top of page

Privacy Policy

How this document helps

This Privacy Policy explains how Rooted Regulation UK collects, uses, stores and protects your personal information.We want you to feel confident that your information is handled safely, respectfully, and in line with UK data protection law.

1. Our Commitment to Privacy

Your privacy matters to us. At Rooted Regulation UK, we understand that choosing to share personal information requires trust. Whether you are contacting us for an autism assessment, occupational therapy support, workshops or consultancy, we are committed to protecting your information and using it responsibly. We only collect the information we need, we keep it secure, and we will always be open about how we use it. We process personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other relevant legislation.

2. Who We Are

Rooted Regulation UK provides autism assessments, occupational therapy services, training, consultancy and practical support for individuals, families and organisations.Data ControllerRooted Regulation UKEmail: hello@rootedregulation.co.ukBusiness address: Available on request (to be updated once permanent premises are established)ICO Registration Number: PendingIf you have any questions about this Privacy Policy or how we use your information, please contact us using the email address above.

3. What Information We Collect 

Depending on the service you receive, we may collect: 

Personal information

 

• Name 

• Date of birth 

• Postal address 

• Email address 

• Telephone number 

• Emergency contact details 

Health and assessment information 

This may include: 

• Medical history 

• Mental and physical health information 

• Neurodevelopmental history 

• Occupational therapy assessments 

• Autism assessment information 

• Functional assessments 

• Reports from other professionals 

• Risk information 

• Information shared during appointments 

Information about families or carers 

Where appropriate we may collect information provided by family members, carers or professionals involved in your care. 

 

Website information 

If you complete a contact form on our website we may collect: 

• Your name 

• Contact details 

• Your enquiry 

• Technical information such as IP address and browser information through website cookies (see our Cookie Policy). 

4. Why We Collect Your Information 

We collect and use information to: 

• respond to enquiries 

• arrange appointments 

• provide autism assessments 

• provide occupational therapy services 

• prepare reports 

• develop practical support plans 

• communicate with you 

• liaise with professionals involved in your care (where appropriate) 

• safeguard individuals where there is a legal or professional duty 

• maintain accurate clinical records 

• manage payments and invoices 

• improve our services 

We will never sell your personal information or use it for unrelated marketing purposes. 

5. Our Legal Basis for Processing 

Under UK GDPR we process personal information using one or more lawful bases including: 

• Performance of a contract 

• Legal obligation 

• Legitimate interests 

• Consent (where required) 

As we often process health information, this is classed as Special Category Data. We process this information under the conditions permitted by UK GDPR and the Data Protection Act 2018 for the provision of health and care services. 

6. How We Store and Protect Your Information 

Keeping your information safe is extremely important to us. 

Rooted Regulation UK stores information using secure electronic systems designed to protect confidentiality. 

Our security measures include: 

• Microsoft 365 secure cloud storage 

• Multi-factor authentication 

• Password protected devices 

• Encrypted data transmission where available 

• Access limited to authorised team members 

• Regular software and security updates 

• Secure deletion of information when no longer required 

We continually review our systems to ensure information remains secure. 

7. Who Has Access to Your Information 

Your information is only accessed by members of the Rooted Regulation UK team who need it to provide your service. 

We do not share information unnecessarily. 

All team members are expected to maintain confidentiality and follow our data protection procedures. 

8. When We May Share Information 

We will only share information when: 

• you have given permission 

• it is necessary to provide your care 

• there is a legal obligation 

• there are safeguarding concerns 

• it is required by a court or regulatory body 

Where possible, we will discuss this with you before sharing information.

9. How Long We Keep Information 

We only keep information for as long as it is necessary. 

Retention periods are based on legal requirements, professional guidance, and our Data Retention Schedule. 

Once records are no longer required, they are securely destroyed. 

10. Your Rights 

Under UK GDPR you have the right to: 

• request access to your personal information 

• request correction of inaccurate information 

• request deletion where appropriate 

• request restriction of processing 

• object to certain types of processing 

• request transfer of your information where applicable 

• withdraw consent where consent is the lawful basis 

To exercise any of these rights, please contact us using the details above.

11. Cookies 

Our website may use cookies to improve your experience and understand how people use our website. 

Further information is available in our Cookie Policy (GR-003). 

12. Changes to this Policy 

We may update this Privacy Policy from time to time to reflect changes in legislation, guidance or our services. 

The latest version will always be available on our website. 

13. Contact Us 

If you have any questions about this Privacy Policy or how your information is used, please contact: 

Rooted Regulation UK 

Email: hello@rootedregulation.co.uk 

If you remain unhappy after contacting us, you have the right to complain to the Information Commissioner's Office (ICO). 

Website: https://ico.org.uk 

Document Review 

This document will be reviewed annually, or sooner if legislation, professional guidance or business practice changes. 

bottom of page