DATE PROTECTION POLICY
DISCLAIMER:
When you use SpeechWorks you trust us with your information. This privacy policy is meant
to help you understand what data we collect, why we collect it, and what we do with it.
We have tried to make it as simple as possible but if you have any questions please
contact us.
SpeechWorks assumes the function of data controller and supervises the compliance with
General Data Protection Regulation (GDPR) within the business.
1. Information we collect
2. Where we get our information
3. How we use the information we collect
4. Information we share
5. How and when consent is obtained
6. How we protect your data
7. Protecting your rights to data
8. Security of your personal data
1 Information we collect
SpeechWorks holds personal data as part of conducting a professional service. The
data follows under the following headings: healthcare records, educational records,
clinical records, general administrative records, and financial records, and training
records.
1.1 Healthcare records
A healthcare record refers to all information collected, processed and held both in
manual and electronic formats pertaining to the service user and their care. Speech
and language problems can be complex, and a wide range of information may be
collected in order to best meet the needs of the client, and to maintain a high
quality service which meets best practice requirements. In order to provide a high
quality service, a range of information may be collected.
Examples of data collected and held on all current and active clients include the
following:
Contact details: Name, address, phone numbers, e-mail address,
Personal details: date of birth,
Other contacts: name and contact details of GP and any other relevant
healthcare professionals involved.
For child services:
● Parent/guardian details
● Description of family
● Educational placements.
● Pre- and post-natal history: This can include information relating to mother’s
pregnancy, and child’s birth.
● Developmental data: developmental milestones, feeding history, audiology
history.
● Medical details: such as any relevant illnesses, medications, and relevant
family history. Reports from other relevant allied health professionals such as:
Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services),
Occupational therapy, Physiotherapy, Ophthalmology.
For adult services:
● Employment/vocational history
● Mental health
1.2 Educational records
Relevant Individual Educational Plans (IEPs), Education health care plans (EHCPs)
progress notes from educational staff and school reports may be held. Reports from
other relevant professionals eg Educational Psychology.
1.3 Clinical records
Specific data in relation to communication skills may be collected and held, such as
assessment forms, reports, case notes, e-mails, text messages and transcripts of
phone. Audio and video files may also be collected and stored.
1.4 General administrative records
SpeechWorks may hold information regarding attendance reports and accident
report forms.
1.5 Financial records
A financial record pertains to all financial information concerning the practice, e.g.
invoices, receipts, information for Revenue. SpeechWorks may hold data in relation
to: on-line purchasing history, card payments, bank details, receipts and invoices.
Information will include name of bill payer, client name, address and record of
invoices and payments made.
2 Where we get our information
Personal data will be provided by the client, or in the case of a child (under 16 years),
their parent(s)/guardian(s). This information will be collected as part of a case history
form prior to, or on the date of first contact.
Information may also be provided directly from relevant third parties such as schools,
medical professionals and allied health professionals, with prior consent from the
parent(s)/guardian(s).
3 How we use the information that we collect
We use the information we collect to provide assessment and therapy as per the
relevant professional guidelines, as well as to maintain the general running of the
business, such as running our electronic booking system, keeping our accounts and
updating you of any changes in policies or fees.
Information may also be used for research purposes, with the written consent of the
client or parent/guardian.
3.1 Data retention periods
The retention periods are the time periods for which the records should be held
based on the organisation’s needs, legal and/or fiscal precedence or historical
purposes. Following the retention deadline, all data will be destroyed under
confidential means.
3.2 Client Records
3.2.1
Clinical Records
● SpeechWorks keeps both physical and electronic records of clinical data in order
to provide a service.
● The preferred format for clinical data is electronic.
● At the present time clinical data is held for children deleted/confidentially
destroyed until the client’s 25th birthday, unless the client was 17 years when
intervention finished, in which case retention is until their 26th birthday
● At the present time clinical data held for adults is deleted/confidentially
destroyed after 8 years from the end of intervention.
● Clinical data used for research purposes, may be kept.
● Video records/ voice recordings relating to client care/videoconferencing
records may be recorded with consent, analysed and then destroyed. If written
consent is provided to use recordings for training purposes, the client will have
the option to withdraw consent at any time.
3.2.2 Financial Records 
SpeechWorks keeps electronic/paper records of financial data from those
who use our services. HMRC require records to be retained for a minimum period of 6 years after
the completion of the transactions, acts or operations to which they relate. These
requirements apply to manual and electronic records equally.
● Financial Data is kept for 6 years to adhere to Revenue guidelines.
● Financial Data (including non-payment of bills) can be given to Revenue at
Revenue’s request.
3.3 Exceptions
If under investigation or if litigation is likely, files must be held in original form
indefinitely, otherwise files are held for the minimum periods set out above.
4 Information we share
We do not share personal information with companies, organisations and individuals
outside SpeechWorks unless one of the following circumstances apply:
4.1 With your consent:
We will only share your Personal Identifying Information (PII) to third parties when we
have signed consent to so.
Third parties may include: hospitals, GPs, other allied health professionals,
educational facilities.
4.2 For legal reasons:
We will share personal information with companies or organisations outside of
SpeechWorks if disclosure of the information is reasonably necessary to: Meet any applicable law, regulation, legal process or enforceable
governmental request. Meet the requirements of the Children First Act 2015. To protect against harm to the rights, property or safety of SpeechWorks our
service users or the public as required or permitted by law.
4.3 To meet financial requirements:
SpeechWorks also is required to share Financial data with Sowerby FRS Ltd in order to
comply with local tax laws. SpeechWorks has obtained a copy of Sowerby FRS Ltd
own Data protection policy.
4.4 For processing by third parties/external processing
The following third parties are engaged for processing data:
Who
Type of data
Purpose
Administrative staff
Record keeping, typing,
correspondence.
Updating records
Accountant
Financial
Contact
Processing financial accounts
Electronic booking/ storage
systems (Write Upp)
Contact details
5 How and when we obtain consent
Prior to initial assessment or consultation, a copy of the privacy policy statement will
be provided to clients along with a client referral form/case history form, and terms
and conditions (Alternatively, it can be stated that a link to the data protection policy
will be provided) A consent form will need to be signed by the client prior to
commencing the service. The full privacy policy available on request by email to:
lynne@speechworks.info
or:
A consent form will be attached to the Referral Form. Users will be directed to read the
privacy statement and to tick to agree to the terms. Services cannot be initiated
without ticked consent to our privacy policy.
Should a client wish to withdraw their consent for data to be processed, they can do
so by contacting SpeechWorks.
6 How we protect your data
In accordance with the General Data Protection Regulation (GDPR), we will endeavour
to protect your personal data in a number of ways:
6.1 By limiting the data that we collect in the first instance
All data collected by us will be collected solely for the purposes set out at 1 above
and will be collected for specified, explicit and legitimate purposes. The data will not
be processed any further in a manner that is incompatible with those purposes.
Furthermore, all data collected by us will be adequate, relevant and limited to what
is necessary in relation to the purposes for which it is collected which include, the
assessment, diagnosis and treatment of speech, language and communication
disorders. For training purposes and to support school based delivery of universal SLT
programmes.
6.2 By transmitting the data in certain specified circumstances only
Data will only be shared and transmitted, be it on paper, electronically as is required,
and as set out in section 3.
6.3 By keeping only the data that is required
When it is required and by limiting its accessibility to any other third parties.
6.4 By disposing of/destroying the data once the individual has ceased receiving
treatment
See section 3.2.1 data that is held by SpeechWorks will put in place appropriate
technical and organisational measures to ensure a level of security appropriate to the
risk. These may include measures such as the encryption of electronic devices,
pseudonymisation of personal data, and/or safe and secure storage facilities for
paper/electronic records.
6.5 By retaining the data for only as long as is required
Which in this case is see section 3.2.1 except for circumstances in which retention of
data is required in circumstances set out at part 1.1 above or in certain specific
circumstances as set out at Article 23(1) of the GDPR.
6.6 By destroying paper-based data securely and confidentially after the period of
retention has elapsed.
This could include the use of confidential shredding facilities or, if requested by the
individual, the return of personal records to the individual.
6.7 By ensuring that any personal data collected and retained is both accurate and up
to-date.
7 Protecting your Rights to Data
7.1 Adult clients
Adults have the right to request data held on them as per article 15 of GDPR. A
request must be made in writing. Further information regarding accessing your
personal data are available in the document ‘Rights of Individuals under the General
Data Protection Regulation’, downloadable from: www.gdprandyou.ie
7.2 Children
For children under the age of 16, data access requests are made by their guardians.
When a child turns 16, then they may make a request for their personal data.
However, this is subject to adherence with the Children First Act.
8 Security
SpeechWorks as with most providers of healthcare services is aware of the need for
privacy. As such, we aim to practice privacy by design as a default approach, and
only obtain and retain the information needed to provide you with the best possible
service.
All persons working in, and with SpeechWorks in a professional capacity are briefed on
the proper management, storage and safekeeping of data.
All data used by SpeechWorks, including personal data may be retained in any of the
following formats:
1. Electronic Data
2. Physical File
The type of format for storing the data is decided based on the format the data exists
in.
Where applicable, SpeechWorks may convert physical files to electronic records to
allow us to provide a better service to clients.
8.1 Data Security
SpeechWorks understands that the personal data used in order to provide a service
belongs to the individuals involved. The following outlines the steps which
SpeechWorks use to ensure that the data is kept safe.
Physical Files
All physical data is located securely with the treating therapist. – SpeechWorks have access to these records. – These records are kept in a container secured with a lock and key.
8.2 Security Policy
SpeechWorks understands that requirements for electronic and physical storage
may change with time and the state of the art. As such, the data controller in
SpeechWorks reviews the electronic and physical storage options available to
SpeechWorks every 12 months.
All physical devices used by persons working for SpeechWorks have password
protected access.
All persons working in SpeechWorks are aware and briefed on and refresh the
requirements for good data hygiene every 12 months. This briefing compliance is
monitored by the SpeechWorks data controller and includes, but is not limited to: Awareness of client conversations in unsecure locations. Enabling auto-lock on devices when leaving them unattended, even within
SpeechWorks locations. Use of non-identifiable note taking options (ie initials, not names). The awareness of SpeechWorks procedure should a possible data breach
occur, either through malicious (theft) or accident (loss) of devices or
physical files.
Date of document: August 2025
Review Date: August 2027