Autism Assessment UK Privacy Policy


It is assumed that by engaging with our service you are consenting to records being kept.

Autism Assessment UK is fully compliant with the General Data Protection Regulation (GDPR) legislation and is committed to protecting your personal information. This policy describes our processes for ensuring that personal information about clients is processed lawfully. In this section we will outline;

  • What information we collect

  • What we do with this information

  • How the information is stored

  • Who we may share this information with

  • The legal grounds for holding and processing personal information

  • Your choices and rights relating to your personal information

Autism Assessment UK is registered with the Information Commissioners Office (ICO) as a data controller/processer (ICO; registration no: A8417630).

Collecting personal information

To provide a high-quality comprehensive Autism assessment service we need to hold and process sensitive personal information about our clients and where necessary the client’s family.

This personal information includes:

• Date of birth of client

• Address of client

• Contact details of parents/carers (if under 18) including; name, address, phone numbers (landline/mobile), email address 

• Name of GP surgery

• Name of education establishment

• Relevant medical diagnosis and developmental history

• Signed consent forms for sharing information stating who information can be shared with

• Paper based assessment notes, including psychological screening questionnaires, observational checklists and a multi-professional formulation sheet.

• Email correspondence

• Reports/minutes/other multi-disciplinary information

Sources of personal information

Information may be gathered from a range of sources which includes:

• From client/parent/carer

• From other professionals only with parental/carer (and where applicable) client consent

Information may be gathered in a range of forms including:

• Verbal communication: face to face, telephone, meetings

• Written: email or text (including self-report measures)

Please be aware that email is not a secure way of sharing personal information and clients do so at their own risk.

Holding personal information

We will use your sensitive personal data for the purposes of providing our services to you and to comply with a legal obligation.

We will use your non-sensitive personal data to; register you as a new client, manage payment, collect and recover monies owed to us, manage our relationship with you.

Lawful basis for processing personal information

Autism Assessment UK’s legal grounds for processing your data in relation to points above is for performance of a contract with you in providing the Autism assessment service that you have requested.

Sharing data with others

We will share personal information about a client within Autism Assessment UK (between contracted associates such as Consultant Paediatricians and Speech and Language Therapists) in order to share expertise and provide the most accurate and comprehensive assessment for clients.

We will only share personal information with other professionals outside of Autism Assessment UK when it is in the best interests of the client. Consent would be required for each instance of sharing information.

Others who may need to have this information can include:

• GP

• Education establishment

• Educational psychology

• Paid carers

• Social Care Services

We will not share your details with third parties for marketing purposes.

We may have to share your personal data with:

  • service providers who provide IT and system administration support

  • professional advisors including lawyers, bankers, auditors and insurers

  • HMRC and other regulatory authorities.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.

How we store your data

Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

  • All information recorded on paper will be securely stored in a locked filing cabinet

  • Confidential digital information will be stored in a secure cloud service offering high levels of security

  • Confidential information sent by Autism Assessment UK via the internet will be encrypted and password protected, with this sent separately by text

  • Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential

  • All electronic devices  (e.g. computer, laptop and phone) used to access stored information will themselves be password protected

We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retention of data

We will only hold your data for as long as is necessary. If you make an enquiry, do not have any face to face sessions and no further action is required we will delete your data within 3 months of your first contact.

Once an Autism Assessment has started and face to face contact is made (including remote contact such as skype) we open a case file and comply with data retention law relating to healthcare records.We will only store your personal information for as long as it is required. 

Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then securely disposed of)

 Health records are subject to special legislation e.g. children’s records are kept until age 26 and adult records for 8 years after the last contact with the service. For more information please visit;

Your rights

Under GDPR you have the right to obtain information about the personal data we hold/process about you and your child.

You are able to exercise certain rights in relation to your personal data that we process. These are set out in more detail at

In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. A fee may be charged for each request. 

We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.

Data Breach

We have protocols in place to reduce the risk of a data breach. We have clear guidelines should there be a data breach. We must inform the regulating body (ICO) within 72 hours of any breach. We must also contact the individuals affected.

Data protection complaints

We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (