top of page

Dr Heidi Hand - Privacy Policy

Last updated 16th April 2026

 

Dr Heidi Hand takes privacy and confidentiality very seriously and wants to assure you that a safe and confidential space is offered to discuss your feelings and concerns when engaging with services. This privacy policy explains how data is collected and processed through the use of this website, when making contact in other ways such as initial enquiries and when engaging in services offered.

 

Contact details 

Name: Dr Heidi hand (Data controller)

Phone Number: 01722 444173

E-mail: drheidihand@gmail.com

 

The type of personal information collected 

Dr Hand may collect and process the following personal information:

  • Personal identity data such as name and date of birth

  • Contact data such as phone numbers, email and mailing addresses

  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical data such as internet protocol (IP) address, browser type, device characteristics and location

  • Usage data such as information about how you use the website

The following sensitive information may also be collected and processed:

  • Health data which may include information about existing and previous medical conditions, psychiatric conditions, medication and other relevant health information 

 

How the personal information is obtained 

Different methods of collecting data may be used:

 

Most of the personal information processed is provided voluntarily by you when contacting Dr Hand, making an enquiry, or when engaging with services.

 

Information may also be collected automatically when you engage with the website such as IP address, browser and device information. Information may also be gathered through cookies and similar technology. The information collected may include: log and usage data, device data and location data.

 

How and why data is processed 

Your data will only be used in ways the law allows. Information is processed for various reasons including:

  • To register you as a new client

  • To provide services to you

  • To manage and request payment of fees and charges

  • To send administrative information to you such as information on the service or to notify you of changes to a policy

  • To request feedback about the service

  • To administer and protect the service and website including fraud prevention

  • To look at usage trends to allow improvement of this website and services offered

 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases relied upon for processing this information are:

(a) Your consent.  Your explicit consent will be gained when obtaining and processing your sensitive (health) data.

(b)Performance of a contract. In order to fulfil a contract including providing services to you

(c) We have a legal obligation. To comply with legal obligations such as complying with a law enforcement agency or exercise our legal rights.

(d) We have a vital interest. In the case of a potential threat in order to maintain safety of person(s)

(e) We have a legitimate interest. To achieve legitimate business interests such as:

  • To analyze how the website and services are used to keep them updated and relevant

  • To understand how individuals use the service in order to improve experience/outcomes

  • To collect monies and debts owed

  • To keep records and policies up to date

 

Your personal data may be processed for more than one lawful ground depending on the specific purpose for which the data is being used.

 

Who your personal information with may be shared with

Your personal data may be shared with the following parties for purposes described above.

  • Service providers who provide IT and system administration services (examples include accounting software eg. freeagent, AI note scribes eg. Heidi Health and online accounts for insurance companies eg. healthcodes)

  • Service funders eg. insurance companies, solicitors, employers: identity data and appointment schedules will be shared with that organisation for the purposes of billing. With your consent relevant clinical information may also be shared with the organisation if treatment updates are requested.

  • Other healthcare providers: Only necessary and need to know information will be shared with others involved in your care and with your consent.

  • Law enforcement or protection agencies: When disclosure is in the public interest, to prevent a criminal activity, threat to person(s) or where there is a legal duty, for example a Court Order.

  • Government entities: eg HMRC, regulators and other authorities who require reporting of processing activities in certain circumstances.

  • HealthyMindPsychology: Dr Hand sees some client as an associate for Healthy Mind Psychology (https://www.healthymindpsychology.co.uk). In these cases your identity data and appointment schedules will be shared for the purposes of billing.

  • Clinical executor: In the unlikely event of Dr Hand becoming incapacitated (eg. death or serious illness/disability) there is a named clinical executor  (a qualified psychologist) in place who will get access to clients contact details and notes in order to  inform clients and dispose of notes according to clinical guidelines.

 

How your personal information is stored

There are measures in place to protect your personal information. However please note that no method or transmission over the internet or electronic storage is entirely secure and therefore we cannot guarantee absolute security.

Your data will only be retained for as long as reasonably necessary to fulfil the purposes that it was collected for, including for satisfying legal, regulatory, tax, accounting or reporting requirements.

 

Your personal data may be stored for a longer period in the event of a complaint or if there is reason to believe there is a prospect of litigation in respect to your relationship with Dr Hand

 

By law medical information about patients must be stored for 7 years after treatment has finished. For any children treated medical information must be kept until 7 years after the child’s 18th birthday. 

 

By law basic information about our customers (including contact, identity, and transaction data) must be kept for six years after they cease being customers for tax purposes.

 

In some circumstances your data may be anonymised (so that it can no longer be associated with you) for research or statistical purposes, in which case this information may be used indefinitely without further notice to you. 

 

Information from Minors

This website is not intended for children and no data related to children is knowingly collected via this website.

 

Your data protection rights

Under data protection law, you may have rights in certain circumstances including:

 

Your right of access - You have the right to ask for copies of your personal information. 

Your right to rectification - You have the right to ask for rectification of personal information you think is inaccurate. 

Your right to erasure - You have the right to ask for your personal information to be erased where there is no good reason for it continuing to used. Note it may not always be possible to comply with a request of erasure, for specific legal reasons, that will be outlined, if applicable, at the time of request

Your right to restriction of processing - You have the right to ask to restrict the processing of your personal information in certain circumstances:

  • If you want us to establish the data’s accuracy

  • Where the use of data is unlawful but you do not want it to be erased.

  • Where you need the data to ne held even if it is no longer required, as you need it to establish, exercise or defend legal claims

  • You have objected to the use of your data but Dr Hand needs to verify whether there are overriding legitimate grounds to use it.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances. E.g. Where processing of your data relies on a legitimate business interest and there is something in your circumstances which makes you wish to object the processing as you feel it impacts on your rights and freedom.

Your right to data portability - You have the right to ask that the personal information you gave Dr Hand be transferred to another organisation, or to you, in certain circumstances.

 

Withdrawing your consent:  You have the right to withdraw your consent to the processing of your personal data at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent and nor will it change the processing of information done in reliance on lawful grounds other than consent. If you withdraw your consent, certain services to you may no longer be able to be provided. You will be advised if this is the case at the time you request to withdraw your consent.

 

If you wish to exercise any of the rights set out above, please contact Dr Hand on the details at the top of this policy. All requests will be considered and acted upon in accordance with applicable data protection laws.

 

You are not required to pay any charge for exercising your rights. If you make a request, Dr Hand will aim to respond to requests within one month

 

Updates to this policy

This policy is kept under regular review. Please see the date on this policy for last review.

 

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

​

This website may use Necessary/Essential cookies. These cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

​

The website may use Statistic/Analytic cookies. These cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously.

​

The website may use Functionality cookies. These cookies enable us to remember your preferences.

​

Information collected by the cookies is not shared with any third parties.

​

On first visit to this website you will be asked for your consent to use non - essential cookies. In the settings section of the consent banner you can select which cookies you allow including functional, analytic and targeting cookies. 

​

You can block also cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of this website or it may not work correctly.

 

How to complain

If you have any concerns about how your personal information has been used, you can make a complaint to Dr Hand (data controller) using the contact details at the top of this policy

You can also complain to the ICO if you are unhappy with how Dr Hand has used your data.

The ICO’s address:            

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

image437531.png

Dr Heidi Hand

©2023 by Dr Heidi Hand. Proudly created with Wix.com

hpc_reg-logo_cmyk.jpg 666×684 pixels.jpeg
bottom of page