Privacy Policy

Legal Entity (Data Controller): GEM OT LTD 

Trading Name: Gem OT 

Company Number: 16992119 

Website: www.otgem.co.uk

 

Effective Date: 27 January 2026

 

  1. Introduction

At GEM OT LTD (trading as Gem OT), your privacy and the security of your personal information are very important to us,. 

 

This Privacy Policy explains how we (“we”, “us”, “our”) collect, use, store, and protect your personal and health data when you engage with our occupational therapy services or visit our website.

We comply with the UK GDPR, the Data Protection Act 2018, and professional confidentiality obligations under the Health and Care Professions Council (HCPC) and the Royal College of Occupational Therapists (RCOT).

 

  1. Who We Are

GEM OT LTD is a private limited company registered in England and Wales (Company Number: 16992119), trading as “Gem OT”,. We provide occupational therapy services to adult clients with specific needs.

Our company and contact details are:

  • Data Controller: GEM OT LTD
  • Registered Office Address: 86 Bury Old Road, Manchester, England, M8 5BW
  • Trading & Correspondence Address: 38 George St, Manchester M1 4HA
  • Data Protection Lead: Gemma Cummins
  • Email: [email protected]
  • Telephone: 07845749663

 

  1. The Information We Collect

 

We collect and process the following categories of personal information:

 

  • A. Personal Identification Information: Full name, address, telephone number, email address, date of birth, gender, and contact preferences.

 

  • B. Health and Therapy Information: Medical history, GP and referral details, assessment notes, reports, treatment plans, progress notes, and information about your occupational performance and goals.

 

  • C. Administrative and Financial Information: Payment details, invoices, and insurance or funding information.

 

  • D. Website and Communication Data: Information collected via contact forms, email correspondence, or cookies (e.g., IP address, browser type).

 

  1. How We Collect Your Information

We collect your personal and health information in the following ways:

 

  • Directly from you: When you fill in our website contact form, send us an email, speak to us on the phone, or during your initial assessment and subsequent therapy sessions.

 

  • From third parties: We may receive information about you from other people with your consent, such as a GP, hospital consultant, case manager, insurer, or a family member who is coordinating your care. We will always confirm with you that we have your consent to receive and process this information.

 

  1. How We Use Your Information

We process your information for the following purposes and lawful bases,:

 

  • Providing assessment and treatment: Article 6(1)(b) (Contract) & Article 9(2)(h) (Health/Social Care).

 

  • Communicating with you and coordinating care: Article 6(1)(b)

(Contract) & Article 6(1)(f) (Legitimate Interest).

 

  • Maintaining clinical records: Article 6(1)(c) (Legal Obligation).

 

  • Processing payments and managing accounts: Article 6(1)(b) (Contract) & Article 6(1)(c) (Legal Obligation).

 

  • Improving our services and ensuring quality: Article 6(1)(f) (Legitimate Interest).

 

  • Complying with professional or legal duties: Article 6(1)(c) (Legal Obligation) & Article 9(2)(g) (Substantial Public Interest).

We will not use your information for marketing purposes without your explicit consent.

 

  1. How We Store and Protect Your Information

We take your data security seriously. Your records are stored securely in encrypted digital systems or locked physical files, accessed only by authorised personnel, and protected by regular security checks.

In line with professional and legal standards, we retain clinical records for a minimum of seven years following your last contact with our service. After this period, records are securely destroyed or anonymised.

 

  1. Sharing Your Information

We will only share your information when necessary and lawful, for example with your GP, consultant, or other health professionals (with consent), funding bodies/insurers, or regulators when required by law. We do not sell your personal data to third parties.

 

  1. Your Data Protection Rights

Under the UK GDPR, you have the rights of Access, Rectification, Erasure, Restriction, Data Portability, and Objection.

To exercise any of these rights, please contact our Data Protection Lead using the details in Section 2 or 12. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://www.ico.org.uk or 0303 123 1113.

 

  1. International Data Transfers

We use certain third-party services (e.g., email or cloud storage providers) that may process or store data outside the UK. We ensure these transfers are to countries with an “Adequacy Decision” or are protected by specific UK-approved contracts (e.g., International Data Transfer Agreements),.

 

  1. Cookies and Website Analytics

Our website may use cookies to enhance your browsing experience. You can manage cookie settings through your browser or our cookie consent banner.

  1. Changes to This Privacy Policy

We may update this policy from time to time. Any updates will be posted on our website with a new “Effective Date”.

 

  1. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy, please contact our Data Protection Lead, Gemma Cummins: