Privacy policy

Who are we?

We are BlueFinch Health, a limited liability company incorporated in England and Wales. Our company number is 13737753 and our registered address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

We are a private community mental health service that offers specialist mental health services online or in the comfort of your own home.

We are committed to ensuring that your privacy is protected. We comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) unless and until the GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the DPA (together “Data Protection Legislation”). We are the data controller of data you pass to us pursuant to this policy.

What does this Policy cover?

We at BlueFinch Health take your personal data seriously.

This policy:

Sets out the types of personal data that we collect about you.
Explains how and why we collect and use your personal data.
Explains how long we keep your personal data for.
Explains when, why and with who we will share your personal data.
Sets out the legal basis we have for using your personal data.
Explains the effect of refusing to provide the personal data requested.
Explains the different rights and choices you have when it comes to your personal data; and
Explains how we may contact you and how you can contact us.

What personal data do we collect about you?

You may give us information about you by completing enquiry forms on the website or by requesting via the website that we send you marketing information. The information you give us may include your name, email address, address/location and phone number

We will retain this information while we are corresponding with you or providing services to you or to a service user you represent. We will retain this information for five years.

We may also collect sensitive personal data about you, in the form of information relating to health. We only collect sensitive personal data from you and further process this data, where you have given your explicit consent.

Where do we collect personal data about you from?

The following are the different sources we may collect personal data about you from:

Directly from you. This is information you provide to us, for example via contact forms.
From an agent/third party acting on your behalf. eg. Contractors Limited Company.

How long do we keep your personal data for?

We keep your information for five years after the end of the service contract.

Who do we share your personal data with?

We may share your personal data with associated contractors mental health professionals as necessary to provide the agreed level of support under client contract. We may also conduct checks on you to verify the information you have provided and where we do this, we may share your information.

What legal basis do we have for using your information?

For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.

For clients, we may also rely on our processing being necessary to perform a contract for you, for example in contacting you.

If you are interviewed and submitted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing.

What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, we may not be able to provide the agreed services.

Do we make automated decisions concerning you?

No, we do not carry out automated profiling.

Do we use cookies to collect personal data on you?

To provide better service to you on our websites, we use cookies to collect your personal data when you browse.

Do we transfer your data outside the EEA?

No, we do not transfer personal data out of the EEA.

What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

Rights, what does this mean?

The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The right of access – You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

The right to rectification – You are entitled to have your information corrected if it’s inaccurate or incomplete.
The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing – You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability – You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to object to processing – You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
The right to lodge a complaint – You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The right to withdraw consent – If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

baseless or excessive/repeated requests, or
further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular contact means over another, please just let us know.

How can you contact us?

If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, contact our Data Protection Officer at info@bluefinchhealth.com