Service Privacy Policy

Here’s the updated privacy notice with the new section on children’s data incorporated and the summary modified:

  1. Introduction

This privacy notice provides you with details of how we collect and process your sensitive and personal data for our service.

Viam Tuam is the data controller, and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

Contact Details

Our full details are:

Full name of legal entity: Viam Tuam Limited

Email address:

Postal address: Viam Tuam Limited, 999 Finchley Road, London, NW11 7HB

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at

  1. How we use your sensitive and personal data

We are committed to protecting your personal data.

The data we collect is submitted by you on the Client Intake Form when contracting our services, and when completing assessments in session or via a secure platform. The sensitive data we collect includes ethnicity, address, gender, date of birth, contact details, email address, emergency contact, education, employment, health data.

We will use your sensitive personal data for the purposes of providing our services to you or if we need to comply with a legal obligation. With your explicit consent as our lawful basis, we may process your anonymised sensitive and personal data for research, service improvement and publication purposes. Your consent will be explicitly sought and unambiguous.

We will use your non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) collect and recover monies owed to us (iv) to manage our relationship with you, (v) send you details of our services.

Our legal grounds for processing your data are in relation to points (i) to (iv) above are for performance of a contract with you and in relation to (v) above, necessary for our legitimate interests to develop our services and grow our business.

We will not share your details with third parties for marketing purposes except with your express consent.

  1. Disclosure of your sensitive and personal data

We may have to share your sensitive and/or personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) third parties to whom we sell, transfer or merge parts of our business or our assets, (v) to other professionals for the purposes of discussing your treatment and/or (vi) with external organisations for research purposes.

We require all of these third parties to whom we transfer your data to respect the security of your sensitive and/or personal data and to treat it in accordance with the law. They are only allowed to process your sensitive and/or personal data on our instructions.

  1. International transfers

Some of our third-party providers are businesses outside of the UK in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within the UK. If we are not able to do so, we will request your explicit consent to the transfer, and you can withdraw this consent at any time.

  1. Data security

Protecting your data is important to us and we have put in place security measures to prevent your sensitive and personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your sensitive and/or personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breaches and will notify you and the ICO of a breach where we are legally required to do so.

In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights’ below for more information.

We may anonymise your sensitive and/or personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Children’s data and age of consent

Our services are primarily aimed at children and adolescents under the age of 18. We are committed to protecting the privacy of young people and ensuring compliance with relevant legislation, including the Children’s Act 1989 and the Data Protection Act 2018.

In the UK, the age of consent for processing personal data under the GDPR is 13 years old. However, for healthcare services, the age of consent for treatment may be different. In England, Wales, and Northern Ireland, young people aged 16 or over are presumed to have the capacity to consent to their own medical treatment. Children under 16 may also be able to provide consent if they are believed to have enough intelligence, competence, and understanding to fully appreciate what is involved in their treatment (known as “Gillick competence”).

When treating minors, we will:

– Involve parents or legal guardians in the treatment process unless the child is Gillick competent and requests confidentiality. We will always prioritize the child’s best interests.
– Seek parental consent for processing personal data of children under 13, unless the child is Gillick competent, and the processing is necessary for the provision of health services.
– Respect the confidentiality of minors who are Gillick competent and request that their information not be shared with parents or guardians, unless there is a legal requirement or an overriding safeguarding concern.
– Ensure that any online services or features on our website that may collect data from children (e.g., online booking) obtain verifiable parental consent and provide age-appropriate privacy notices.
– Comply with the “Caldicott principles” and the “common law duty of confidentiality” when handling children’s health data.

If a minor requests confidentiality from their parents or guardians, we will assess their Gillick competence and discuss the potential benefits and risks of maintaining confidentiality. We will only breach confidentiality if required by law or if we believe there is a significant risk of harm to the child or others.

For more information on how we handle children’s data and involve young people in decisions about their treatment, please contact our Data Protection Officer.

  1. Data retention

We will only keep your sensitive and personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, research or reporting requirements. For example, we need to keep certain information about you for 6 years after you cease to be a client for tax purposes, and 10 years after you cease to be a client for legal purposes.

You have the right to ask us to delete the personal data we hold about you in certain circumstances. See section 8 below.

  1. Your rights

You can exercise certain rights in relation to your personal data that we process.

In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive, or excessive in which case we may charge a reasonable fee or decline to respond.

We will, in most cases, reply within one month of the date of the request unless your request is complex, or you have made many requests in which case we will notify you of any delay and will in any event reply within 3 months.

You may withdraw your consent for your sensitive and personal data to be used for research, service development and publication purposes by the point of anonymisation, following which it will not be possible to identify your data for withdrawal.

If you wish to make a Subject Access Request, please send the request to email marked for the attention of the Data Protection Officer.

  1. Keeping your data up to date

We have a duty to keep your sensitive and personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.

If there are any changes to your sensitive and personal data (such as a change of address) please let us know as soon as possible by writing to or emailing the addresses set out in section 8 above.

  1. Complaints

We are committed to protecting your sensitive and personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

We may change this Privacy Notice from time to time and shall notify you of any changes.