Find Out How We Can Help
Call us: 01743 297 937 [Clinic is Closed] Email us: here
Privacy Notice for Service Users and Service User Representatives
Welcome
Here at Mental Health and Well Being Services Ltd (MHWS), we value your privacy and are committed to protecting your personal information. We are dedicated to safeguarding the privacy and security of your personal information and being transparent about why we need your data and what we do with it.
This Privacy Notice explains how we use your personal data, outlines our commitment to data security, and provides you with important information about your rights in accordance with the UK General Data Protection Regulation 2021 (GDPR), the Data Protection Act 2018 (DPA), and other applicable UK laws.
This applies to the following data subjects:
- Service User: An individual who has expressed an interest in, currently utilises, or has utilised services provided by MHWS.
- Service User Representative: An individual who represents a Service User in any capacity and may be their parent, guardian, friend, or relative.
Who Are We?
We are MHWS, a dedicated team offering services to support mental health and well-being. When you use our services or represent someone who does, we may need to collect and process personal information about you to ensure we provide the best possible care and support.
Purpose
We are committed to safeguarding the privacy and security of your personal information and being transparent about why we need your data and what we do with it.
This Privacy Notice describes how we process this personal information and explains your rights regarding your data, in accordance with the UK General Data Protection Regulation 2021 (GDPR), the Data Protection Act 2018 (DPA), and other applicable UK laws.
Processing Information
By law we need to tell you how we process your personal information. 'Processing' includes collecting, recording, organising, storing, using, sharing, erasing, or destroying data as defined in data protection law.
Types of Information
We may process both your paper and your digital data and this may include special category data which includes data relating to:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Health
- Sex life, or sexual orientation
It may also include:
- Genetic data
- Biometric data
Why Do We Process Personal Information?
We process personal information for several reasons, such as:
- To provide and improve our services
- To process your requests and fulfil our commitments to you
- To communicate with you effectively
- To personalise and tailor your experience with us
- To conduct research and analysis to enhance our services
- To comply with legal requirements and regulations
- To provide medical diagnoses, treatment, and care services
What Information Do We Collect?
We collect various types of personal information to help us deliver our services such as:
- Basic details i.e. name, date of birth, email address, phone number, address, next of kin
- Account credentials i.e. username, password
- Payment information i.e. name, email address, phone number, address
- Communication preferences i.e. your preferences for how we contact you
- Usage data i.e. information about how you use our website, such as website analytics
- Special Category Data i.e. race or ethnic origin, health information (including diagnoses, medication, treatments)
- Other information you voluntarily provide to us
How Do We Use Your Information?
We use your information for a wide range of purposes. These may include:
- Providing and improving our services to meet your needs
- Processing and fulfilling your requests efficiently
- Communicating with you to keep you informed and respond to your enquiries
- Personalising your experience to make our services more relevant to you
- Conducting research and analysis to improve our services and operations
- Complying with legal obligations to ensure we operate within the law
- Providing medical diagnoses, treatment, and care services to support your health
Our Lawful Basis for Processing
Under the UK GDPR, we process your personal information based on one or more of the following legal grounds:
- Performance of a contract: Necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract
- Consent: Based on your consent, which you can withdraw at any time
- Legitimate interests: Necessary for our legitimate interests, such as improving our services and ensuring the security of our website
- Legal obligations: We may process special category data to comply with legal obligations, such as fulfilling our duty of care or reporting notifiable diseases.
- Vital interests: In emergency situations where an individual's life or health is at risk, we may process special category data to protect their vital interests.
Your Rights
You have several rights regarding your personal information under the GDPR, including:
- Right of access: Request access to the personal information we hold about you
- Right to rectification: Correct or update your personal information if it is inaccurate or incomplete
- Right to erasure: Request the deletion of your personal information, subject to legal and regulatory requirements
- Right to restrict processing: Limit the processing of your personal information under certain circumstances
- Right to data portability: Receive a copy of your personal information in a structured, commonly used, and machine-readable format
- Right to object: Object to the processing of your personal information unless compelling legitimate grounds override your rights
- Right to withdraw consent: Withdraw your consent at any time if we rely on your consent to process your personal information
You can exercise any of these rights by contacting us. The best ways of doing this are listed within the ‘Contact Us’ section below.
Keeping Your Information Up to Date
To help us maintain accurate and current records, please let us know if your personal or contact details change as soon as possible. This helps ensure we can continue to provide you with the best possible care and support.
You can update your information by contacting us and the best ways of doing this are listed within the ‘Contact Us’ section below.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, or business requirements. We have implemented a Record Keeping Policy and procedures to ensure that all personal data is securely deleted or anonymised when no longer needed.
Data Security
We use appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of your information until it is disposed of.
- Confidentiality: Only those people who need to see the information to perform their function will get to see it - we call that role-based access control
- Integrity: We commit to ensuring that data remains accurate and unaltered while we hold it
- Availability: We make sure that all the information we hold is available to those that need it for their jobs and decision making
Sharing Your Information
At times we may need to share your data with other people or organisations including:
- Legal representatives
- Healthcare professionals
- Court officials
If we do have to share your information, we will make sure we have a clear lawful basis to do so.
National Data Opt-Out Programme (NDOP)
The National Data Opt-Out Programme generally gives you the ability to stop health and social care organisations from using or sharing your confidential patient information for purposes beyond your individual care and treatment, except where specific exemptions apply.
Although NDOP is an NHS initiative that automatically applies to NHS Service Users, we have implemented it for both our NHS and private Service Users. We have adopted this singular approach to provide a consistent and fair experience for everyone, regardless of your relationship with us.
The NHS publishes comprehensive information about NDOP. To learn more, you may wish to visit:
Please note that whilst reading these resources, our implementation covers both private and NHS Service Users, though NHS documentation primarily refers to the NHS and NHS Service Users.
To manage your NDOP preferences, you can use the NHS service online, by telephone, or by posting a printed form. For detailed information on this process, including contact details, please visit: https://digital.nhs.uk/services/national-data-opt-out/understanding-the-national-data-opt-out/setting-or-changing-a-national-data-opt-out-choice.
We review our data processing annually to assess whether the national data opt-out applies and record this in our Record of Processing Activities (ROPA). All new data processing is evaluated against NDOP requirements. For any processing that falls within the scope of the National Data Opt-Out, we check against a centralised database to respect the preferences of Service Users who have opted out.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the revised version on our website or through other reasonable means. We encourage you to review this Privacy Notice periodically for any updates.
Contact Us
If you:
- Would like to inform us of changes to your contact details
- Would like to exercise any of your rights under UK GDPR
- Have any questions or concerns, including regarding any aspects of this privacy notice
Please contact us, with the best ways to do so being listed below:
- Email us via our website contact form: https://www.mentalhealthandwellbeing.co.uk/contact.php
- Visit or send a letter to our address:
- Mental Health & Well-being Services Ltd. ,Oak House Sitka Drive, Shrewsbury Business Park, Shrewsbury, SY2 6LG
- Telephone us within business hours: 01743 297 937
Definitions and Clarifications
- Service User: An individual who has expressed an interest in, currently utilises or has utilised services provided by MHWS
- Service User Representative: An individual who represents a Service User in any capacity such as their parent, guardian, friend, or relative
- National Data Opt-Out Programme (NDOP): An NHS provided service that allows individuals to opt-out of having their confidential patient information used or shared for purposes beyond patient care (MHWs employs this service for both private and NHS patients)
- Data Processing: Includes collecting, recording, organising, storing, using, sharing, erasing, or destroying data as defined in data protection law.
Last updated: 17/06/2025
Website Cookie Notice
Essential Cookies (Session Cookies)
A session cookie is temporary and lasts only as long as that 'session' of browsing. The cookie will last from the time it was set (usually once the website was visited), to the website being left and / or the browser being closed.
In most cases the data that is stored by Session Cookies holds no real personal information - its most common use is to hold state information such as keeping you logged into a website, storing choices made or holding what's in your basket during online shopping.
How We Use Session Cookies
This website uses session cookies to perform tasks which enable the functionality of the website. We use session cookies to store whether or not you are logged into the website, restriction of certain areas of the website, ascertaining your cookie preference in line with the GDPR and enabling general administrative duties.