When we no longer need the data but you require it for legal claims
  • When you have objected to processing pending verification of our legitimate grounds

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request to receive your personal data in a structured, commonly used, machine-readable format, and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. Please include:

  • Your full name and contact details
  • Clear description of your request
  • Proof of identity (if requested for security purposes)

We will respond within one month of receiving your request. This period may be extended by two months for complex or numerous requests, in which case we will inform you within the initial month.

Special Category Data

As a provider of psychological services, we process special category data, including information about your physical and mental health. This processing is necessary for:

  • Provision of health and social care services
  • Preventive or occupational medicine
  • Assessment of working capacity
  • Management of health services

We apply heightened safeguards when processing special category data, including enhanced security measures, staff training, and strict access controls.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Pseudonymization and encryption of personal data
  • Ongoing confidentiality, integrity, availability, and resilience of processing systems
  • Regular testing and evaluation of security effectiveness
  • Processes for restoring data availability in the event of incidents
  • Staff training on data protection principles and practices

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. If a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within seventy-two hours of becoming aware of the breach.

If a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless we have implemented appropriate safeguards or notification would involve disproportionate effort.

Data Protection by Design and Default

We implement data protection principles into all our processing activities by design and by default. This includes:

  • Minimizing data collection to what is necessary
  • Limiting access to personal data to those who need it
  • Ensuring data accuracy and timeliness
  • Setting appropriate retention periods
  • Implementing appropriate security measures from the outset

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules for intra-organizational transfers

Third-Party Processors

When we engage third-party processors to handle personal data on our behalf, we:

  • Conduct due diligence to ensure appropriate security measures
  • Establish written contracts specifying processing instructions
  • Require processors to maintain confidentiality
  • Monitor processor compliance with data protection obligations

Retention Periods

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Clinical records: Minimum seven years after conclusion of services, in accordance with professional guidelines
  • Financial records: Six years in accordance with tax law
  • Website analytics: Up to two years
  • Marketing data: Until consent is withdrawn or contact becomes inactive

Children's Data

We do not knowingly process data of individuals under eighteen years of age without appropriate parental or guardian consent. Our services are directed toward adults.

Updates to This Notice

We review and update this GDPR notice periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through prominent website notices or direct communication.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office if you believe we have not handled your data in accordance with data protection law:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Contact Us

For questions, concerns, or to exercise your rights under GDPR, please contact us:

Email: [email protected]
Post: Roughledge Dwell Psychological Services Ltd, 42 Highbury Grove, London N5 2EA, United Kingdom