Privacy Policy for Appointment Booking Mental Health and ADHD Specialists Ltd

(Trading as ADHD Specialists)

Last updated: 19/06/2025

  1. Purpose of this Policy

This Privacy Policy explains how ADHD Specialists collects, uses, stores, and protects your personal data when you book an appointment with us. It is written in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and the Health Insurance Portability and Accountability Act (HIPAA) where applicable to clients in the United States. By booking an appointment with us, you agree to the terms of this policy.

  1. Who We Are

Mental Health and ADHD Specialists Ltd (trading as ADHD Specialists) is a regulated provider of specialist mental health services, including ADHD assessments, clinical consultations, therapy, and the prescribing of medication where clinically appropriate.

Company Registration Number: 09712512

Registered Address:  39 Lower Mortlake Road, Richmond, TW9 2LR, UK

Data Controller: Mental Health and ADHD Specialists Ltd

Contact Email: hello@theadhdspecialists.com

Data Protection Officer (DPO): Alison Tingle

Data Processor: Uptitude

  1. What Data We Collect

When you book an appointment or receive care from us, we may collect the following personal and health-related data:

  • Full name
  • Date of birth
  • Email address
  • Telephone number
  • Preferred appointment time
  • Referring GP or clinician (if applicable)
  • Brief reason for referral or concerns (if provided)
  • Medical history relevant to ADHD or other mental health conditions
  • Results from ADHD assessments and diagnostic reports
  • Current and past medication
  • Prescribing history NHS number (if applicable)
  • Payment and billing details (if processed online)
  • ID verification documents (for controlled prescribing, where required)
  • If you are booking on behalf of a child or dependent, we also collect your name and relationship to the patient.
  1. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Consent (Article 6(1)(a)): When you voluntarily submit your details to book an appointment.

Contract (Article 6(1)(b)): Processing is necessary to deliver the healthcare service you request.

Legal Obligation (Article 6(1)(c)): To meet regulatory and clinical record-keeping requirements, including safe prescribing obligations.

Special Category Data (Article 9(2)(h)): Your health data is processed for the purpose of providing health or social care.

  1. Use of Your Information

We use your information to:

  • Schedule and manage appointments
  • Contact you about appointment details, changes, or reminders
  • Understand and assess your healthcare needs
  • Conduct ADHD assessments and record diagnostic outcomes Issue and manage prescriptions, including coordination with pharmacies
  • Maintain clinical and administrative records
  • Process billing and payment (if applicable)
  • Comply with legal or regulatory obligations
  • We do not use your health data for marketing purposes without your explicit consent.
  1. How We Store and Protect Your Data
  • We take data protection seriously. Your data is stored securely using encrypted systems compliant with both GDPR and HIPAA where applicable. This includes: Access-controlled booking and clinical systems (e.g., Cliniko, Calendly, or other providers)
  • Encrypted data storage and transmission
  • Role-based access controls for staff
  • Regular backups and vulnerability checks

Prescription records and diagnostic data are stored in accordance with NHS and General Medical Council (GMC) and Nursing and Midwifery Council (NMC) (or equivalent) standards, where applicable.

Any third-party platforms we use for booking or communication are carefully vetted to ensure they meet GDPR and HIPAA compliance standards.

  1. Sharing Your Data

We only share your data with:

  • Our internal administrative and clinical team
  • Platform providers necessary to process the booking (e.g., appointment software, payment processors)
  • Referring GPs or clinicians (with your consent or where medically necessary)
  • Your nominated pharmacy, where a prescription is issued
  • Regulators or authorities when required by law

We do not sell or rent your data to third parties. We may use trusted technology platforms, including AI-powered tools integrated with our booking or clinical systems, to enhance your experience and support our services. We currently use secure AI-based tools such as Heidi, a virtual assistant that helps summarise clinical notes using structured templates. Heidi does not generate treatment plans or make clinical decisions, and all outputs are reviewed by qualified clinicians before being added to your records. Heidi only processes the minimum necessary data under strict privacy and confidentiality agreements. We are also exploring the broader use of advanced technologies, including AI, to enhance our clinical tools and services. In the future, we may develop our own AI models using fully anonymised or synthetic data derived from real health records. This data would be de-identified to ensure that individuals cannot be identified, directly or indirectly, and would be subject to rigorous security, privacy, and ethical safeguards. We will only use your data for these purposes with your explicit, informed consent.

  1. International Transfers

If we transfer data outside the UK/EU (e.g., via cloud software), we ensure: Transfers are made to countries with an adequate level of data protection; or Standard Contractual Clauses (SCCs) or other lawful mechanisms are in place.

  1. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of data (where appropriate)
  • Restrict or object to certain types of processing
  • Data portability (if applicable)
  • Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, email us at hello@theadhdspecialists.com

  1. HIPAA Notice (for US Clients)

If you are based in the United States or use our services from the US: We maintain physical, technical, and administrative safeguards under HIPAA to protect your Protected Health Information (PHI). You have the right to access and amend your health records and request an accounting of disclosures. We do not disclose PHI for marketing or commercial use without explicit authorisation.

  1. How Long We Keep Your Data

We retain your data in line with UK clinical record-keeping standards:

Adults: At least 8 years after last contact

Children: Until the patient’s 26th birthday.

After this period, your data is securely deleted or anonymised unless required for legal defence or compliance.

  1. Contact and Complaints

If you have any concerns about this policy or how your data is handled: Data Protection Contact ADHD Specialists Email: hello@adhdspecialists.com Phone: (+44) 07702 615314 . You may also contact the ICO at https://ico.org.uk or call 0303 123 1113.