Privacy & Cookie Policy for Phoenix Mental Health Services LLP
Last Updated: May 2025
1. Introduction
Phoenix Mental Health Services (Phoenix MHS) is committed to safeguarding your personal information and ensuring your privacy. This Privacy & Cookie Policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and our common law duty of confidentiality. By using our website, you consent to the practices described in this policy.
2. Who We Are
Phoenix Mental Health Services LLP
Website: https://phoenix-mhs.com
Email: [email protected]
Phone: 0370 162 0673
3. Information We Collect
Depending on your relationship with us, we may collect the following types of information:
- Personal details (e.g., name, address, contact information)
- Health and care information (e.g., diagnoses, prescriptions, referrals)
- GP and referrer details
- Emergency contact or carer information
- Consent preferences and communication history
- Feedback and survey responses
4. How We Collect Your Data
We collect personal data in the following ways:
- When you are referred to us by the NHS, your GP, or another healthcare provider
- When you contact us directly (via email, phone, or online form)
- Through electronic systems (e.g., Carebit and ThinkDivergent)
- When you complete digital forms or attend consultations
5. How We Use Your Data
We use the data we collect for the following purposes:
- To provide safe and effective mental health assessments and treatments
- To communicate with you regarding your care
- To send reports to your GP, referrer, or insurance provider for funding purposes
- To fulfill NHS contractual obligations
- To maintain medical records in compliance with legal requirements
6. Lawful Basis for Processing Your Data
Under the UK GDPR, we process your personal data based on the following lawful grounds:
- Article 6(1)(e) – Processing necessary for the performance of a task carried out in the public interest (healthcare)
- Article 9(2)(h) – Processing necessary for the provision of health or social care under the common law duty of confidentiality, with implied consent for care delivery and explicit consent for sharing non-direct care information (e.g., with carers)
7. Data Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and in accordance with our legal and regulatory obligations. For health-related data, we retain records in compliance with the NHS Records Management Code of Practice. If your data is no longer required, it will be securely deleted.
8. Sharing Your Information
We may share your personal data in the following situations:
- With your GP, referrer, or other healthcare providers who are directly involved in your care
- With approved IT service providers (e.g., Carebit, ThinkDivergent) to support the management of your care
- With other professionals or clinicians who are involved in providing your treatment, such as pharmacists, prescribers, or psychologists
- With other services where you have given explicit consent
- Debt recovery (rare occurrence): In very rare cases, where payments for services rendered have not been made. This is generally only necessary in situations where insurance companies have failed to pay their portion of fees following treatment, despite our efforts to resolve the issue. Such actions are taken only when absolutely necessary.
We do not share your data for marketing or commercial purposes.
10. National Data Opt-Out
Phoenix Mental Health Services does not currently share data for planning or research purposes. Should this change, we will comply with the National Data Opt-Out policies, which give you the option to opt-out of having your data used for these purposes. For more information, please visit NHS Data Opt-Out. We do have a policy available, which you can request via email to [email protected].
11. How We Protect Your Data
We take your data security seriously. All data is stored securely using cloud-based platforms (such as Carebit and AWS), and encryption is applied to protect it. Access to data is role-based and logged to ensure proper security.
We do not use paper records. Any physical or digital data that is no longer required will be securely deleted in line with the NHS Records Management Code of Practice.
12. Your Rights
Under the UK GDPR, you have several rights in relation to your personal data:
- The right to access the personal data we hold about you
- The right to request the correction of any inaccurate or incomplete data
- The right to request data portability (in certain circumstances)
- The right to withdraw consent where consent is the legal basis for processing
- The right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we are not complying with data protection laws. You can contact the ICO at www.ico.org.uk.
To exercise any of these rights, please contact us at the details provided below.
13. Cookies
We use cookies to enhance your experience on our website. Cookies help us understand how you use our site, which in turn allows us to improve its functionality. You can manage or disable cookies through your browser settings, but please note that some features of the website may not function properly without cookies.
For detailed information about the cookies we use and how you can control them, please see our cookie policy here.
14. Contact Us
If you have any questions or concerns regarding how we process your data, or if you wish to exercise any of your rights outlined in this policy, please contact us at:
Data Protection Officer: Jasmin Samuel
Email: [email protected]
Phone: 0370 162 0673