Skip to content
 

Abercorn Clinic Privacy Notice

Abercorn Clinic respects your privacy and is committed to protecting your personal data and being transparent about how we collect and use your data. We will comply with any data protection legislation currently in force. This Privacy Notice explains how we use any personal information that you provide or which is provided to us by third parties. By visiting our website, using any of our applications, or responding to social media posts, you are accepting and consenting to the practices described in this Notice, so please read it carefully. Any changes we make to this Privacy Notice will be posted on this page, so remember to check back again if you are a regular user. You can download a pdf version here. There is also a Glossary in case we use terms that you don’t understand.

1. Information We Collect

We may collect personal information from you in several ways:

  • Information you provide to us: When you contact us via our website form, email, or telephone, you may provide us with your name, email address, phone number, and details about your enquiry.
  • Information from website use: We may collect non-personal data about your visit, such as your IP address, browser type, and pages visited, to help us improve our website and services.

2. Important Information About Who We Are

This website is owned and operated by Moore House Group. Moore House Group is made up of 4 organisations: Moore House School Ltd; JMT Care Services Ltd; The Jane Moore Trust; and Abercorn Clinic.

Moore House School Ltd is a Scottish-registered organisation. Registration No. SC110906.
The registered office is:
Moore House School Ltd
21 Edinburgh Road
Bathgate
EH48 1EX

JMT Care Services Ltd is a Scottish-registered organisation. Registration No. SC355291.
The registered office is:
JMT Care Services Ltd
3a Alba Pavilions
Alba Campus
Livingston
EH54 7HG

The Jane Moore Trust is a Scottish-registered charity. Registration No. SC02123.
The registered office is:
The Jane Moore Trust
3a/3b Alba Pavilions
Alba Campus
Livingston
EH54 7HG

Abercorn Clinic is a Scottish-registered organisation. Registration No: SC836076.
The registered office is:
Abercorn Clinic
11 Fairbairn Road
Livingston
EH54 6TS

The Head of Support Services is responsible for answering any questions you have about this Privacy Notice, and can be contacted at the above Alba Pavilions address, by phone 01506 401700, or by email: info@moorehouse.org.uk.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with any concerns you may have before you approach
the ICO, so please feel free to contact us first.

It is important that the personal data that we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during the duration of your relationship with us. We may update this Privacy Notice from time to time. If we make changes, an updated version of our Privacy Notice will be placed on our website.

3. The Personal Data We Collect From You, How We Collect It And How We Use It

We use your personal information for the following purposes:

  • To respond to your enquiries and provide information about our services.
  • To schedule appointments and manage our client roster.
  • To improve our website and marketing efforts.
  • To comply with legal and regulatory obligations.

What information do we collect?

Abercorn Clinic holds personal information about you which may include your name, date of birth, address, gender, ethnicity, sexual identity and whether you have a disability, so that we can make sure our services meet your needs. We will also record information about the service provided to you, including clinical notes, reports, and correspondence. We also collect information that is necessary for processing payments.

Why do we collect your information?

Under the General Data Protection Regulation (GDPR), we must have a legal reason to keep your data and process it. When Abercorn Clinic provides you with a service, we will process your data under legitimate interest. We do this because we cannot provide a service to you without using your personal information.

Who do we share your information with?

We share your data within Abercorn Clinic with people who need to see it in order to provide you with a service. We may also share it with the organisation that pays for your service or with external agencies that inspect our work. We may be required to share your data with other agencies for legal reasons, a GP for example, or with other organisations if we believe that you are at risk of harm or may harm someone else.

There may be occasions when we will ask for consent to use your data, for example, to help us inform the public about our work. If this is the case, we will explain exactly what your data will be used for. If consent is withdrawn at any time, any of your data that has been used for publicity purposes will be deleted.

Who is responsible for your data?

The Data Controller is responsible for your data. This may be Abercorn Clinic or the local authority or agency that funds the service being delivered by Abercorn Clinic.

How long do we keep your data?

Abercorn Clinic will keep your data once we have finished working with you. Depending on the nature of the service and our legal obligations, this will be a minimum of 6 years but can extend to 100 years.

Sometimes Abercorn Clinic is required to transfer your data to the local authority who have
commissioned us to provide your service, or to another organisation providing you with a service.

3b. Visitors to our Websites

Abercorn Clinic sometimes sends small data files, called cookies, from our websites to your computer, mobile phone or other device. These cookies are then stored on the hard drive of your device. Some of these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. The data collected is not shared with any third party. The information we get through the use of these cookies is anonymous and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies we will not be able to include your anonymous visit in our statistics. By using this site, you agree that we can place these cookies on your device. We use the following cookies on our site:

Font size change (newFontSize). This cookie simply stores your preference if you have opted to increase / decrease the website’s font size. This enables the font size to be standard throughout the site.

Cookie Banner (cookieBanner): This session cookie remembers your acceptance of the cookie banner statement. You can control and / or delete cookies as you wish, or delete cookies installed by the site – for more details, see www.allaboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. To do so you should modify your browser settings, click on the help section of your internet browser and follow the instructions. However, if you do this, you may have to manually adjust some preferences every time you visit the site and some services and functionalities may not work.

4. Working with Third Parties

Abercorn Clinic will never sell your personal data, however we may share your information with third parties in order to provide services to you. Your data may be accessible to some of the IT support companies who manage our business critical systems, however, this is only for the purposes of supporting our IT systems and is strictly governed by our contractual arrangements with them. We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Except for these specific cases listed below, we won’t share financial information with third parties without your specific consent unless required to do so by law. We can share your personal information with selected third parties, including:

  • Archive and storage systems;
  • Commissioners, photographers, videographers, creative designers, creative agencies, and online survey providers;
  • Insurers, solicitors, brokers, loss adjusters;
  • Benefits providers and Criminal Records Check processors;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • Where we are under a duty to disclose or share your personal information in order to comply with any legal obligations, or to protect the rights, property, or safety of Moore House Group;
  • For employees, payroll agencies, HMRC, pension companies, insurance companies and statutory bodies, where regulated to do so by law;

We will keep your personal information confidential, and where we provide it to other third parties we will only do so under contract, on conditions of confidentiality and security, and only for the purposes for which you have provided your information to us.

5. How Do We Keep Your Data Safe?

We take the security of your personal information very seriously. We have internal policies, controls and appropriate data collection, storage and processing practices and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our websites are protected by encryption (this means that
communications are turned into codes that only Abercorn Clinic’s website can understand, which stops unauthorised people seeing them). We work closely with technical partners to make sure that all your personal information is safe and secure. We use strict procedures to prevent unauthorised access to or loss of data from our systems, however, we cannot guarantee the security of data that you transmit to our websites and therefore any transmission to us is at your own risk.

Please be aware that any personal information you choose to post on the public areas of our websites can be read, collected, or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

6. How We Store and Process Your Information

The information that we collect from you may be transferred to, and stored in, a location within the United Kingdom, but only where we are satisfied that it has an adequate level of protection. It may also be processed by staff operating in these locations who work for us or for our service providers. This includes staff engaged in, among other things, the hosting of the site and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Abercorn Clinic will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.

7. Your Legal Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  1. The right to access your personal information;
  2. The right to edit and update your personal information;
  3. The right to request to have your personal information deleted;
  4. The right to restrict processing of your personal information;
  5. The right to object;
  6. The right to lodge a complaint with a supervisory authority.

If you wish to exercise your rights, please Contact Us, providing as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 30 days before they take effect.

7a. The right to access your personal information

You have a right to access your personal data. By making a Subject Access Request to Abercorn Clinic you can find out what personal data we hold about you, why we hold it and who we disclose it to. You must make a Subject Access Request in writing, and include proof of your identity.

Email: contact@abercorn.org.uk

Or write to:

Head of Support Services
Abercorn Clinic
11 Fairbairn Road
Livingston
EH54 6TS
01506 532 700
Once we have received your request, and verified your identity, we will respond within 30 days.

7b. The right to edit and update your personal information

The accuracy of your personal information is important to us. You can edit your personal information including your address and contact details at any time.

7c. The right to request to have your personal information deleted

You have the right to request the deletion of your personal information which we will review on a case by case basis.

7d. The right to restrict processing of your personal information

You have the right to ‘block’ or suppress processing of your personal data. However, we will continue to store your data but not further process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future. Please note, this is not an absolute right and only applies in certain circumstances.

7e. The right to object

You have the right to object to your personal information being processed for marketing (including profiling) and for research purposes. From the very first communication from us and every marketing communication we send after, you will have the right to object to marketing. Email: contact@abercorn.org.uk

If we process your personal information for the exercise or defence of legal claims, or we can demonstrate compelling grounds that override your rights and freedoms we may not be able to fulfil your request. However, we will contact you to discuss further.

7f. Your right to lodge a complaint with a supervisory authority

If you wish to lodge a complaint or seek advice from a supervisory authority please contact:

The Information Commissioner’s Office – Scotland
45 Melville Street
Edinburgh
EH3 7HL
Telephone: 0303 123 1115
Email: Scotland@ico.org.uk

Glossary

Anonymisation is the process of either encrypting or removing personally identifiable information from data sets, so that the people who the data describe remain unknown or anonymous.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, eg, The Children’s Act, Care Leavers Act, as well as regulatory requirements under SSSC and other relevant bodies.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.

The Data Controller is the organisation that is responsible for your personal data. They are required to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or not kept confidential.

The Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Protection Act 1998 is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system.

Encryption is the method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.

General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Legitimate Business Interests Legal Basis means the interests of our company in conducting and
managing our business to enable us to give you the best service / products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests.
When we process your personal information for our Legitimate Interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under Data Protection Laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation, personal preferences, interests and location.

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to the data subject without the use of additional information. The additional information must be kept separately.

Public Task Legal Basis means we can rely on this lawful basis as we need to process personal data ‘in the exercise of official authority’. This covers public functions and powers that are set out in law; or to perform a specific task in the public interest that is set out in law.

Special Category Data means data revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Subject Access Request is your right to get a copy of the information that is held about you.

Suppression List is a list that contains mailing or email addresses that you want to permanently exclude from future mailings or emails we send.

Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.