Beyond Words Speech Therapy

Privacy Policy

We are committed to protecting the privacy of the children and families we work with. This policy explains how we collect, use, and safeguard your personal data.

Beyond Words Speech Therapy is committed to protecting the privacy and confidentiality of every child and family we work with. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over your information. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Section 01

Who We Are

Beyond Words Speech Therapy is a paediatric speech and language therapy practice providing services for children from birth to 17 years of age.

For the purposes of data protection law, Beyond Words Speech Therapy is the Data Controller responsible for your personal data.

Data Controller: Beyond Words Speech Therapy Ltd

Email[email protected]

Phone: 07462 364479

Section 02

Personal Data We Collect

We may collect and process the following categories of personal data:

About parents, carers & guardians

  • Full name and relationship to the child
  • Contact details (address, phone number, email address)
  • Correspondence and communications with our practice
  • Payment and billing information
  • Details of any funding arrangements (e.g. NHS referral, Education, Health and Care Plan)

About the child or young person

  • Full name and date of birth
  • Gender
  • Medical and developmental history
  • Details of speech, language, and communication needs
  • Feeding and swallowing history (where relevant)
  • School or nursery details
  • Reports and assessments from other professionals (e.g. paediatricians, educational psychologists)
  • Clinical notes, therapy plans, and progress records
  • Video or audio recordings used for clinical assessment (with explicit consent only)

Website visitors

  • Name and email address (where submitted via contact forms)
  • Anonymised usage data via cookies (see our Cookies Policy)

Section 03

How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you when you complete an enquiry or referral form
  • During telephone, email, or in-person consultations
  • Through our online booking or client management system
  • From other professionals involved in your child’s care (e.g. GP, school SENCO, paediatrician) where you have given consent or where there is a lawful basis to do so
  • From NHS or local authority referrals
  • Via our website contact form

Section 04

Why We Use Your Data

We use personal data for the following purposes:

  • To provide speech and language therapy assessments and intervention to your child
  • To manage appointments, bookings, and cancellations
  • To communicate with you about your child’s care and progress
  • To process payments and maintain financial records
  • To liaise with other professionals involved in your child’s care (with your consent)
  • To produce written reports and therapy programmes/interventions
  • To comply with our legal and professional obligations as registered speech and language therapists
  • To respond to enquiries submitted via our website
  • To improve and develop our services

Section 05

Legal Basis for Processing

We rely on the following legal bases under UK GDPR to process your personal data:

  • Legitimate interests — to provide and manage our clinical services
  • Contract performance — where you have engaged us to provide therapy services
  • Legal obligation — to comply with professional registration requirements (HCPC/RCSLT) and applicable law
  • Consent — for any non-essential processing such as photography, video recording, or marketing communications
  • Vital interests — in circumstances where processing is necessary to protect the life or wellbeing of a child

For special category data (including health data relating to children), we rely on Article 9(2)(h) UK GDPR, processing necessary for the provision of health or social care, and Schedule 1 of the Data Protection Act 2018.

Section 06

Children’s Data & Safeguarding

Because our services are exclusively for children and young people under 18, we apply the highest standards of care to all data relating to children.

  • All data about children is treated as sensitive personal data and handled with strict confidentiality
  • Access to children’s clinical records is restricted to treating therapists and authorised administrative staff only
  • We will not share information about a child with third parties without the consent of a parent or legal guardian, except where required by law or where there is a safeguarding concern
  • Where we have a safeguarding concern, we are legally and professionally obligated to share information with the relevant authorities, even without consent
  • We follow the safeguarding policies and procedures as required by our registration with the Health and Care Professions Council (HCPC) and the Royal College of Speech and Language Therapists (RCSLT)

Safeguarding note: The welfare of the child is paramount. In situations where we have reason to believe a child is at risk of harm, we have a professional and legal duty to refer to the appropriate safeguarding authority. This may occur without parental consent where necessary to protect the child.

Section 07

Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law or professional guidelines.

Clinical records for children: In line with NHS Records Management Code of Practice guidance and our professional obligations, clinical records relating to children are retained for a minimum of 7 years from the date of the last clinical contact, or until the child reaches their 25th birthday (whichever is the later). This extended retention period exists because health conditions treated in childhood may have relevance in adult life.

The table below sets out our retention periods by data type:

Type of DataRetention Period
Children’s clinical records (assessment, therapy notes, reports)7 years from last contact, or until the child’s 25th birthday — whichever is later
Children’s clinical records (cases involving safeguarding concerns)Until the child’s 25th birthday, or 8 years from the last entry — whichever is later
Parent / guardian contact and communication records7 years from the end of the therapeutic relationship
Financial and billing records7 years from the date of transaction (HMRC requirement)
Consent forms7 years from the last clinical contact
Video / audio recordings (clinical use)Deleted once clinical purpose has been fulfilled, unless retained as part of clinical record
Website enquiry / contact form submissions12 months, unless a therapeutic relationship is established
Marketing consent recordsUntil consent is withdrawn, plus 12 months

After the applicable retention period, data is securely deleted or anonymised in line with our data destruction procedures.

Section 08

Sharing Your Data

We do not sell your personal data. We may share data in the following limited circumstances:

With your consent

  • Other healthcare professionals involved in your child’s care (e.g. paediatricians, occupational therapists, educational psychologists)
  • Your child’s school or nursery (e.g. for advisory reports or EHCP contributions)
  • NHS or local authority teams where relevant

Without your consent (where legally required)

  • Where we are required to do so by law or court order
  • Where there is a safeguarding concern requiring referral to children’s services or the police
  • With the HCPC or RCSLT in connection with our professional registration or a complaint

Service providers

  • Trusted third-party service providers who assist in running our practice (e.g. secure client management software, email providers, payment processors)
  • All third-party processors are bound by Data Processing Agreements and may not use your data for any other purpose

We do not transfer personal data outside of the UK except where appropriate safeguards are in place and in compliance with UK GDPR.

Section 09

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

  • Password-protected and encrypted devices and systems
  • Secure, encrypted cloud storage for clinical records
  • Role-based access controls limiting who can view client data
  • Secure email practices for sharing sensitive information
  • Physical security for any paper-based records
  • Regular staff awareness of data protection obligations

In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) as required by UK GDPR.

Section 10

Your Rights

Under UK GDPR, you have the following rights regarding your personal data (and the personal data of your child, where you are their parent or legal guardian):

  • Right of access — to request a copy of the personal data we hold about you or your child
  • Right to rectification — to ask us to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of data, subject to our legal and professional retention obligations
  • Right to restrict processing — to ask us to limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

Please note that some of these rights are subject to legal and professional exceptions. For example, we may be unable to delete clinical records during the mandatory retention period.

To exercise any of these rights, please contact us at[email protected]

We will respond within one calendar month.

Section 11

Cookies

Our website uses cookies to improve your browsing experience and to understand how our site is used. For full details of the cookies we use, how they work, and how you can manage your preferences, please refer to our separate Cookies Policy.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Where changes are significant, we will take reasonable steps to notify you directly.

Section 13

Contact Us & How to Complain

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Beyond Words Speech Therapy

Email[email protected]

Phone: 07462 364479