Data Protection
​​​​
Data Protection Policy for Paediatric Occupational Therapy Service
Last updated: Feb, 2025
​
1. Introduction
This policy outlines our commitment to protecting the personal and sensitive data of our patients, their families, and our staff in accordance with applicable data protection laws and regulations.
​
2. Scope
This policy applies to all personal and sensitive data collected, processed, and stored by our paediatric Occupational Therapy practice, including but not limited to patient medical records, assessment results, treatment plans, and contact information.
​
3. Data Collection and Use
We collect and use personal data solely for the purpose of providing Occupational Therapy services to our paediatric patients. This includes:
-
Conducting assessments and evaluations
-
Developing and implementing treatment plans
-
Communicating with patients, families, and other healthcare providers
-
Maintaining accurate medical records
-
Billing and administrative purposes
​
4. Consent
We obtain explicit consent from parents or legal guardians before collecting and processing any personal data related to our paediatric patients. Consent can be withdrawn at any time.
​
5. Data Security
We implement appropriate technical and organisational measures to ensure the security of personal data, including:
-
Encryption of electronic records
-
Secure storage of physical documents
-
Regular staff training on data protection
-
Access controls and authentication measures
​
6. Data Retention and Disposal
We retain patient records in accordance with legal and professional guidelines, which means: only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When disposing of data, we ensure:
-
Secure shredding of physical documents
-
Permanent deletion of electronic records using approved methods
​
7. Data Subject Rights
We respect the rights of our patients and their families, including the right to:
-
Access their personal data
-
Request corrections to inaccurate data
-
Request deletion of data (where legally permissible)
-
Object to or restrict certain data processing activities
​
8. Data Sharing
We do not share personal data with third parties unless required for the provision of healthcare services, with explicit consent, or as required by law. When data is shared, we ensure appropriate safeguards are in place.
​
9. Data Breaches
In the event of a data breach, we will notify affected individuals and relevant authorities as required by law, and take immediate steps to mitigate any potential harm.
​
10. Policy Review
This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data protection regulations and best practices in paediatric healthcare.
​
11. Contact Information
For any questions or concerns regarding this policy or our data protection practices, please contact our Data Protection Officer at zoeotonline@gmail.com.
​
​
​
By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your personal data as described herein, in compliance with applicable laws in Europe, UK, and USA.