Free No Obligation Consultation
National Clinical Psychology Logo
National Clinical Psychology Logo

Privacy Policy

How we keep your information safe.

NATIONAL CLINICAL PSYCHOLOGY SERVICE’S DATA PRIVACY & PROTECTION STATEMENT

Privacy Policy (Individuals and Organisations – Enquiries, Referrals and Website Use)
Effective date: 2 January 2026
Version: 1.1
Controller: Dr Jurai Darongkamas (marketing as National Clinical Psychology Service, “NCPS”)
Contact: ncps@clinicalpsychologyservice.co.uk | 0330 223 1844
Address: Dr Jurai Darongkamas (NCPS), c/o The Old Post Office, 1533 Pershore Road, Stirchley, Birmingham B30 2JH
ICO registration: ZC009363

1) What NCPS does (and does not do)

NCPS provides a referral and coordination service. We help connect enquirers with a suitable independent HCPC-registered Clinical Psychologist by facilitating an introduction based on the information provided.

NCPS does not provide psychological assessment, diagnosis, therapy, treatment, or rehabilitation. Any triage calls or document review performed by Dr Jurai Darongkamas/NCPS are for referral suitability/coordination only and do not constitute clinical assessment or treatment. If you proceed, any psychological services are provided by the independent Clinical Psychologist under their own terms and privacy notice, as a separate data controller.

Controller signposting: NCPS is the controller for referral/coordination records. The independent Clinical Psychologist is the controller for clinical records and will provide their own privacy notice.

2) Who this Privacy Policy applies to

This Privacy Policy applies to:

  • Individuals (adults, children, parents/carers) who contact NCPS or use NCPS to arrange a referral; and
  • Organisations (e.g., solicitors, agencies, rehabilitation providers, employers, insurers, schools, local authorities) who instruct NCPS to facilitate a referral and/or provide coordination, administrative support, and (where agreed) invoicing/collection arrangements.

3) Personal data we collect

  1. Individuals (enquiries and referrals)

    We may collect:

    Identity and contact

    • Name, title, contact details, date of birth (where relevant), address (where relevant).
    • GP practice and emergency contact details only where relevant and provided to us for coordination/safeguarding purposes.
    • We will ask for your preferred contact method and any restrictions (e.g., no voicemail) and will apply these where reasonably possible.

    Referral information (may include special category health data)

    • A description of difficulties, aims for support, and information relevant to matching (including any existing/previous involvement with professionals and other health-related data).
    • Risk/safety information where relevant to safe referral.
    • Documents you choose to share (e.g., prior reports). If extensive review is required, any fee will be disclosed in advance.

    Communications and administration

    • Emails/calls/messages relating to your enquiry and referral coordination.

    Financial (limited)

    • NCPS does not charge individual self-referrers for referral services. If you separately agree to a paid administrative review, we process the minimum invoicing/payment information needed.

    Website/technical

    • Basic device and usage data (see section 13).

    You are not under a statutory obligation to provide information. However, if you do not provide sufficient information for suitability and safe referral, we may be unable to progress your enquiry or make an introduction.

    1. Organisations (instructions and referrals)

    We may process:

    Organisation contact data

    • Names, professional contact details, role, correspondence, and procurement/purchase order information.

    Proposed Patient data (may include special category data)

    • Identity/contact data needed for coordination (e.g., name and contact details; date of birth/address only where relevant).
    • Referral/instruction context, presenting issues, relevant background, and risk/safety information where necessary for safe matching and coordination.
    • Documents you provide (e.g., summaries, bundles, prior reports, Criminal offence data {where included in instruction materials}), limited to what is needed for referral suitability and coordination. We do not circulate full bundles widely; we limit access and share only what is necessary for suitability and coordination. 

    Financial/transaction data

    • Where agreed, referral/admin fee invoicing.
    • Where agreed, invoicing on behalf of an independent Clinical Psychologist and/or collection-agent arrangements, including receiving and transferring funds.

    4) Where we get your data from

    We may receive information:

    • from you directly (webform, email, phone);
    • from a parent/carer for a child, where appropriate;
    • from someone making first contact on your behalf (e.g., extended family member or friend); and/or
    • from a professional or organisation (e.g., solicitor, school, insurer) where you have asked them to refer or they have lawful authority to share information for referral purposes.

    5) Why we use your data

    We use personal data to:

    • respond to enquiries and determine if we can assist;
    • match an individual/Proposed Patient with an appropriate independent Clinical Psychologist;
    • coordinate initial arrangements (availability checks, introductions, first appointment logistics);
    • to administer referral introduction outcomes (including where a commission/fee is payable by a clinician);
    • where payment collection arrangements apply (for some referral via organisations), we may share limited invoicing/payment status with the instructed clinician and retain accounting records required for audit/tax;
    • manage service quality, complaints, and governance;
    • maintain safety and safeguarding where relevant; and
    • meet legal and regulatory requirements (where applicable).

    6) Lawful bases (UK GDPR)

    Article 6 (general personal data)

    We rely on one or more of:

    • Contract – to provide the referral/coordination service requested or instructed and to manage related communications.
    • Legitimate interests – to run and protect our referral service (e.g., record-keeping, quality assurance, complaint handling, service security and fraud prevention), balanced against your rights.
    • Legal obligation – where we must comply with law (e.g., limited accounting obligations where applicable).

    Article 9 (special category data, including health data)

    Where referral/instruction information includes special category data (such as health data), we rely on one or more of:

    • Health or social care management / health professional confidentiality where applicable for referral coordination conducted under the responsibility of a regulated health professional and subject to confidentiality.
    • Legal claims where necessary to establish, exercise or defend legal claims (e.g., complaint or dispute; litigation-related instructions).
    • Explicit consent where required for a specific disclosure or where the context indicates consent is the appropriate condition (for example, a disclosure outside standard referral coordination).

    Referral coordination is usually processed under contract (or steps you ask us to take before a contract) and/or our legitimate interests. We use explicit consent only where required for a specific disclosure outside standard referral coordination.

    Withdrawal of consent: Where we rely on explicit consent for a specific disclosure, you can withdraw it at any time. Withdrawal may prevent us from completing that disclosure and, in some circumstances, may prevent a referral from being completed.

    In practice, for referral coordination involving health information, we rely on the health/social care condition where the processing is under the responsibility of a regulated health professional and subject to confidentiality; we use explicit consent for non-standard disclosures

    Organisations – lawful authority warranty and transparency handoff

    Where an organisation provides information about a Proposed Patient, the organisation confirms it has lawful authority to share personal and (where applicable) special category data with NCPS for referral and coordination purposes.

    Transparency handoff (organisations): Where you are the controller providing information about a Proposed Patient, you are responsible for providing them with appropriate privacy information about this sharing, unless an exemption applies.

    Where we receive Proposed Patient data indirectly, we will provide (or support the provision of) appropriate privacy information by letting the person/s know where exactly our privacy information is on our website, within a reasonable period and, in any event, within one month, unless an exemption applies.

    Article 10 (criminal offence data): where processed, we rely on the relevant DPA 2018 Schedule 1 condition(s) and maintain required documentation, including an Appropriate Policy Document where applicable.

    Where required under the DPA 2018, we maintain an Appropriate Policy Document describing our safeguards and retention/deletion approach for relevant special category and criminal offence data.

    7) Who we share data with

    We do not sell personal data. We share only what is necessary and proportionate, including with:

    • Independent Clinical Psychologists involved in considering/accepting a referral (anonymised initially where possible; identifiable when appropriate for referral progression). 
    • NCPS administrators assisting with coordination/invoicing tasks (limited access).
    • GPs or other professionals where requested and authorised. 
    • Safeguarding / emergency services where lawful and necessary (e.g., serious risk of harm).
    • Professional advisers/insurers/legal advisers where needed for complaints, legal matters, or regulatory issues.

    Service providers (processors): We use service providers supporting our IT, hosting, email, document management, and website security, under contractual obligations. These may include:

    • website hosting provider;
    • WordPress maintenance/IT support;
    • Google Workspace (email and document systems); and
    • security tools such as Google reCAPTCHA.

    International transfers: Some service providers (for example, Google Workspace and Google reCAPTCHA) may process personal data outside the UK. Where this occurs, we rely on appropriate safeguards and contractual protections designed to help protect personal data. We also rely on Google’s terms/privacy information for reCAPTCHA and those can be reviewed.

    Automated risk analysis (website security): reCAPTCHA uses automated risk analysis to help determine whether website traffic appears to be automated; this may affect whether a form submission is accepted.

    We typically share anonymised referral information first to check suitability/availability. If you agree to proceed, we then share identifiable details to enable the clinician to contact you and arrange the first appointment.

    Independent Clinical Psychologists may pay NCPS a commission/fee when a referral is introduced and accepted. To administer this, we may record the referral outcome and limited administrative details. This does not affect the clinician’s professional independence or your freedom to choose whether to proceed.

    8) Children and families

    We take extra care with children’s information. At the start we will explain:

    • who the service is for (child/parent/family);
    • how confidentiality works in practice; and
    • when information may need to be shared for safeguarding.

    We can provide a child-friendly version of this Privacy Policy on request.

    9) Security

    We use appropriate organisational and technical measures (access controls, secure storage, secure transfer methods, and secure disposal of paper records). 

    • Your information will be kept on a password-protected computer with appropriate antivirus, malware and firewall protection. 
    • Any personal information you provide, kept on paper, is stored in locked metal cabinets within a secure office. 
    • Paper records will be destroyed using a cross cutting shredder at time of destruction. 
    • Email is not always fully secure; if you prefer, we can discuss alternative secure ways to share sensitive documents, including via an encrypted email system that we subscribe to and which you can use for no cost.

    10) Retention

    We keep personal data only as long as necessary.

    NCPS referral/coordination records

    • Enquiries that do not proceed: deleted after 6 months (or sooner on request, unless we need to retain limited information to evidence how we handled the enquiry or to comply with legal obligations).
    • Referrals that proceed: we retain minimal referral coordination records for 7 years (adults) or until age 25 (children) for governance, safeguarding, and complaint/legal purposes.
      • Minimal referral coordination records typically include: identity/contact details, referral summary information, referral outcome, key communications, and (where applicable) safeguarding/complaint correspondence.
    • Exceptions: we may retain relevant data longer where required for safeguarding, complaints, or legal matters.

    Clinical records
    Clinical records for therapy/assessment are held by the independent Clinical Psychologist as a separate controller, under their retention policy.

    11) Your rights with regard to your data

    You have rights including: 

    • Access
    • Rectification (have inaccuracies corrected)
    • Erasure (where applicable)
    • Restriction
    • Data portability (where applicable) 
    • Object 
    • Withdraw consent 
    • Rights related to automated decision-making
    • Complain to the ICO

    Note these rights are not absolute and can be overridden by other interests in extremely rare and special circumstances, e.g., court subpoenas. 

    The right to have information deleted is also not absolute and specific circumstances must apply.

    If information we hold is subject to legal professional privilege, we may be unable to disclose it in response to an access request.

    If a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you where required.

    Please note: 

    • We do not normally charge for requests.
    • We may ask for information to verify your identity before responding.
    • We respond within statutory time limits (normally one month).
    • If your request relates to an independent Clinical Psychologist’s clinical records, we will direct you to that independent Clinical Psychologist as the relevant controller.
    • We do not make decisions that produce legal or similarly significant effects based solely on automated processing. Website security tools (e.g., reCAPTCHA) use automated risk analysis to protect against spam/abuse, which may affect whether a submission is accepted.

    To exercise your rights, email ncps@clinicalpsychologyservice.co.uk with “Data protection request” in the subject line and tell us what you need.

    12) Complaints

    Contact us first: ncps@clinicalpsychologyservice.co.uk. You may also complain to the Information Commissioner’s Office (ICO).

    The ICO’s (Information Commissioner’s Office) main contact details are their website ico.org.uk, phone number 0303 123 1113, and postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

    13) Cookies, WordPress and Google reCAPTCHA

    Our website is built on WordPress and uses cookies and similar technologies to ensure the site functions properly, to keep it secure, and to help us understand how the site is used.

    Cookie banner / choices: A cookie notice is shown when you first visit our website. You can manage cookie settings through the banner (where available) and/or through your browser settings.

    Essential and security cookies: Some cookies are necessary for the website to work and to protect it from malicious or automated activity.

    Our hosting may log IP address, device/browser details, and pages accessed for security, troubleshooting, and service improvement.

    Google reCAPTCHA (anti-spam): Our website forms may be protected by Google reCAPTCHA, which helps prevent spam and automated abuse. When reCAPTCHA runs, it may set a necessary cookie (commonly “_GRECAPTCHA”) and process technical information (such as IP address and device/browser information) for security and risk analysis purposes.

    Lawful basis for website security tools: We use essential cookies and security tools such as reCAPTCHA on the basis of our legitimate interests in protecting our website and preventing fraud/abuse.

    Links to other websites. This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. We do not control these websites and are not responsible for their personal data practices. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal data about yourself.

    14) Changes to this Privacy Policy

    We may update this Privacy Policy from time to time. The latest version will be posted on our website and will show the effective date above.


 

 

 

This is the data privacy statement of National Clinical Psychology Service (NCPS) provided by Dr Jurai Darongkamas. It explains how NCPS looks after your personal data and privacy within the General Data Protection Regulation (GDPR) and related rules. By providing your personal data, you acknowledge that we will only use it in accordance with this Privacy Statement. It is assumed that by contacting us and/or further engaging with the contracted service that you are consenting to this privacy statement.

Data protection laws require that the personal data we hold about you must be: used lawfully, fairly and in a transparent way; collected only for valid purposes that we have clearly explained to you and not used in a way that is incompatible with those purposes; relevant to the purposes we have told you about and limited only to those purposes; accurate and kept up to date; kept secure and confidential and kept only as long as necessary for the purposes we have told you about.

The data we collect about you

When you initially contact us, you will be asked to provide your details such as, name, telephone number and email. You will then be asked a little about the difficulties that you are facing so that we can see if we are in a likely position to help, to then determine recommendations for the course of action thereafter. If you chose not to proceed with our service, your details will be safely deleted after 6 months; they will be kept in case you chose to re-contact our service, after a chance to consider whether or not you wish to engage our services. If you would like your details destroyed before the 6 months, please let us know (contact details on web site).

How is the information stored?

Your information will be kept on a password-protected computer with appropriate antivirus, malware & firewall protection. The personal information provided by you kept on paper, is stored in locked metal cabinets within a secure office. (Paper records will be destroyed using a cross cutting shredder at time of destruction.)

Upon the conclusion of therapy, the paper file is placed in a secure archive and kept for 7 years from the last appointment unless you and your therapist agrees otherwise (or unless there are exceptional reasons such as those linked to legal processes). This is so that should you choose to return for a further appointment/course of therapy, if our services are still being provided, then this information can be accessed as needed. When our services cease to be provided, records will be securely destroyed (or unless there are exceptional reasons such as those linked to legal processes).

Third Parties

Client details are kept strictly confidential. Contact information is made known only to the data controller, administrator and the therapist/s and information on the therapy process itself, is only accessible to the therapist/s. If you choose to proceed, we may also ask you for contact details for your GP and your permission for us to contact your GP, usually by letter, to inform him/her that: you are being seen by the service, a brief outline of reasons why and any other pertinent information. Usually, you will be asked if you wish to receive a copy of the letter also.

An exception to the above is when information is shared with appropriate other agency (e.g., for safeguarding purposes, when previously confidential information has to be shared). This is normally with consent from yourself to do so, where appropriate.

Anonymised, non-identifying, information about you is verbally shared with one/two other colleagues in a confidential setting for the purpose of clinical supervision of the therapist you see, i.e., to ensure that the work provided is as clinically appropriate as possible, working with the aim of achieving the best outcome for you in the time available. Any notes from this, to help the therapist in their provision of your therapy, will be entered into the paper file and again shredded after 7 years.

Contact by us

We may need to contact you for the following reasons: To set up/change appointment times; To send you venue information and other information related to your appointment/s and therapy and; To help solve any payment problems that might arise.

You will be asked your method of contact (Post, Email, Telephone and if we can leave a voicemail and please tell us of any restrictions you would like to impose, to protect your privacy as much as possible).

Your rights with regard to your data

You have the right to:  Access the data; Have inaccuracies corrected; Have information deleted; Prevent marketing; Have the right to complain to the ICO; Be informed of data breaches without undue delay and; Prevent automated decision-making and profiling (N.B. we do not do this type of processing). Note these rights are not absolute and can be overridden by other interests in extremely rare and special circumstances, e.g., court subpoenas. The right to have information deleted is also not absolute and specific circumstances must apply.

You have the right to end therapy at any point and to request no further contact. You may request the deletion of your contact details from our computer records and the shredding of your paper file. Usually this record of the therapy provided will continue to be kept securely and is to be shredded after 7 years.

You have the right to ask what information is kept on you and to change your mind about what is kept & how you are contacted. Those individuals who accept this policy have the right to change their mind at a later date and request deletion of their contact details. They should do so by making written contact by email or post.

NCPS can be contacted in the following ways:

By email: ncps@clinicalpsychologyservice.co.uk, By telephone:  0330 223 1844.

By post: c/o The Old Post Office, 1533 Pershore Road, Stirchley, Birmingham B30 2JH. However, please inform us that a letter has been sent

The data controller is: Dr Jurai Darongkamas. Registration reference with the ICO is ZA190876.

May 2018

National Clinical Psychology Service is a dormant limited company. Company Number 10169311

This website is owned by Dr Jurai Darongkamas (National Clinical Psychology Service) whose contact details are on the website.

Important: By submitting personal data to us and/or by using our website you give your consent that all personal data that you submit may be processed by us in the manner and for the purposes described.

1. Scope of privacy policy

1.1 We are committed to maintaining the privacy and confidentiality of information provided by you to us. The term ‘personal data’ is defined in the Data Protection Act 1998.

2. Notification of changes to privacy policy

2.1 We are continually improving our methods of communication and adding new features to this website so if we change our data protection practices we will notify you on this page, so we encourage you to check this page frequently.

3. Collection of personal data including email addresses

3.1 You may choose to receive information or services from us. When you contact or instruct us, we request personal information about you such as your name, postal address, email address and telephone number. We may also ask for demographic information to enable us to provide a personalised service to you. The information you provide is either manually or electronically stored.

4. Use of personal data

4.1 We will use your personal data to fulfil your instructions and requirements and we will ask only for data that is adequate, relevant and not excessive for those purposes. Where we send you information for any purpose, it may be sent by email or post. When we ask you for personal data it may be for any of the following purposes:

4.1.1 to contact you to inform you of our services;

4.1.2 to send you regular updates on issues we think will be of interest to you;

4.1.3 to send you requested information on our people and services; or

 5. Anonymous data collected through this website

5.1 In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers they use. This technology does not personally identify you – it simply enables us to compile statistics about our visitors and their use of our website.

5.2 Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.

6. Cookies

6.1 In order to collect the anonymous data described in the preceding paragraph, we may use session ‘cookies’ that remain in the cookies file of your browser until the browser is closed.

6.2 Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. For more information about cookies, including how to set your browser to reject them, please go to www.allaboutcookies.org.

6.3 We may also use your IP address to help diagnose problems with our server and to administer our website. An IP address is an assigned number, similar to a telephone number that identifies your computer on a network. Your IP address is also used to gather broad demographic information.

6.4 We may also perform IP lookups to determine the domain you are coming from (e.g. aol.com, yourcompany.com) to gauge more accurately our users’ demographics.

7. Disclosure of your personal data

7.1 We do not share, sell or distribute your personal data with unrelated third parties, except as otherwise provided for in this privacy policy and under these limited circumstances:

7.1.1 In order to provide you with the information or services which you have requested, personal data may occasionally be transferred or shared with third parties, who act for or with us, for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have consented.

7.1.2 We do not disclose your personal data to other businesses who may contact you about their services that may interest you.

7.1.3 We may share, transfer or disclose the information in our databases and server logs to comply with a legal requirement, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability, or in the event of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.

7.1.4 Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that personal data and to comply with applicable law.

8. Data access and corrections

8.1 Upon receipt of your written request and enough information to permit us to identify your personal data, we will disclose to you the personal data we hold about you, for which we may make a charge up to the maximum as allowed by applicable law. We will also correct, amend or delete any personal data that is inaccurate and notify any third party recipients of the necessary changes.

9. Links to other websites

9.1 This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. We do not control these websites and are not responsible for their personal data practices. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal data about yourself.

10. Governing Law

10.1 This privacy policy forms part of our website Terms of Use.