Privacy policy.

Thrive With Privacy Policy

Effective Date: 01/04/2025

This Privacy Policy explains how Thrive With ("we," "us," or "our") collects, uses, discloses, and safeguards the personal information of our clients, including children. The information that we hold is confidential and often sensitive in nature. Any personal information we hold about you is stored and processed under our data protection policy, in line with the General Data Protection Regulation (GDPR). 

IMPORTANT: By submitting personal data to us and/or by using our website you give your consent that all personal data that you submit may be processed by us in the manner and for the purposes described below.

This privacy policy was last updated on [INSERT DATE]

1. Information We Collect

We may collect the following types of personal information:

  • Client Information: 

    • Contact information (name, phone number, email address, address)

    • Demographic information (age, gender, date of birth)

    • Insurance information (if applicable)

    • NHS number (if available)

    • Emergency contact information

    • Medical history (including mental health diagnoses, medications, and treatment history)

    • Family history (if relevant)

    • Notes from therapy sessions

    • Financial information (payment details)

  • Child-Specific Information: 

    • Information from parents or guardians regarding the child's development, behaviour, and social interactions

    • School records (with appropriate consent)

    • Information from other professionals involved in the child's care (with appropriate consent)

2. How We Collect Information

We collect information about you when you complete the contact form on our web page. The contact form asks for your name, email address and the reason for your enquiry. We need this information in order to respond appropriately to your inquiry. We currently only accept referrals via emails sent directly or forwarded from our website.

If our services are commissioned for you by third parties (your GP, local authorities, clinical commissioning groups, etc`) they will provide us with a variety of information, including your name, postal address, telephone number, email address and medical/educational history.

We will ask only for data that is adequate, relevant and not excessive for those purposes. We will also collect information through various other means, including:

  • Directly from clients: During intake assessments, therapy sessions, and other interactions.

  • From parents or guardians: For child clients, we collect information from parents or legal guardians.

  • From other sources: With appropriate consent, we may collect information from other healthcare providers, schools, or other relevant sources.

3. How We Use Information

We use the collected information for the following purposes:

  • Providing therapy services: To assess client needs, develop treatment plans, and provide therapy services.

  • Billing and insurance purposes: To process payments, submit claims to insurance companies, and comply with insurance requirements.

  • Communication: To communicate with clients, parents/guardians, and other healthcare providers regarding appointments, treatment plans, and other relevant matters. Please note: Your information is shared with appropriate staff members working with Thrive With Neurodiversity Ltd and involved in your care. These professionals understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this. We will not share your personal information with third-parties for marketing purposes.

  • Maintaining client records: To maintain accurate and confidential client records for treatment purposes and legal compliance.

  • Improving our services: To improve the quality of our services and develop new programs.

  • Complying with legal obligations: To comply with applicable UK laws and regulations, such as the Data Protection Act 2018, the General Data Protection Regulation (GDPR), and the Mental Health Act 1983.

4. Disclosure of Information

We may disclose client information in the following situations:

  • With client consent: We may disclose information with the client's written consent or the consent of the parent/guardian for child clients.

  • To other healthcare providers: We may share information with other healthcare providers involved in the client's care, such as physicians, psychiatrists, and other therapists, as necessary for treatment coordination.

  • To insurance companies: We may disclose information to insurance companies for billing and claims processing purposes.

  • For legal and compliance purposes: We may disclose information as required by law, such as in response to a subpoena or court order.

  • In emergencies: We may disclose information to emergency personnel if there is an immediate threat to the client's safety or the safety of others.

5. Children's Privacy

We are committed to protecting the privacy of children. We obtain consent from parents or legal guardians before collecting, using, or disclosing any information about a child client. We comply with all applicable UK laws regarding the privacy of children, including the Children Act 1989 and the GDPR.

6. Data Security

We take reasonable steps to protect the confidentiality and security of client information, including:

  • Implementing electronic and physical security measures to protect our offices and computer systems.

  • Using encryption to protect sensitive data transmitted electronically.

  • Limiting access to client information to authorized personnel on a ‘need-to-know' basis only, i.e., for those concerned directly with your care and with your account.

  • Regularly reviewing and updating our security measures.

7. Data Retention

  • Paper-based patient records and notes are kept to a minimum and stored securely in locked filing cabinets by the lead clinician involved in your care.

  • Electronic records are retained in accordance with relevant data protection legislation and professional guidance.

  • Data is backed up regularly.

  • Medical records of adult patients are generally retained for a period of seven years.

  • Information on a child will be kept until their 25th birthday or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death, in line with Department of Health recommendations.   

8. Client Rights

You have the right to access information that we hold about you/your child and to receive a copy. You should submit your request to Thrive With Neurodiversity Ltd by email. We will aim to provide the relevant data within 30 days and this may be subject to a small admin fee.

Clients have the following rights regarding their personal information:

  • Access: Clients have the right to access their own medical records under the Data Protection Act 2018.

  • Correction: Clients have the right to request corrections to inaccurate or incomplete information.

  • Erasure: Clients can request for us to erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information for example, information about your medical treatment.

  • Stop using your information: for example, sending you reminders for appointments.

  • Communication: to supply your information electronically to another health professional.

  • Confidentiality: Clients have the right to expect that their personal information will be kept confidential in accordance with the Data Protection Act 2018 and professional ethical guidelines.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify clients of any material changes to this Privacy Policy by posting the updated policy on our website and/or by other appropriate means.   

10. Data Breaches

In the unlikely event of a data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours, as required by law, with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects and measures to prevent the reach from happening again. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.   

11. Right to Withdraw Your Consent

Some of Thrive With Neurodiversity Ltd’s processing activities may be based on your consent. In these situations you will have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal.

If you withdraw your consent, Thrive With Neurodiversity Ltd and third parties involved in personal data processing will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations. Please note that as a consequence of your withdrawal of your consent, ThriveWith may not be able to meet your requests or provide you with our services.

12. Complaints or Queries

If you have any concerns about how we use your information and you do not feel able to discuss it with anyone within the service itself, you should contact The Information Commissioner’s Office (ICO), Wyclifee House, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745/casework@ico.org.uk

13. Cookies

Thrive With may use cookies on its website. Cookies are small text files that are placed on your computer by websites you visit. They are widely used to make websites work more efficiently and to provide information about website traffic.   

  • We may use Google Analytics, a popular web analytic service, to analyse how users use the site. It counts numbers of visitors and tells us things about their behaviour overall, such as typical length of stay on the site or average number of pages a user views. You can check Google Analytics' privacy policy here for more information: https://policies.google.com/technologies/partner-sites

  • You can choose to delete cookies from your web browser at any time (for help on how to do this, go to www.aboutcookies.org). You can also set your web browser to not accept any cookies if you wish.   

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Thrive With Neurodiversity Ltd - admin@thrivewithnd.co.uk