Privacy Policy

Privacy Policy Last updated: 11 December 2025 Data Controller: Adriana Ferrari (Sole Trader) – Together Assessments ICO Registration Number: ICO:00010615323 This Privacy Policy explains how your personal information is collected, used, stored and protected when you visit this website or contact the service. It also explains your rights under UK data-protection law. This policy applies to all website users, enquirers and clients.

  1. Who we are Together Assessments is an adult (18+) autism and ADHD assessment service operated by Adriana Ferrari, Sole Trader. Registered contact details: Email (general enquiries): enquiries@togetherassessments.co.uk Email (privacy matters): privacy@togetherassessments.co.uk Internal documentation supporting this policy includes: Transfer Risk Assessment (international transfers) Record of Processing Activities (ROPA) Data Protection Impact Assessment (DPIA) Records Management & Retention Policy Privacy & Consent Agreement (service-user version) Confidentiality & Information Sharing Policy

  2. What information we collect on this website 2.1 Information you provide directly When you fill in a contact form, send an email or request information, you may provide: Your name Email address Telephone number Any other information you choose to include in your message If you later choose to book an assessment, further information will be collected as part of the clinical process. The service-user Privacy & Consent Agreement explains this separately. 2.2 Information collected automatically This website may collect: IP address Browser type Pages viewed Date and time of visit

These are standard server logs used for security and performance monitoring only. No website analytics, advertising cookies or tracking technologies are used unless explicitly stated on this page.

  1. Why we collect your information We process personal information for the following purposes: Purpose Lawful Basis (UK GDPR) Responding to website enquiries Legitimate interests (Art 6(1)(f)) Managing bookings and administrative communication Contract (Art 6(1)(b)) Ensuring the website functions securely and effectively Legitimate interests (Art 6(1)(f)) Clinical assessment processes (only after booking) Contract (Art 6(1)(b)); Health & Social Care (Art 9(2)(h))

Full clinical processing bases are documented in the DPIA and Privacy & Consent Agreement.

  1. How your information is used Website and enquiry information is used to: Respond to questions or requests Arrange consultations Provide information about the service Maintain website security

If your enquiry does not progress into assessment, any information you submitted is deleted after your query is closed. Client information is processed only when you formally engage with the service, as detailed in the Privacy & Consent Agreement and clinical policies.

  1. How your information is stored Website enquiry information is stored securely within encrypted email and cloud systems. Clinical information is stored within encrypted Google Workspace and Microsoft 365 Business systems, consistent with: DPIA (secure cloud storage, encryption, MFA) Records Management & Retention Policy

No assessment materials are stored within AI or accessibility tools. Paper records are avoided; if created temporarily they are locked securely and shredded within seven days of digitisation.

  1. International transfers Your information may be processed by providers that store data in the EU or US. All transfers are protected by: UK Addendum to the EU Standard Contractual Clauses UK–US Data Bridge (where applicable) Provider security certifications (ISO 27001/27701, SOC2)

This is documented in the Transfer Risk Assessment.

These tools are used only for secure communication, administrative purposes, or drafting support under enterprise privacy safeguards (no training, retention or advertising).

  1. Sharing your information We do not sell or rent your personal data. Website enquiry information is shared only when necessary with: Email service providers IT/security providers Payment processors (if you book an assessment)

Clinical information may be shared with: HCPC-registered supervisors (minimum necessary) Your GP (with consent or for safeguarding) Emergency or safeguarding bodies (where legally required)

These conditions are detailed in your Confidentiality & Information Sharing Policy.

  1. Retention For website users: General enquiries: retained only until resolved. Booking administration: retained as required to provide the service.

For client records: Reports, notes and questionnaires: 7 years Video/audio recordings: 4–6 weeks (deleted once used in supervision) AI/accessibility tool drafts: deleted immediately

These periods are set out in the Records Management & Retention Policy.

  1. Security We use the following measures: Encryption at rest and in transit Multi-factor authentication Restricted access to authorised individuals only Encrypted devices with remote-wipe Secure deletion and logging of disposal events

These align with your DPIA and Information Security controls.

However, no method of internet transmission is completely secure and absolute protection cannot be guaranteed.

  1. Your rights Under UK GDPR, you have the right to: Access your personal data Correct inaccurate or incomplete data Request deletion in some circumstances Restrict or object to processing Request data portability Complain to the ICO

You will not be charged for exercising your rights. To make a request, contact: privacy@togetherassessments.co.uk If you are unhappy with how your data is used, you may contact: Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF ico.org.uk | 0303 123 1113

  1. Cookies This website uses only essential cookies required for security or functionality, unless stated otherwise. If additional cookies (e.g., analytics) are introduced in future, a cookie banner and updated notice will be provided.

  2. Links to external sites External links may appear on this website. We are not responsible for the content or privacy practices of other websites.

  3. Changes to this policy This policy may be updated periodically to reflect legislative or service changes. Updates will be published on this page with a revised “Last updated” date.

  4. Contact for privacy matters If you have questions about this policy or wish to exercise your rights, contact: privacy@togetherassessments.co.uk