top of page
Everywhere_Health_Logo_Landscape 1.png
EH_Boy_&_Plane_Image.jpg

PRIVACY POLICY


Data Controller: Staff Partners Mental Health Ltd, trading as Everywhere Health
Data Protection Officer (DPO): Kevin Thomas

Who We Are
Everywhere Health is an independent healthcare provider focused on promoting psychological wellbeing across the UK.
We support a wide range of clients, including the NHS, individuals, families, employers, educational institutions (schools, universities), healthcare providers, and the courts.

What is a Privacy Notice?
A Privacy Notice explains how Everywhere Health collects, uses, stores, and shares your personal information. It applies to our clients, service users, website visitors, and the general public.
Also known as a Privacy Statement or Fair Processing Statement, this notice reflects our commitment to integrity, trust, privacy, and confidentiality—whether you are using one of our independent services or NHS services.

Legal Framework and Guidelines We Follow
We operate in compliance with the following:
•    UK General Data Protection Regulation (UK GDPR)
•    Data Protection Act 2018
•    Human Rights Act 1998
•    Common Law Duty of Confidentiality
•    The Caldicott Principles
•    ICO (Information Commissioner's Office) guidance
•    NHS guidance
•    Relevant professional codes of conduct and standards
We also follow the NHS Records Management Code of Practice and other national best practice guidelines when holding NHS-related data.

How We Collect Personal Information
We collect information from:
You directly:
•    Via phone, email, post, websites, application forms, or face-to-face (e.g., during consultations or treatment).
Third parties (on your behalf):
•    Family members, guardians, healthcare professionals, GPs
•    Employers and their insurers (for occupational health)
•    Solicitors (for legal services)
•    Public sector commissioners (for NHS services)
•    Insurance providers (for insured services)

Types of Personal Information We Collect
Standard personal data:
•    Name, date of birth, address, postcode, email
•    NHS/Hospital/GP details
•    Appointment dates and times


Special category (sensitive) data:
•    Physical and mental health information
•    Disability and support needs
•    Race, ethnicity, and religion (if relevant to your care)
•    Criminal convictions or offences (if applicable)

Why We Process Your Data (and Legal Justifications)
We process your personal data for various reasons under UK GDPR, including:
•    Legitimate interests
•    Legal obligations
•    Public interest
•    Your consent (when no other basis applies)
For special category data:
We rely on Article 9(2)(h) of GDPR, which allows processing for healthcare provision, occupational medicine, medical diagnosis, or health and social care management.


Other valid reasons include:
•    Legal claims or regulatory investigations
•    Safeguarding or public protection
•    Situations where you’ve given consent
When we need your permission, we will always make that clear and won’t proceed without your consent.

Withdrawing Consent
If you’ve given consent and later change your mind, you can withdraw it by emailing: privacy@everywherehealth.co.uk
We’ll stop processing your data unless there’s another lawful reason to continue.

National Data Opt-Out (for NHS Clients)
You can opt out of having your data used for planning or research via:
•    www.nhs.uk/your-nhs-data-matters
•    Call: 0300 303 5678
If you opt out, we’ll ensure your data is excluded from these uses.

Who Can Access Your Data
Your data is only accessible to those who need it.
All Everywhere Health staff (clinical and administrative) sign strict confidentiality agreements and undergo annual training in data protection and information security.

When We Share Your Information
We may share your data with other professionals (e.g., GPs, insurers, solicitors, employers) to support your care. This is always done with your consent, except in emergencies (e.g. immediate risk of harm) or when legally required.

Sharing Data for NHS Services
Under NHS contracts, we may be required to share specific information such as:
•    Name, address, postcode, telephone number
•    NHS number, disability status, long-term conditions
•    Appointment dates and times

Data Security and Storage
We take data protection seriously. Your information is stored securely (electronically and on paper), with access limited to those who need it.
We are registered with the ICO and comply with the Data Protection Act 2018 and UK GDPR.
All staff are trained in confidentiality, data protection, and records management.

How Long We Keep Your Data
We retain data based on:
•    How long you’ve been a client
•    Legal, regulatory, or professional requirements
•    Our obligations to demonstrate compliance
For more details, contact: privacy@everywherehealth.co.uk

Your Data Rights
You have the following rights:
•    To be informed – how we use your data
•    Access – to view your personal data
•    Rectification – to correct inaccurate or incomplete data
•    Erasure – to delete data no longer needed (Right to be Forgotten)
•    Restrict processing – if your rights override our reasons for processing
•    Data portability – to transfer your data to another provider
•    Object – to stop processing based on public or legitimate interest
•    Automated decisions – to challenge decisions made without human input
Note: These rights are not absolute; we’ll explain any exceptions when you make a request.
To exercise your rights, contact: privacy@everywherehealth.co.uk

Complaints and Concerns
We welcome your feedback and take all complaints seriously.
To raise a concern, email: privacy@everywherehealth.co.uk
Or contact our DPO directly at the same address.


You can also contact the ICO if you’re not satisfied with our response:
Information Commissioner’s Office
Wycliffe House, Water Lane,
Wilmslow, Cheshire SK9 5AF

Policy Updates
If our privacy policy changes, we will update this page. Please review it periodically to stay informed.

More Information
We aim to handle your information respectfully and responsibly. If you have concerns or questions, contact us at:
01992 245580
privacy@everywherehealth.co.uk

Website Privacy Information
We may collect and process:
Usage Data:
Includes your IP address, location, browser, device info, and how you use our website. This helps us monitor and improve our services.

Enquiry Data:
Submitted through forms for service requests. Used to provide and manage responses.

Correspondence Data:
Includes messages, CVs, or job applications. We process this to manage communications and recruitment. Personal data from job applications is not kept unless we have your consent.

bottom of page