top of page

Privacy Policy
&
Data Protection

Scroll Down

Privacy Policy

Last updated: October 1st, 2024

1. Introduction

Welcome to Zoë's Occupational Therapy Online. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you use our Service. We are committed to safeguarding your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) in Europe, the UK Data Protection Act, and various state and federal laws in the USA, such as the California Consumer Privacy Act (CCPA) and Health Insurance Portability and Accountability Act (HIPAA). Given the nature of our work with parents and children, we handle sensitive information with the utmost care and confidentiality.

 

In a nutshell: Your data is yours, and I won't share your information with colleagues or other professionals you or I are working with without your permission. Small data segments, like your name, address, and child's name, need to be shared with my team for billing and invoices, but we take care to share only essential data and not share information from our therapy sessions or parent sessions. When communicating with a teacher or school counsellor, I'll only discuss relevant and necessary information, which may include diagnoses and presentation but not personal addresses or other family information you've shared with me. Data protection means sharing only what is necessary, with care and keeping you informed and in charge of what is shared, who with and how it is shared. 

2. Data Controller

Zoe Brewer serves as the data controller for your personal data. For any questions regarding this Privacy Policy or our data practices, please contact us at:

 

3. Personal Data We Collect

Due to the personalised nature of our services, we collect the following types of personal data:

  • Contact information (e.g., name, email address, home address, your child's name/age, school, teacher, grade level)

  • Comprehensive personal, medical, and educational information (including birth history, medical records, diagnostic and therapeutic history, educational experiences encompassing engagement, academic performance, and social-emotional presentations)

  • Home life data relevant to the child's development and therapy needs

  • Usage data (e.g., how you interact with our Service)

  • Device information (e.g., IP address, browser type)

  • Cookies and similar technologies

 

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide personalised Occupational Therapy services

  • To maintain and improve our Service

  • To communicate with you about your child's progress and our Service

  • To develop tailored therapy plans and strategies

  • To comply with legal and professional obligations across Europe, UK, and USA

 

5. Communication of Your / Your Child's Personal Data

When providing a service for you and your child we may need to share data and information which is why you are asked to sign a waiver giving me permission to communicate with appropriate individuals (e.g. school, psychiatrist or other relevant practitioners working with your child) and a Data Protection document which explains how your data is stored. 

You have the right to know what information is shared in either direction and I need your permission to be able to communicate with those people. Educational establishments are also bound by these rules and you have the right to limit this. (Link for more information: American Family Educational Rights and Privacy Act (FERPA) - https://studentprivacy.ed.gov/faq/what-ferpa).

Of course you may decline to give permission. Depending on the situation and the nature of my role this document may not be necessary but in other cases it could limit the effectiveness of therapy. 

In any case communication is limited to the necessary individuals and topics to support effective therapy provision. Shared information will be on topics relevant to aiding understanding, clinical evaluation, assessment, and treatment efficacy. The following guidelines explain how we communicate your information:

  • Communicating history: For optimal support, it is best when relevant adults supporting your child are fully informed about the child's diagnosis and factors impacting current performance. This may include trauma (medical, physical, sexual, emotional, etc.), adoption history, moving history, or other life experiences that affected their development. These are important pieces of information for me to understand. I value your trust in sharing these personal and often difficult stories. Understanding these details helps me grasp factors that may have impacted development and when disruptions occurred, allowing me to offer better, more informed therapy. However, these greater details don't need to be shared with other adults working with your child — certainly not by me. If you choose to share with other adults, that's your decision. From my side, while communicating with relevant colleagues who also work with your child I would offer a "summary," such as "birth trauma," "family challenges at 2 years of age," or "medical challenges at 4 years of age." This is typically sufficient and relevant to share with a teacher, enabling them to adjust their approach and be more inclined to follow recommended techniques.

  • Communicating ongoing progress: I need to communicate basic history, diagnoses, baseline performance, and progress with teachers or educational support staff when relevant. This enables a thorough understanding of the situation, insight into your child’s presentation on any given day, in different situations and allows therapy to support classroom goals and vice versa. If you don't want me to discuss our therapy work or your child's progress with their teacher, please make this clear in writing. I want to understand these concerns/tensions, as they are part of your child's daily environment. I recognise that some teachers may not be as supportive as one might hope, but I need clarity on your boundaries and expectations, or any particular individuals you would like me to limit communication with. This helps us avoid offence, disappointment, or data sharing that would make you or your child uncomfortable.

  • Communicating diagnoses with other relevant adults: If I have been asked to work with a child in school or collaborate with other professionals working with your child it is reasonable for me to assume that you will have shared any relevant diagnoses with them already. If you prefer that I do not share specific details or any specific diagnosis with school staff or any other professional in your child's support team, please inform me in writing.

  • Communicating diagnoses with the child: Please inform me in writing if you do not wish your child to know about a diagnosis.

 

6. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds, in accordance with applicable laws in Europe, UK, and USA:

  • Your explicit consent, especially for sensitive data related to health and development

  • Performance of our service contract

  • Our legitimate interests in providing effective Occupational Therapy

  • Compliance with legal and professional obligations

 

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law or professional standards in Europe, UK, or USA.

 

8. Your Rights

Depending on your location, you have certain rights regarding your personal data. These may include:

  • Right to access your personal data

  • Right to rectification of inaccurate data

  • Right to erasure ("right to be forgotten")

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent

To exercise these rights, please contact us using the information provided in Section 2. Note that these rights may vary depending on your location and applicable laws.

 

9. Data Security

We implement robust technical and organizational measures to protect your personal data, especially sensitive information about children and families, against unauthorized access, unlawful processing, accidental loss, destruction, or damage. Our security measures comply with standards set by GDPR, UK Data Protection Act, and relevant US regulations.

 

10. International Data Transfers

If we transfer your personal data outside your country of residence, we ensure appropriate safeguards are in place to protect your data. This includes using Standard Contractual Clauses approved by the European Commission for transfers from the EEA, and complying with additional requirements for transfers to and from the UK and USA.

 

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

 

12. Complaints

If you have any concerns about our privacy practices, please contact me first (zoeOTonline@gmail.com OR zoeebrewer@gmail.com).

 

You also have the right to lodge a complaint with your local data protection authority in Europe or the UK, or relevant regulatory bodies in the USA.

 

Professional liability or incompetence complaints should be directed to the Royal College of Occupational Therapy, as my insurance is based in the UK. However, I sincerely hope that if you have any grievances, we can address them through open communication before such measures become necessary. I'm always eager to learn and grow, so if you've been offended by my conduct in any way, I welcome your feedback in whatever form you're comfortable providing it.

 

Data Protection Policy for Paediatric Occupational Therapy Service

 

Last updated: October 1st, 2024

1. Introduction

This policy outlines our commitment to protecting the personal and sensitive data of our patients, their families, and our staff in accordance with applicable data protection laws and regulations.

2. Scope

This policy applies to all personal and sensitive data collected, processed, and stored by our paediatric Occupational Therapy practice, including but not limited to patient medical records, assessment results, treatment plans, and contact information.

3. Data Collection and Use

We collect and use personal data solely for the purpose of providing Occupational Therapy services to our paediatric patients. This includes:

  • Conducting assessments and evaluations

  • Developing and implementing treatment plans

  • Communicating with patients, families, and other healthcare providers

  • Maintaining accurate medical records

  • Billing and administrative purposes

4. Consent

We obtain explicit consent from parents or legal guardians before collecting and processing any personal data related to our paediatric patients. Consent can be withdrawn at any time.

5. Data Security

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Encryption of electronic records

  • Secure storage of physical documents

  • Regular staff training on data protection

  • Access controls and authentication measures

6. Data Retention and Disposal

We retain patient records in accordance with legal and professional guidelines, which means: only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When disposing of data, we ensure:

  • Secure shredding of physical documents

  • Permanent deletion of electronic records using approved methods

7. Data Subject Rights

We respect the rights of our patients and their families, including the right to:

  • Access their personal data

  • Request corrections to inaccurate data

  • Request deletion of data (where legally permissible)

  • Object to or restrict certain data processing activities

8. Data Sharing

We do not share personal data with third parties unless required for the provision of healthcare services, with explicit consent, or as required by law. When data is shared, we ensure appropriate safeguards are in place.

9. Data Breaches

In the event of a data breach, we will notify affected individuals and relevant authorities as required by law, and take immediate steps to mitigate any potential harm.

10. Policy Review

This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data protection regulations and best practices in paediatric healthcare.

11. Contact Information

For any questions or concerns regarding this policy or our data protection practices, please contact our Data Protection Officer at zoeotonline@gmail.com.

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your personal data as described herein, in compliance with applicable laws in Europe, UK, and USA.

bottom of page