Lorraine Welsh

Neurodiverse Sensory and Executive Function Support

Privacy Policy

1. Introduction

Lorraine Welsh OT (“the Practice”) is committed to protecting the privacy and security of your personal and clinical information. As an Occupational Therapist registered with the HCPC, I hold a professional and legal duty of confidentiality. This policy explains how I collect, use, and protect your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Lorraine Welsh is the Data Controller for this practice.

  • ICO Registration
  • Contact: Lorraine@lorrainewelsh.co.uk

3. The Type of Personal Information I Collect

To provide specialist Neuro-Vocational services, I collect:

  • Basic Details: Name, job title, employer, and contact information.
  • Special Category (Health) Data: Clinical assessment scores (e.g., D-REF, Adolescent/Adult Sensory Profile, WEIS), medical history relevant to workplace function, and neurodiversity diagnostic status.
  • Occupational Data: Work tasks, workplace environmental factors, and Performance Improvement Plan (PIP) details.

4. How I Get the Personal Information and Why I Have It

Most of the personal information I process is provided to me directly by you for one of the following reasons:

  • To conduct a Sensory/Functional Assessment.
  • To provide clinical evidence for Access to Work (AtW) funding applications.
  • To develop adjustment plans and skill-building strategies.

Lawful Basis: Under the UK GDPR, the lawful bases I rely on for processing this information are:

  • Contract: To fulfill my service agreement with you or your employer.
  • Health and Social Care: (Article 9(2)(h)) Processing is necessary for the provision of health or social care treatment or the management of health or social care systems.

5. Data Storage and Security

Your data is stored securely to meet clinical record-keeping standards:

  • Digital Records: Stored on encrypted, password-protected platforms compliant with UK data protection standards.
  • Retention: In line with professional clinical guidelines, records are typically retained for 7 years after the conclusion of our service, after which they are securely destroyed.

6. Sharing Your Information

I do not sell your data. I only share information when:

  • Consent: You have given explicit permission to share a summary report with your employer or HR department.
  • AtW: You have requested a report be sent to the Department for Work and Pensions (DWP).
  • Legal/Safety: There is a legal obligation or a serious risk to your safety or the safety of others (as per HCPC professional standards).

7. Your Data Protection Rights

Under data protection law, you have rights including:

  • Access: You have the right to ask for copies of your personal information.
  • Rectification: You can ask me to correct information you think is inaccurate.
  • Erasure: You can ask me to erase your personal information in certain circumstances (subject to clinical record-keeping laws).