Privacy Policy

Our contact details
Name: ASD 360
Address: PO Box 22
Phone Number: 01507 534181
Date of this Notice: 22 August 2022

Collection of personal information

  • Information about the patient(s) will be collected via spoken or written media from clients / parents / carers
  • With (parental) consent, information may also be collected from other professionals working with our patients
  • Information may also be taken about family members where this relates to our patients – e.g. contact details for parents and any relevant medical / developmental history
  • You may use ASD 360 website without providing any personal information, but if you wish to make an enquiry or contact us via the website or by email, you are requested to provide relevant contact details such as your name, email address and contact phone number to enable us to respond to your enquiry
  • You may add comments or queries which might also contain personal information.
  • If your enquiry does not result in treatment by ASD 360, then this personal information will be deleted once your enquiry has been dealt with
  • If the patient is subsequently seen by ASD 360, these details may be added to their personal records
  • Our website contains links to other internet sites that are outside our control and are not covered by this privacy policy. We are not responsible for any data that you provided through any such websites


The type of personal information we collect
We currently collect and process the following personal information:

  • Names
  • Dates of Birth
  • Postal Addresses
  • Email addresses
  • Bank details
  • Diagnosis details
  • Treatment and prescription details
  • Details of other health professionals involved in the treatment of our patients.
  • Appointment details


When using our patient App we also collect the following Log Data:

  • Your device Internet Protocol (“IP”) address
  • Device name
  • Operating system version
  • Configuration of the app when utilising our Service
  • Time and date of your use of the Service
  • Other statistics


We will not use or share your information with anyone except as described in this Privacy Policy.


How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Providing treatment
  • Providing advice
  • Improving our service


We also receive personal information indirectly, from the following sources in the following scenarios:

  • Referring clinicians
  • NHS Trusts


Our use of personal information

  • Personal information collected by us via ASD 360’s website, Chrysalis App, email, telephone, or face to face is stored and used by us for the purpose of delivering your therapy. For relevant ADHD enquiries, it may also be used by our partner company, ADHD 360
  • Any sensitive personal details are stored in a secure and confidential system and processed in confidence by ASD 360 / our partner
  • Personal details shall be used for the purpose of delivering appropriate therapy service to the patient. With consent, information about your needs will be shared with other professionals involved in the patient’s care when it is in the patient’s best interests
  • A record of the client’s consent is kept within the patient’s case notes
  • Unless we are required to do so by law, we will not disclose any personal information collected to any person other than as set out above
  • ASD 360 does not employ agents to process personal data – for example, specialist mailing companies to send out communications
  • ASD 360 does not give or sell client details to any third parties other than allied health professionals


How we use personal information
ASD 360 uses personal information:

  • To prepare, plan, and provide therapy services appropriate to the patient’s need.
  • To communicate with the client by post, email, telephone or text message in relation to:
    • Confirming and preparing for appointments
    • General communication in between appointments
    • Sending you reports and programmes for the patient, which are password-protected
    • Copying the client into communications with other professionals about the patient
    • Sending resources
    • Sending invoices
  • For clinical audit to assess and improve ASD 360’s service. Results of audits are always presented with all client identities removed.
  • For management and administration – for example, surnames of clients are included in our password-protected database.Whenever personal identifiers are not needed for these tasks, ASD 360 removes them from the information it uses.


How we store personal information

  • All information about the client, the patient, and their therapy is stored securely in a password-protected, encrypted folder on ADHD 360’s bespoke Chrysalis system
  • We do not retain any paper-based, confidential information (such as assessments and case notes). These are digitised and are stored on Chrysalis
  • All records will be only be retained for the minimum time necessary and will be deleted from our system for a maximum of 6 years after your relationship with us comes to an end
  • Email correspondence and invoices will be deleted from ASD 360’s systems after 5 years


Breach procedure
If any confidential data is lost, damaged or inappropriately accessed, ASD 360 follows a breach procedure.

  • ASD 360 staff member notifies Data Protection Champion
  • ASD 360 seeks advice from the ICO about how to act
  • ASD 360 might contact the client if advised to do so


UK data protection law and EU general data protection regulations
Data Protection Law lays down wide-ranging rules backed up by criminal sanctions for the processing of information about identifiable, living individuals. It also gives individuals certain rights in relation to personal data held about them by others. ADHD 360 is registered with the Information Commissioner’s Office (ICO) as a Tier 1 data controller.


Our lawful basis for processing personal information

  • Our lawful basis for processing and storing personal information is one of “legitimate interest” (under article 6 of GDPR). ASD 360 cannot adequately deliver a service to our patients without processing their personal information. As it is both a necessity for our service delivery and of benefit to the patient, we have a legitimate interest to process and store their data
  • Data relating to an individual’s health is classified as “special category data” under section 9 of GDPR. The regulations specify that health professionals that are “legally bound to professional secrecy” may have a lawful basis for processing this data. ASD 360 clinicians are legally bound to keep client information confidential, and it is under this condition that we process and store personal information


Our responsibilities

  • ASD 360 is committed to maintaining the security and confidentiality of the patient’s record. We actively implement security measures to ensure that their information is safe, and we audit these regularly
  • ASD 360 will not release personal details to any third party without first seeking consent unless this is allowed for, or required, by law
  • ASD 360 is constantly working to ensure compliance with current data protection regulations


Sharing your information
We may share this information with:

  • Allied health and care professionals involved in patient treatment
  • Third-party contractors delivering financial processing services


We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service
  • To provide the Service on our behalf
  • To perform Service-related services
  • To assist us in analysing how our Service is used


We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.


Your data protection rights
Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you


Please contact us at if you wish to make a request.


We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.


Links to Other Sites
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.


Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.


How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

ICO website: