Privacy Policy

This document provides information relating to how Compass Psychology Services handles your personal information. The information that we hold is confidential and often sensitive in nature. Any personal information we hold about you is stored and processed under our data protection policy, in line with The Data Protection Act 1998 (in force on the date this statement became operational) and the General Data Protection Regulation (Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018.

Information is retained in line with Department of Health recommendations. Information on a child will be kept until their 25th birthday or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death. Medical records of adult patients are retained for a period of seven years.

This document also provides extra details to accompany specific statements about privacy that you may see when you use our website (such as cookies).

Dr Jack Hollingdale is the data controller for Compass Psychology Services. Additional staff working with Compass Psychology Services are data controllers for the patients they work with directly.  All associates are required to sign a contract agreeing to comply with GDPR.

Important: By submitting personal data to us and/or by using our website you give your consent that all personal data that you submit may be processed by us in the manner and for the purposes described below.

This privacy policy was last updated on 18th February 2020.

What information will we collect about you?
At initial contact we will ask for some personal information about you/your child. This may include:

  • Full name
  • Postal address
  • Email address
  • Telephone number
  • Date of birth
  • Demographics (e.g. sex, gender, ethnicity)
  • School details
  • Relationships and children
  • GP details
  • Health insurance details (where applicable)
  • NHS number (if available)

We may also ask for additional information, such as the difficulties experienced by you/your child, your family and details about your/your child’s past medical history, current difficulties and any concerns and risks – this is classed as sensitive information and is necessary to enable us to offer the service you have sought from us.

We collect information about you when you complete the contact form on our web page. The contact form asks for your name, email address and the reason for your enquiry. We need this information in order to respond appropriately to your enquiry. We current only accept referrals via emails sent directly or forwarded from our website.

If our services are commissioned for you by third parties (your GP, local authorities, clinical commissioning groups, etc.) they will provide us with a variety of information, including your name, postal address, telephone number, email address and medical/educational history.

We will ask only for data that is adequate, relevant and not excessive for those purposes. We also collect rating scales, past professional reports and school reports when relevant. 

How do we use the information we collect about you?
We will use your personal information to provide the services you have requested from us. Collecting this data helps us to:

  • Communicate with you so that we can inform you or remind you about your appointments with us (including by email, in writing or by text message)
  • Deliver the correct service to you/your child
  • Conduct a thorough and appropriate assessment
  • Invoice you/your insurance company for the services we provide (the electronic accounts package that we use keeps financial data/invoices indefinitely. We will manually delete the records after the period of 7 years required by HMRC)
  • Communicate (when necessary and agreed with you) with relevant third parties to support your treatment and manage risk

Your information is shared with appropriate staff members working with Compass Psychology Services and involved in your care.  These professionals understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this. We may also share your information with your/your child’s GP, school, CAMHS/PCAMHS, social services, or other professionals such as a psychiatrist. We will ask for your consent to do this.

There may be instances when we need to share information such as, when there is a legal obligation for us to do so or when the information concerns risk of harm to the patient, or risk of harm to another child or adult. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or someone else.

We will not share your personal information with third-parties for marketing purposes.

Where do we keep the information?

  • Paper-based patient records and notes are kept to a minimum and stored in a locked filing cabinet by the lead clinician involved in your care.
  • Access to your personal information is restricted on a ‘need-to-know’ basis only i.e. for those concerned directly with your care and with your account.
  • Sensitive personal information will only be sent to patients/parents by email if they have given prior consent for us to do so. Any computers or mobile devices containing personal information are password protected or protected with a passcode/thumbprint scanner.
  • Data is backed up regularly.

If you contact us via the website contact form or directly by email, we will keep the information in an online filing system which is compliant with General Data Protection Regulations.

How can I see all the information you have about me?
You have a right to access the information that we hold about you/your child and to receive a copy. You should submit your request to the Data Protection lead, Dr Jack Hollingdale in writing or by email. We will aim to provide the relevant data within 30 days and this may be subject to a small admin fee.

You can also request us to

  • Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
  • Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information for example, information about your medical treatment
  • Stop using your information – for example, sending you reminders for appointments
  • Supply your information electronically to another health professional

What happens in the event of a data breach?
To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data protection breach the Data Protection lead, Dr Jack Hollingdale will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. Breaches which carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects and measures to prevent the breach from happening again. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.

Right to withdraw your consent
Some of Compass Psychology Services’ processing activities may be based on your consent. In these situations you will have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal.

If you withdraw your consent, Compass Psychology Services’ and third parties involved in personal data processing will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations. Please note that as a consequence of your withdrawal of your consent, Compass Psychology Services may not be able to meet your requests or provide you with our services.

Complaints or queries
If you have any concerns about how we use your information and you do not feel able to discuss it with anyone within the service itself, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745/


What is a cookie?
Cookies are small text files which are placed on your computer by websites you visit. They are widely used in order to ensure websites work efficiently, alongside providing insight about the volume of visitors to the website and how visitors move around the website. Cookies are sent automatically by websites as they are viewed, but in order to protect a user’s privacy, a computer will only permit a website to access the cookies it has sent, and not the cookies sent by other sites. Users can also adjust the settings on their computer to restrict the number of cookies that it accepts, or notify them each time a cookie is sent. For further information about cookies please visit

What sort of cookies do we use on our website?
There are a number of Cookies that are stored when you visit our website. These are used by us to monitor the performance of the website.

We use Google Analytics, a popular web analytic service, to analyse how users use the site. It counts numbers of visitors and tells us things about their behaviour overall, such as typical length of stay on the site or average number of pages a user views. We do not directly control these cookies. You can check Googles Analytics privacy policy here for more information: 

Can I browse your website without receiving any cookies?
Cookies do not  stay around forever and your web browser will eventually delete them. When a website stores a cookie, it states how long the cookie should stay on the computer for – this can be for the current visit only or for a period of time, for example one week.

You can choose to delete our, or any websites’ cookies from your web browser at any time (for help on how to do this, go to You can also set your web browser to not accept any cookies if you wish.

Please note that we only use cookies for the purpose of enhancing your online experience and no personal data is collected from you through this process.