Privacy Policy
Introduction: This Privacy Policy outlines how All Kinds of Minds collects, uses, discloses, and protects your personal data in accordance with the General Data Protection Regulation (G.D.P.R.) and other applicable data protection laws.
Information that is collected relating to personal data:
Contact Information: This includes your name, email address, phone number, and postal address.
Health Information: To provide comprehensive psychological assessments, bio-psycho-social information is obtained related to your child’s developmental history, family history, health and medical history, and mental health.
Appointment Details: Information about your scheduled appointments.
Payment Information: Payment information is obtained for services and stored on Carepatron or Stripe.
How data is used:
To provide comprehensive psychological assessments.
To manage and schedule appointments.
To process payments for services.
To communicate with you regarding your psychological assessments and appointments.
To comply with legal obligations.
Personal data is processed based on the following legal grounds:
Your consent.
To fulfil our contractual obligations.
To ensure compliance with legal obligations.
In the pursuit of legitimate interests.
Personal data may be shared with the following parties:
Healthcare professionals, social care professionals, and educational professionals—with your consent.
Third-party service providers, such as Carepatron, who assist us in managing appointments, billing, or other administrative functions.
Statutory authorities when required by law or mandated reporting duties.
Third-Party Companies: All Kinds of Minds collaborates with third-party companies to enhance the client experience, streamline operations, or fulfil specific requirements. Third-party companies refer to external services or providers that may be used for various functions, such as:
Website hosting and maintenance: The All Kinds of Minds website is hosted by Squarespace.
Information & Online Forms: All Kinds of Minds uses Jotform, an electronic documents creation system that is G.D.P.R. compliant and enables encryption.
Secure storage of patient records: All Kinds of Minds uses Carepatron, an electronic health records management system that is G.D.P.R. and H.I.P.A.A. compliant and has bank-level encryption.
Online appointment booking systems All Kinds of Minds uses Carepatron, an electronic health records management system that is G.D.P.R. and H.I.P.A.A. compliant and has bank-level encryption.
Digital communication platforms for tele-consultation: All Kinds of Minds uses Carepatron, an electronic health records management system that is G.D.P.R. and H.I.P.A.A. compliant and has bank-level encryption.
Payment Processing: All Kinds of Minds uses Stripe and SumUp to process payments for services.
Third-Party Companies Considerations:
Vetted Companies: Before selecting a third-party service, it is ensured that they are committed to G.D.P.R. compliance, thereby guaranteeing the protection of your data even outside our direct environment.
Limited Data Sharing: Only the minimal necessary data is shared with these third-party services to facilitate their provided function. We never share more than what is required.
Transparency: Any collaboration with third-party companies is transparently communicated to you in the Privacy Policy.
Your Rights: In line with G.D.P.R., you have rights concerning your personal data, even when processed by third-party companies. This includes rights to access, rectify, and erase your personal data with these third-party companies.
Data Security: All Kinds of Minds takes appropriate security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. For example, Carepatron uses AES-256 encryption, which is considered bank-level encryption.
Under G.D.P.R., you have the following rights regarding your personal data:
Access: You have the right to request a copy of the personal data that All Kinds of Minds retains about you.
Rectification: You can request that certain inaccurate or incomplete data be corrected. (Please note, however, that you cannot request that the Clinical Psychologist changes the diagnostic conclusion reached; additionally, information relating to potential legal matters or child protection concerns cannot be changed or redacted.)
Erasure: You have the right to request the deletion of your data under certain circumstances.
Restriction of Processing: You can request that we limit the processing of your data in certain situations.
Data Portability: You have the right to receive your data in a structured, commonly used, and computer-readable format.
Withdraw Consent: All Kinds of Minds relies on your consent for processing and sharing your data and continuing the assessment, you can withdraw consent at any time. Again, there are legal and child protection exceptions to this rule.
All Kinds of Minds is a sole trader business. A sole trader does not need to appoint a Data Protection Officer (D.P.O.) if:
They are a public authority or body (except courts acting in their judicial capacity); the All Kinds of Minds Practice is not.
Their core activities involve large-scale, regular, and systematic monitoring of individuals (e.g., online behaviour tracking); this does not apply to All Kinds of Minds Practice.
They conduct large-scale processing of special categories of data or personal data relating to criminal convictions and offences.; this does not apply to the All Kinds of Minds Practice.
Most sole traders, such as the As Kinds of Minds Practice, do not engage in extensive data processing activities, so they typically do not need to appoint a D.P.O. However, All Kinds of Minds still must comply with other G.D.P.R. requirements to process personal data, which includes ensuring data security, fulfilling data subjects' rights, etc.
If you have questions or concerns about your personal data or this Privacy Policy, please make contact: contact@allkindsofminds.ie
Changes to this Privacy Policy: All Kinds of Minds may update this Privacy Policy to reflect changes in our practices or for legal and regulatory reasons. Any updates will be posted on our website, and the date of the last revision will be updated.
Supervisory Authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data Protection Commission in Ireland.
Effective Date: 22nd September, 2023
Last Review Date: This Privacy Policy was last reviewed on 22.09.2024.