Privacy Policy

Who we are

Since 2018, we have provided services for adults, children and families in areas across Surrey and the home counties.

As an organisation, we are committed to protecting your information and respecting your privacy in accordance with the Data Protection Act 1998.

This notice explains what information we collect, why we collect it and how we keep it secure.

What information do we collect?

Health Care Professionals such as therapists and nurses who are involved in your care will collect and keep relevant records about your health, treatment and care to ensure you are provided with high quality and safe healthcare. These records are known as Health Records and can be held in paper format, electronic format or both. 

Your Health Record may consist of the following:

  • Your name, address, date of birth, telephone numbers
  • Details of your next of kin
  • The GP you are registered to
  • Any disability or preferred language
  • Notes about your health, clinic visits, treatments and procedures you have undergone
  • Results of any investigations such as laboratory results or imaging results
  • Information from other Health Care Professionals who are involved in your care, eg your GP.

Why do we collect this information?

Your information will only be processed where we are legally permitted to do so, usually for direct medical purposes. This ensures that the Health Care Professionals who are involved in your care are able to adequately plan your care and treatment. The information we collect allows us to:

  • Identify you to ensure you are distinguished from other patients
  • Contact you in relation to appointments or clinical updates
  • Contact your named next of kin in the event of an emergency
  • Share updates with your GP in relation to your care/treatment
  • Meet any specific needs you might have
  • Ensure the care and treatment we provide is appropriate and safe.

Who will see your information and for what purpose?

Direct Care Purposes

We will only share relevant information from your Health Record with other Professionals who are supporting your care.  Sharing is on a strict need to know basis and only where the law permits.

  • Administrative staff may access your records to support our clinical staff
  • Other Health Care Professionals/organisations directly involved in your care where the sharing will facilitate your care or treatment
  • Suppliers who we instruct to support your healthcare needs for example if you require a particular piece of equipment.

Purposes beyond Direct Care

We will use the minimum data necessary for the specified purpose. Below are some examples where we might be needed to send identifiable information for non-direct care purposes:

  • Health Care Professionals for Clinical Audit purposes to ensure services are provided in line with agreed and reputable standards
  • Health Care Professionals and our Finance staff send limited information to commissioners so that we are able to receive payment for the services we provide
  • Health Care Professionals for statistical information such as length of time to be seen to analyse performance and improve our services
  • Clinical research projects to develop knowledge and improve care
  • Health Care Professionals and Commissioners to support requests for medical funding
  • Health Care Professionals and Administrative staff to allow us to fulfill our obligations to Access to Health Records Requests
  • Research studies which aim to improve the quality of services with your explicit consent.
In the majority of case, it is possible for us to use data which does not identify you where it is being used for purposes beyond direct care. Using this type of non-identifiable data is widely used across the NHS. We may use non-identifiable data for the following purposes:

  • Health Care Professionals and Quality and Governance staff and for feedback surveys
  • Health Care Professionals, Quality and Governance staff and commissioners for service monitoring to identify trends and analysis
  • Research studies which aim to improve the quality of services.

Employee Information

As an employer, we hold personal confidential information relating to individuals who apply to work at the organisation and individuals who are subsequently employed by the organisation.

The information we collect may include the following:

  • Your name, date of birth, address for identification purposes
  • A copy of your passport, visa or other immigration documents to prove your right to work in the UK
  • Disclosure and Debarring Service checks to check for criminal convictions and/or cautions
  • Occupational Health and Disability records to ensure we can make reasonable adjustments and support your health needs.

How we secure your data

All NHS employees are bound by the Common Law of Confidentiality which means we have a duty to keep your information confidential and secure. Our staff are provided with training to ensure your data is handled correctly and regular assurance checks are completed.

We have a Senior Information Risk Owner who is responsible for the management of all assets which hold information and a Caldicott Guardian who will ensure your confidentiality is protected and enable appropriate information-sharing.

Finally, we carry out detailed checks on our suppliers to ensure that they are also handling your data in a legal and secure manner.

How long will we keep information for?

Information is held for specified periods of time as per the Records Management Code of Practice for Health and Social Care.

Your rights under Data Protection

The Data Protection Act provides you with certain rights as an individual. These include:

  • You can make a request for a copy of the information we hold about you.
  • You can request that we do not process information that is likely to cause or is causing unwarranted damage or distress. Sometimes there might be a legal requirement or overriding public interest which means we are compelled to share data.
Occasions on which we are completed to share data may include:

  • Safeguarding an individual or to prevent a serious crime
  • To control the outbreak of infectious diseases
  • A legal requirement such as a court order
  • Request that your data is not used for direct marketing. We will never use your data for this purpose.
  • Challenging any decisions made without human intervention (automated decision making)
  • A right in certain circumstances to have inaccurate data is rectified, blocked, erased or destroyed
  • A right to claim compensation for damages caused by a breaching Data Protection.

Queries and how to access your records

If you have any queries concerning the use of your medical information, please discuss them with the Health Care Professional who is involved in your care in the first instance.

You can find more information at the Information Commissioner's Office website or you can write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow SK9 5AF

Heads and Hearts Website

This privacy policy sets out how Heads and Hearts uses and protects any information that you give us when you use this website.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website; you can be assured that it will only be used in accordance with this privacy statement.

We may change this policy from with by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1st January 2018.

What we collect

Like most websites we may collect certain information from our users including:

  • Your name
  • Contact information including email address
  • Information about your computer type, operating system, length of visit, page views and browsing habits) and about your visits and use of the website (including your IP address, geographical location, browser)
  • Other information relevant to visitor surveys or correspondence.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • For improving your browsing experience.
  • To enable your use of the services available on the website.
  • We may periodically send emails about information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email or phone.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


We may disclose information about you, any of our employees, suppliers or subcontractors as reasonably necessary for the purposes set out in this privacy policy.
In addition, we may disclose your personal information:

  • To the extent we are required to by law;
  • In connection with any legal proceedings;
  • In order to establish, exercise or defend our legal rights.
  • Links to other websites.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us. We will promptly correct any information found to be incorrect.


Like all websites, Heads and Hearts use cookies. A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device and respond to them as an individual. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Contact Us Form

The contact us form is solely used for contacting with Heads and Hearts, the information entered on the contact us form will only be kept for the purposes of the initial enquiry.

Janet Ramsay 1949-2022

Janet Ramsay

Where to Find Heads & Hearts

We currently use rooms at

Virginia Lodge.
Heritage Court
(Off Station Road)
TW20 9LF