top of page


This section provides information relating to how Summit manages any information provided to us when we work with service users. When we refer to ‘service users’ we mean children and young people, families, clients, and other people who are directly affected by the psychological services that Summit provides. The key principles set out on this page also apply to when Summit provides services to organisations, such as educational settings, health and social care, and others across the child workforce rather than individuals. When working through organisations such as a school, the school is the data controller and Summit is the data processor. When work is direct with a child, young person, or family, Summit is the data controller. Summit Psychology Service's data controller is Dr Dawn Bradley, ICO Reference: ZA243400. The registered address is Summit Psychology Services, 17 Barracks Square, Barracks Road, Newcastle-Under-Lyme, Staffordshire, ST5 1LG.

Key Principles

Summit psychologists are Chartered Psychologists with the British Psychological Society (BPS) and the Health and Care Professions Council (HCPC). Both the BPS and HCPC are regulators whose main aim is to protect the public. To do this, the HCPC keeps a register of psychologists that meet their standards for training, professional skills, behaviour and health. The BPS provides ethical standards and practice guidelines which Summit adheres to. This page cannot cover every situation where problems or challenges about confidentiality might come up. However, we keep the following principles in mind when managing service user information:

  • Take all reasonable steps to keep information about service users safe

  • Make sure we have the service user’s consent if we are passing on their information (unless there are good reasons not to, for example, it is necessary to protect public safety, to safeguard children and young people, or prevent harm to other people)

  • Get express consent, in writing, if we are using identifiable information for reasons which are not related to providing psychological services for service users

  • Only disclose identifiable information if it is necessary or required by law, and, when it is, only disclose what is necessary or required

  • Tell service users when we have disclosed their information (if this is practical and possible)

  • Keep appropriate records of disclosure

  • Keep up to date with relevant law and good practice

  • If appropriate, we will ask for advice from colleagues, professional bodies, unions, or legal professionals

  • Make our own informed decisions about disclosure and be able to justify them.

Summit Psychology Service's Standards of Conduct, Performance and Ethics

As a service work is in accordance with the HCPC Standards of conduct, performance and ethics and BPS ethical practices and guidelines. You can expect that we will:

  • Promote and protect the interests of service users, children, young people, parents and carers

  • Communicate appropriately and effectively

  • Work within the limits of our knowledge, skills and professional competencies

  • Delegate appropriately

  • Respect confidentiality

  • Manage risk

  • Report concerns about safety and safeguarding/ child protection

  • Be open when things go wrong

  • Be honest and trustworthy

  • Keep records of our work


Confidentiality means protecting the personal information relating to service users. This information might include details of a service user’s lifestyle, family, health or care needs which they want to be kept private.


The following is a broad description of the way Summit processes personal information.

Personal and Special Category data may be collected and which may include but is not limited to information concerning family details, lifestyle and social circumstances, student and disciplinary records, employment and education details, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union activity, genetic data, biometric data, health, sex life and sexual orientation.  We may only collect and use these types of data when it is relevant and such data will be collected as part of the case work records and information we hold.  Information concerning your child’s physical and mental health including special educational needs, racial or ethnic origin, and religious or other beliefs will be relevant. Information concerning any criminal convictions is afforded a similar special level of protection, and we may collect and use this information where it is relevant.

Reasons/purposes for processing information
We process personal information to enable us to provide psychological services to our clients, to education, training, welfare, healthcare and educational support services, to maintain our accounts and records. For ordinary personal information (that is, all your information which is not special category data) we have legal grounds to process this information because it is necessary to comply with a legal duty which may fall under, but is not limited to the following Acts and Regulations:

  • Education Acts 1944 and 1996

  • Children and Young Persons Act 1933 and 1963 and the Children (Performances and Activities) (England) Regulations 2014

  • Children Act 1989 and 2004

  • Childcare Act 2006

  • Education and Inspections Act 2006

  • Young People’s Act 2008

  • Education and Skills Act 2008

  • Education (Information about Individual Pupils) (England) Regulations (2013)

  • Children and Families Act 2014

  • Education and Adoption Act 2016


Implied consent is where consent from the service user is not expressly spoken or written but can be taken as understood, for example because service users have agreed to receive services. If we are using identifiable information to provide services for a service user, or provide services to them, in most circumstances we will have their implied consent. In most cases, we will need to make sure that we have explicit consent from the service user before we disclose or share any identifiable information. Consent, for the purposes of confidentiality, means that the service user understands and does not object to:

  • The information being disclosed or shared

  • The reason for the disclosure

  • The people or organisations the information will be shared with

  • How the information will be used


For consent to be valid, it must be voluntary and informed, and the person giving consent must have the capacity to make the decision. For consent to be valid when working with children and young people, we must ensure the child or young person's parent, legal guardian, or person holding legal parental responsibility (such as social care) has the capacity to consent to our involvement. By ‘voluntary’, we mean that the person makes the decision freely and without being persuaded or pressurised by organisations, professionals, family, friends or others. By ‘informed’, we mean that the service user has enough information to make a decision about whether they give their permission for their information to be shared with other people. (This is sometimes called ‘informed consent’.) By ‘capacity’ we mean a service user’s ability to use and understand information to make a decision and to communicate their decision to us. One of the most common reasons for disclosing confidential information will be when we contact education, health or social care practitioners to refer into their services, and/or to seek additional support and services for the service user. If the child or young person is at risk and we have a legal obligation to protect and safeguard we may not need consent. Sharing information is part of good practice and is integral to multi-professional working. It is often an important way of making sure holistic support can be provided.  When information is shared we will ensure that:

  • It is necessary to provide the information

  • We only disclose the information that is relevant

  • The professional receiving the information understands why we are sharing it and that they have a duty to keep it confidential


If we decide not to contact other practitioners when we might reasonably be expected to, or if a service user asks us not to, it is important that we keep clear records of this and are able to justify our decision. If we are concerned about a request someone makes for information – for example, we think the information they have asked for is not relevant – we may contact the person who has asked for the information so they can explain their request. We may also want to get legal advice, or advice from our professional body.


Consent for children under the age of 16

For children under 16, we will nearly always need to get consent from someone with parental responsibility. This could be:

  • The child’s mother or father

  • The child’s legally appointed guardian

  • A person with a residence order for the child

  • A local authority designated to care for the child

  • A local authority or person with an emergency protection order for the child.


Some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.  We need to balance the best interests of the child or young person against other duties. If we have a legal duty to share the information, or need to share it to protect the public interest, we can share it without the consent of the child or young person or their legal guardian.

Withdrawing consent

The parent / legal guardian may withdraw consent for the psychologists involvement at any time. If consent is withdrawn the CYP’s file will be deleted (for electronic versions), including any documents related to the CYP. If the Planning Record names the CYP, this will be kept in the school file as a record of the conversation between the psychologist, professional practitioners and the school.

Public Interest

We can disclose confidential information without consent from the service user if it is in the ‘public interest’ to do so. This might be in circumstances where disclosing the information is necessary to prevent a serious crime or serious harm to other people. We find out whether it is in the public interest to disclose information by considering the possible risk of harm to other people if we do not pass it on, compared with the possible consequences if we do. This includes taking account of how disclosing the information could affect the services we provide to the service user.  We should carefully consider whether it is in the public interest to disclose the information. If we are unsure we may want to get legal advice. Even where it is considered to be in the public interest to disclose confidential information, we should still take appropriate steps to get the service user’s consent (if possible) before we do so. We should keep them informed about the situation as much as we can. However, this might not be possible or appropriate in some circumstances, such as when we disclose information to prevent or report a serious crime.

Type/classes of information processed

We process information relevant to this privacy policy and follow BPS Guidance on Record Keeping and Good Practice. This information may include, but is not limited to, personal details, family details, lifestyle and social circumstances, student and disciplinary records, special educational needs and disability details, medical details, vetting checks, visual images, personal appearance and behaviour, goods and services, financial details, employment and education details. We also process sensitive classes of information that may include, physical or mental health details, sexual life, racial or ethnic origin, religious or other beliefs of a similar nature, offences and alleged offences.

Who the information is processed about
We process personal information about our service users and clients, staff, advisors and other professional experts, school staff, members of school boards, complainenents and enquirers, suppliers, business contacts and professional advisers.

Retention and storage of information

The BPS states that a psychologist's records should be held securely for as long as they are required for the purpose of psychological work. Summit maintains both paper and electronic files. All paper files are converted to electronic files after 36 months and the paper file is destroyed. Electronic files are retained on an encrypted external hard drive which is secured in a locked location within a locked office. Psychologists must follow legal requirements, national and local policy frameworks and procedures regarding the retention or disposal of records after the psychologist’s work is concluded. Summit are independent practitioners and as such we follow BPS guidance and keep records relating to contact with adults for 7 years, and until the age of 25 years in relation to children. Where the records derive from work undertaken within an organisation, the maintenance of these records is determined by the organisation’s policies and legal requirements and information should be sought from the organisation, such as educational settings and social care, as to their privacy policy. All records are destroyed under confidential conditions using a destruction service, or process which meets industry standards for document management.

Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves, with other organisations and where we are legally obliged to do so. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA) and GDPR (2018). What follows is a description of the types of organisations we may need to share some of the personal and special category information we process for one or more reasons. Where necessary or required we share information with, education, training, careers and examining bodies, school staff and boards, psychologists, healthcare professionals, social and welfare organisations, local and central government, police forces, courts, family, associates and representatives of the person whose personal data we are processing, employment agencies and examining bodies.  It is important that we get express consent, in writing where possible, if we plan to use identifiable information for reasons which are not directly related to the service user’s needs or if they would not reasonably expect their information to be used or shared in that way. Sometimes, a third party who is not a health and care professional may ask us for information. This might be a request to send information to an insurance company, education setting, local authority, or a solicitor. We would always make sure that we have express consent of the service user prior to providing any confidential information. There are a small number of circumstances where we might need to pass on information without consent, or when we have asked for consent but the service user has refused it. The reasons for this are covered in the sections public interest and safeguarding.

Undertaking research
Personal information is also processed in order to undertake research. Research conducted follows the BPS Code of Human Research Ethics. All potential participants are provided with information about the purpose of the research and must give their express consent to participate and to have knowledge of how, and if they can be identified. For research purposes, the information processed may include, but is not limited to name, contact details, family details, lifestyle and social circumstances. The sensitive types of information may include physical or mental health details, racial or ethnic origin and religious or other beliefs. Where necessary or required this information may be shared with customers and clients, service providers, other research organisations such as Universities, but would not be shared without explicit consent from the participant engaged in the research.


Our standards of conduct, performance and ethics say that psychologists must take appropriate action if we have concerns about the safety or well-being of children or vulnerable adults.

In these situations, the following apply.

  • We follow local policies and processes for raising a safeguarding concern. This might include informing the local council or the police.

  • If we are concerned that someone has caused harm, or could pose a risk to vulnerable groups, we should refer the matter to the Disclosure and Barring Service, or in Scotland, Disclosure Scotland. We may also want to inform the local council or the police.

Requests from service users for access to the information we have about them

Service users have the right to see information we hold about them and it is important that we respect this. We charge a flat admin fee of £50 for any data requests. Any such requests should be made to this email address


Questions about confidentiality

This page does not cover every situation about confidentiality. If you have a question about confidentiality please contact us.

bottom of page