Skip to main content


Data Protection, General Data Protection Regulation and Privacy Statement

What is done to ensure your data is kept confidentially and safe

Simon Worthington, Occupational Therapy Services is registered with the Information Commissioners Office (I.C.O) and follows the standards for small businesses. Due to this being a small business Simon Worthington is also the ‘controller’ for data. Data flow is audited, and potential risks highlighted with strategies in place to limit the chance of data breech. Lawful basis for data holding in health care is primarily due to (a) consent (b) contract (d) vital interest with occasional lawful basis (e) public task or (f) legitimate interests. Full information is available on

In short – data is kept secure by:

  • using a secure lockable filing system at office base
  • ensuring only essential data is kept and full consent for this gained, all other information is shredded physically or electronically.
  • the use of accountancy and invoicing software – ‘Xero’. For information on their security and encryption please see -
  • the use of webforms to collect pre-assessment information – ‘cognitoforms’. For information on their security and encryption please see -
  • minimising data that is transported off site and ensuring it is transported securely e.g. lockable bags / cases and files.
  • Information not to be left unattended unless securely locked away.
  • Information not to be passed onto 3rd parties without prior consent.
  • Data flow can be provided if requested at any point

Data held on paediatric clients must be kept, under the I.C.O for a minimum of 7 years past their 18th birthday (25 years of age). If discharged from the service after their 18th birthday then the data must be kept for an additional 7 years.

Privacy Statement:

Your personal information is kept for the duration of your involvement with Simon Worthington, Occupational Therapist. This includes the storage of your number on work mobile(s) if you choose to make contact with him this way. Email addresses are stored on the email hosting website. No personal information is passed on to third parties without consent.

You have the right to request ‘to be forgotten’ or you can request ‘erasure’. However, medical notes are exempt from complete erasure. See for more information. If requesting ‘to be forgotten’ your email address and phone number will be deleted.