Privacy Policy

Privacy Policy

Arrow Psychiatry Ltd

Last updated: 03 March 2026
Arrow Psychiatry Ltd (“Arrow Psychiatry”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data in a transparent and lawful manner.
This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with:
  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Applicable healthcare and professional regulatory requirements

Who We Are

For the purposes of data protection law, Arrow Psychiatry Ltd is the data controller of your personal data.

What Personal Data We Collect

a) Identity and Contact Information

  • Full name
  • Date of birth
  • Address
  • Email address
  • Telephone number
  • NHS number (if applicable)

b) Health and Clinical Information (Special Category Data)

  • Medical history
  • Psychiatric assessments
  • Diagnosis and treatment information
  • Medication records
  • Correspondence with other healthcare professionals
  • Risk assessments

c) Administrative and Financial Information

  • Appointment records
  • Payment details (processed securely via payment providers)
  • Invoices and billing records

d) Website Usage Data

  • IP address
  • Browser type
  • Device information
  • Cookies and analytics data

How We Collect Your Data

We collect data:
  • Directly from you (via forms, consultations, email, telephone)
  • From referring clinicians or healthcare providers
  • From third parties where authorised (e.g., insurers)
  • Automatically via our website (cookies and analytics tools)

Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

a) Provision of Healthcare

  • Article 6(1)(b): Performance of a contract
  • Article 6(1)(e): Provision of health services
  • Article 9(2)(h): Processing necessary for medical diagnosis and treatment

b) Legal and Regulatory Obligations

  • Article 6(1)(c): Compliance with legal obligations

c) Legitimate Interests

  • Article 6(1)(f): Managing and improving our services
  • Practice administration and service quality monitoring

d) Consent (where applicable)

  • Marketing communications (if applicable)
  • Certain disclosures outside standard care pathways
You may withdraw consent at any time where processing is based on consent.

How We Use Your Information

We use your personal data to:
  • Provide psychiatric assessment and treatment
  • Maintain accurate clinical records
  • Communicate regarding appointments and care
  • Issue invoices and manage payments
  • Comply with legal and regulatory obligations
  • Improve our services and website functionality
We do not sell personal data to third parties.

Sharing Your Information

We may share your data where necessary with:
  • Your GP or other healthcare professionals (with appropriate basis)
  • Laboratories or diagnostic providers
  • Private health insurers (where applicable)
  • Secure IT service providers
  • Regulatory authorities (e.g., GMC, CQC) if required by law
All third-party providers are required to maintain appropriate confidentiality and data security standards.

Data Retention

Clinical records are retained in accordance with NHS and professional guidance, typically for a minimum of 8 years after last contact.
Financial and administrative records are retained in line with statutory requirements.
Data is securely deleted when no longer required.

Data Security

We implement appropriate technical and organisational measures to protect your data, including:
  • Secure electronic record systems
  • Encrypted communications where appropriate
  • Access controls and password protection
  • Staff confidentiality obligations
While we take reasonable steps to protect your data, no online system can guarantee absolute security.

International Transfers

We do not routinely transfer personal data outside the UK.
If data is transferred internationally (for example, via secure cloud providers), we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Your Rights Under UK GDPR

You have the right to:
  • Access your personal data (Subject Access Request)
  • Request correction of inaccurate data
  • Request erasure (in limited circumstances)
  • Request restriction of processing
  • Object to processing
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)
To exercise your rights, please contact us using the details above.
We will respond within one month, subject to lawful extensions where applicable.

Complaints

If you are concerned about how your data is handled, please contact us first so we can address your concerns.
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

Cookies

Our website may use cookies to:
  • Improve functionality
  • Analyse website usage
  • Enhance user experience
You may manage cookie preferences through your browser settings. Further details are available in our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes.
The latest version will always be published on this website.