Our aims and commitments to clients are:
To provide a high standard of assessment for the purpose of an autism assessment, in a manner which is flexible, friendly and approachable.
We will monitor and develop the services we provide to ensure we deliver high service standards, including monitoring clinical outcomes.
We will endeavour to support our clinical team of associates in delivering our services in meeting their professional standards and support their professional training.
To comply with legal and regulatory requirements
We will process your personal data in support of those aims, ensuring that we are transparent about our processing, respectful of confidentiality, only sharing your personal data for our client’s direct care and where permitted or required by law.
We will not gather your personal information to sell to third parties.
If you are under 16 we will require consent from your parent/ guardian for you to receive an assessment from us.
It is assumed that by engaging with our service client’s are consenting to records being kept.
Autism Assessment UK is fully compliant with the General Data Protection Regulation (GDPR) legislation and is committed to protecting personal information. This policy describes our processes for ensuring that personal information about clients is processed lawfully. We will outline:
What information we collect
What we do with this information
How the information is stored
Who we may share this information with
The legal grounds for holding and processing personal information
Your choices and rights relating to your personal information
Autism Assessment UK is registered with the Information Commissioner's Office (ICO) as a data controller/processor (ICO; registration no: A8417630).
Collecting Personal Information
To provide a high-quality comprehensive autism assessment service we need to hold and process sensitive personal information about our clients and where necessary the client’s family.
This personal information includes:
• Date of birth of client
• Address of client
• Contact details of parents/carers (if under 18) including; name, address, phone numbers (landline/mobile), email address
• Name of GP surgery
• Name of education establishment
• Relevant medical diagnosis/reports and developmental history
• Signed consent forms for sharing information stating who information can be shared with
• Paper based assessment notes, which may include psychological screening questionnaires, observational checklists and a multi-professional formulation sheet.
• Email correspondence
• Reports/minutes/other multi-disciplinary information
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes whilst you are actively being seen for assessment or intervention. You can do this by contacting us by telephone, which we will confirm by an encrypted email exchange.
Sources of Personal Information
Information may be gathered from a range of sources which includes:
• From client/parent/carer
• From other professionals only with parental/carer (and where applicable) client consent
Information may be gathered in a range of forms including:
• Verbal communication: face to face, telephone, meetings (including virtual and face to face
• Written: email or text (including self-report measures)
Please be aware that email is not a secure way of sharing personal information and clients do so at their own risk.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, or for your benefit, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide you with an autism assessment). In this case, we may have to cancel or not provide a service you have requested from us, but we will notify you if this is the case at the time.
Holding Personal Information
We will use clients sensitive personal data for the purposes of providing our services and to comply with a legal obligation.
We will use non-sensitive personal data to; register families as a new client, manage payment, collect and recover monies owed to us, and manage our relationship.
Lawful Basis For Processing Personal Information
Autism Assessment UK’s legal grounds for processing your data in relation to points above is for performance of a contract with you in providing the autism assessment service that you have requested.
Sharing Data With Others
We will share personal information about a client within Autism Assessment UK (between associates such as Independent Consultant Paediatricians, Occupational Therapists and Speech and Language Therapists) in order to share expertise and provide the most accurate and comprehensive assessment for clients.
We will only share personal information with other professionals outside of Autism Assessment UK when it is in the best interests of the client. Consent would be required for each instance of sharing information.
Others who may need to have this information can include:
• GP or other healthcare professionals
• Education Establishment
• Educational Psychology
• Paid carers
• Social Care Services
We will not share or sell your details with third parties for marketing purposes.
We may have to share your personal data with:
service providers who provide IT and system administration support
professional advisors including lawyers, bankers, auditors and insurers
HMRC and other regulatory authorities.
We require all third parties to whom we transfer data to respect the security of families personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
For Research Purposes
We will use anonymised data (so long as you have consented) to contribute to local, national and worldwide research in to Autism Spectrum Disorder and related conditions.
How We Store Your Data
Protecting data relating to families is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
All information recorded on paper will be securely stored in a locked filing cabinet
Confidential digital information will be stored in a secure cloud service offering high levels of security
Confidential information sent by Autism Assessment UK via the internet will be through an encrypted system (ie through Egress)
Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential
All electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
For the purposes of quality assurance, improvement and training
Autism Assessment UK will use video recordings of you (where you have given explicit permission allowing us to do so) for the purpose of ensuring the highest standard of care. This can be for audit/quality assurance purposes and also to maintain the standard of associates working on behalf of Autism Assessment UK. From time to time videos will be used to train professionals on a wider scale, but again will only be used if you have given explicit permission for us to do so.
Retention of Data
We will only hold your data for as long as is necessary. If you make an enquiry, and do not commission any service through us, and no further action is required, we will delete your data within 3 months of your first contact.
Once an autism assessment has started and contact is made (including remote contact such as by zoom) we open a case file and comply with data retention law relating to healthcare records. We will only store your personal information for as long as it is required.
Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then securely disposed of)
Health records are subject to special legislation e.g. children’s records are kept until age 26 and adult records for 8 years after the last contact with the service. For more information please visit;
Under GDPR families have the right to obtain information about the personal data we hold/process about families.
Families are able to exercise certain rights in relation to personal data that we process. These are set out in more detail at
In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. A fee may be charged for each request.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.
We have protocols in place to reduce the risk of a data breach. We have clear guidelines should there be a data breach. We must inform the regulating body (ICO) within 72 hours of any breach. We must also contact the individuals affected.
Data Protection Complaints
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ().