Privacy Policy

Brighter Days Practice Privacy Policy

​

Effective Date: 26 May 2025  Last Updated: 26 May 2025

At Brighter Days Practice, we are committed to protecting your privacy and ensuring the security of your personal and health information. As a nurse-led mental health service based in Cheshire, UK, providing virtual consultations via Microsoft Teams or Zoom, we handle sensitive data with the utmost care in compliance with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and the Nursing and Midwifery Council (NMC) Code. This Privacy Policy explains how we collect, use, store, and protect your information.

1. Who We Are

Brighter Days Practice is a sole practitioner service operated by  Kameka Sarju, a registered nurse and independent prescriber, offering mental health support for depression and anxiety. We are based in Cheshire, UK, and provide services virtually.

Contact Details: 

 

Email: k.sarju@brighterdayspractice.onmicrosoft.com

Phone: [your phone number] 

Location: Nantwich

 

2. What Information We Collect

We collect the following types of information to provide our services and meet legal obligations:

Personal Information

Name, date of birth, and contact details (email, phone number, address).

Emergency contact details (if provided).

Payment information (e.g., bank or card details for billing, processed via secure third-party providers like Stripe or Square).

Health Information (Special Category Data)

Medical history, mental health conditions (e.g., depression, anxiety), symptoms, and diagnoses.

Medication details, including prescriptions issued.

Notes from consultations, including treatment plans and outcomes.

Lifestyle information relevant to your care (e.g., sleep patterns, stressors).

 

Technical Data

 

IP address, browser type, and device information when you visit our website (brighterdayspractice.co.uk).

Usage data (e.g., pages visited, links clicked) for website analytics.

 

Communication Data

 

Emails, messages, or call logs related to appointment scheduling or inquiries.

Recordings of virtual consultations (only with your explicit consent, e.g., for training purposes).

 

3. How We Collect Your Information

 

Directly from You: Via intake forms, emails, phone calls, or during virtual consultations on Microsoft Teams or Zoom.

Through Our Website: When you book appointments, contact us, or browse our site (e.g., via cookies, if you consent).

From Third Parties: We may occasionally receive information from your GP or pharmacy (e.g., medication history), but only with your consent or where legally required.

 

4. How We Use Your Information

We use your information for the following purposes, ensuring a lawful basis under UK GDPR:

 

 

 

Purpose

Lawful Basis

Example

 

 

 

Provide mental health services

Contractual necessity, Legitimate interest

Conduct consultations, prescribe medications, create treatment plans.

 

 

Manage appointments and billing

Contractual necessity

Send booking confirmations, process payments, issue invoices.

 

 

Maintain health records

Legal obligation, Legitimate interest

Document consultations as required by the NMC Code for patient safety.

 

 

Communicate with you

Consent, Contractual necessity

Send appointment reminders, respond to inquiries.

 

 

Ensure patient safety

Legal obligation, Vital interests

Share information with emergency services if there’s a risk of harm.

 

 

Improve our services

Legitimate interest

Analyze feedback or website usage to enhance patient experience.

 

 

Comply with legal requirements

Legal obligation

Retain records for audits or report to regulators if required.

 

 

Special Category Data (Health)

We process your health data under UK GDPR Article 9(2)(h) for the provision of healthcare, with safeguards in place as required by the NMC Code. We also rely on your explicit consent for certain uses (e.g., sharing with a third party like your GP).

5. Who We Share Your Information With

We may share your information with:

 

Healthcare Professionals: Your GP, pharmacist, or other providers involved in your care, but only with your consent unless there’s a legal or safety requirement (e.g., risk of harm).

Third-Party Service Providers:

Microsoft Teams/Zoom (for virtual consultations, HIPAA-compliant with encryption).

Cliniko (our Electronic Health Record system, GDPR-compliant).

Stripe/Square (for payment processing, PCI-DSS compliant).

Website hosting provider (e.g., Wix, for booking and analytics).

 

 

Legal/Regulatory Bodies: The NMC, ICO, or law enforcement if required by law (e.g., safeguarding concerns).

Emergency Services: If there’s an immediate risk to your safety or others (e.g., suicidal ideation), per NMC safeguarding duties.

 

We do not share your data with third parties for marketing purposes.

6. How We Protect Your Information

 

Security Measures:

Data is encrypted in transit and at rest (e.g., Teams/Zoom encryption, Heidi security protocols).

Access to your records is restricted to the practitioner Kameka Sarju.

 

 

6. How We Protect Your Information

 

 

​

Security Measures:

 

 

 

​

Data is encrypted in transit and at rest (e.g., Teams/Zoom encryption, Cliniko security protocols).

 

 

 

Access to your records is restricted to the practitioner ([Your Name]) via password-protected systems.

 

 

 

Our website uses HTTPS and complies with GDPR for cookie management.

 

 

 

Home-Based Security: Our home office in Cheshire uses a secure, private network with up-to-date antivirus software.

 

 

 

Staff Training: As a sole practitioner, I am trained in data protection and confidentiality per NMC standards.

 

7. How Long We Keep Your Information

 

 

 

 

 

Health Records: Retained for 8 years after your last appointment, as recommended by the NHS Records Management Code of Practice 2021, then securely deleted.

 

 

 

Billing Records: Kept for 6 years to comply with HMRC tax requirements.

 

 

 

Website Data: Analytics data is anonymized and retained for up to 2 years; contact form data is deleted after 1 year if no further action is taken.

 

 

 

Expired Data: Securely deleted using industry-standard methods (e.g., shredding for paper, secure wiping for digital files).

 

8. Your Rights

 

Under UK GDPR, you have the following rights regarding your data:

 

 

 

 

 

Access: Request a copy of your data (Subject Access Request).

 

 

 

Rectification: Correct inaccurate or incomplete data.

 

 

 

Erasure: Request deletion of your data (where no legal obligation to retain exists, e.g., health records).

 

 

 

Restriction: Limit how we use your data while a complaint is investigated.

 

 

 

Objection: Object to processing based on legitimate interests (e.g., website analytics).

 

 

 

Data Portability: Request your data in a machine-readable format (e.g., for transfer to another provider).

 

 

 

Withdraw Consent: If we rely on consent (e.g., for sharing with your GP), you can withdraw it at any time.

 

To exercise these rights, contact us at [your email address] or [your phone number]. We will respond within 1 month, free of charge, unless the request is complex or repetitive.

 

9. Cookies and Website Tracking

 

Our website (brighterdayspractice.co.uk) uses cookies to improve your experience:

 

 

 

 

 

Essential Cookies: For booking and site functionality (no consent required).

 

 

 

Analytics Cookies: To track site usage (e.g., Google Analytics), anonymised and only used with your consent via our cookie banner. You can manage cookie preferences through your browser settings or our website’s cookie banner.

 

10. International Transfers

 

We do not transfer your data outside the UK. All third-party providers (e.g., Microsoft Teams, Cliniko) store data in the UK or EU, with UK GDPR-compliant safeguards in place.

 

11. Complaints

 

If you have concerns about how we handle your data, please contact us on the practice email address. You also have the right to lodge a complaint with the ICO:

 

 

 

 

 

Website: www.ico.org.uk

 

 

 

Phone: 0303 123 1113

 

 

 

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

12. Changes to This Policy

 

We may update this Privacy Policy to reflect legal or operational changes. The latest version will be posted on our website with the updated date. Significant changes will be communicated via email or during your next consultation.

 

13. Contact Us

 

For questions about this Privacy Policy or your data, please contact:

 

Email: k.sarju@brighterdayspractice.onmicrosoft.com