Privacy Policy
Autism Routemap
Last updated: June 2026
Our commitment to your privacy
At Autism Routemap, much of the work we do involves people sharing things that are personal, sometimes difficult, and often important to them. We take that trust seriously. This policy explains how Autism Routemap (“we”, “us”, “our”), operated by Linda Philips, collects, uses and protects your personal data when you visit our website or use our services. We are committed to handling your data lawfully, transparently and respectfully.
This policy applies to our website at www.autismroutemap.com and to the services we provide, including individual sessions, our university support group, autism assessments, and training for organisations.
Who we are
Autism Routemap is a trading name of Khanyisa Ltd, a company registered in England and Wales. For the purposes of data protection law, Linda Philips is the "data controller" for the personal information described in this policy. This means we are responsible for deciding how your information is used and for keeping it safe.
Autism Routemap is run by Linda Philips, a Speech and Language Therapist registered with the Health and Care Professions Council (HCPC) and a member of the Royal College of Speech and Language Therapists (RCSLT). We follow the professional and ethical standards those bodies set, including their guidance on confidentiality and record-keeping.
Trading name: Autism Routemap
Registered company: Khanyisa Ltd
Postal address: Havard & Associates, Suite 1, Concept House, 23 Billet Lane, Hornchurch, RM11 1XP
Email: linda.philips@autismroutemap.com
HCPC registration number: SL05303
ICO registration number: ZC167841
Because we process health-related information, we are registered with the Information Commissioner's Office (ICO), the UK's data protection regulator. You can verify our registration on the ICO register at ico.org.uk.
The law we follow
We handle your information in line with UK data protection law. This includes the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025. We also follow the Privacy and Electronic Communications Regulations (PECR) when it comes to cookies and marketing emails.
The information we collect
Depending on how you interact with us, we may collect the following.
Information you give us directly:
· Your name and contact details (such as your email address and, where relevant, your phone number and postal address), for example when you book a free Turning Point Call, sign up for our newsletter, download our free Personal Roadmap, or contact us with an enquiry.
· Details you choose to share when you book or attend an appointment, take part in our university support group, or arrange training for your organisation.
· Correspondence between us, including emails and messages.
· Health and other sensitive information (special category data)
When you become a client, or take part in an assessment, we will usually need to collect more sensitive information so that we can support you properly. This is handled separately and held to a higher standard. This may include:
· Information about your neurodivergence (for example, an autism or ADHD diagnosis or self-identification), and any related diagnoses.
· Information about your emotional wellbeing, mental health, relationships, communication, and daily life.
· Notes we make during or after our sessions, and reports we produce as part of an assessment.
· Relevant information about family members, partners, or others, where you share it as part of your support.
· Information about your health, and certain other categories such as information that reveals your racial or ethnic origin, sexual orientation, or religious beliefs, is treated as "special category data" under the law. It is given extra protection, and we explain below the specific legal grounds we rely on to handle it.
Information about children and young people
Some of the people we support are under 18, including teenagers and, in the case of assessments carried out with our diagnostic partner, children. Where we work with a child or young person, we will normally collect information from, and with the involvement of, a parent or person with parental responsibility, and we take particular care with how that information is handled. We do not knowingly engage with anyone under the age of 16 years on our website and we will delete this information as soon as we become aware of it.
Payment information
If you pay for a service online, your payment is processed securely by our payment providers (currently Stripe and/or PayPal). We do not see or store your full card number or security details. We keep a record of the transaction (such as the amount, the date, and what it was for) so that we can manage our accounts and meet our legal obligations.
Information we collect automatically
When you use our website, some information is collected automatically, such as your IP address, the type of device and browser you use, and how you move around the site. This is collected through cookies and similar technologies, and through our website platform and analytics tools. The "Cookies" section below explains this in more detail.
How we collect your data:
· We collect data when you:
· Fill in a form on our website (contact form, application form, newsletter sign-in)
· Download a free guide or resource
· Purchase a course, program or service
· Book a consultation or session
· Email or otherwise contact us directly
· Visit our website (cookies and standard logs)
How we use your information, and our legal grounds for doing so
The law requires us to have a valid "lawful basis" for everything we do with your information. Where we handle special category data, such as health information, we must also meet an additional condition. Here is how this works in practice.
To provide our services to you
We use your information to deliver the support you have asked for: arranging and holding sessions, running our university group, carrying out assessments, and delivering training. Our lawful basis is that this is necessary to perform our contract with you, and in some cases our legitimate interest in running our practice. Where this involves your health information, the additional condition we rely on is that the processing is necessary for the provision of health and social care and treatment by, or under the responsibility of, a registered health professional (Article 9(2)(h) of the UK GDPR, together with the corresponding condition in Schedule 1 of the Data Protection Act 2018).
To keep proper clinical and professional records
As a registered professional, we are expected to keep accurate records of the support we provide. We rely on our legal obligations, our legitimate interests in maintaining safe and accountable practice, and, for health information, the health and social care condition described above.
To manage bookings, payments, and our accounts
We use your information to take bookings, process payments, send confirmations and reminders, and keep our financial records. Our lawful basis is the performance of our contract with you and compliance with our legal obligations, such as tax and accounting law.
To respond to your enquiries
If you contact us, we use your details to reply and to help you. Our lawful basis is our legitimate interest in responding to people who get in touch.
To keep people safe (safeguarding)
In rare situations, we may need to share information to protect someone from serious harm. Our confidentiality and its limits are explained in the section below. Where this happens, we rely on grounds including the protection of someone's vital interests, our legitimate interests, and our legal and professional duties.
To send you marketing, where you have agreed
If you have signed up for our newsletter or downloaded a free resource, we may send you helpful content and information about our services. We do this on the basis of your consent, and you can withdraw it at any time (see "Marketing communications" below).
To run and improve our website
We use information collected through our website to keep it working properly, keep it secure, and understand how it is used. For non-essential cookies and analytics, we rely on your consent; otherwise we rely on our legitimate interests.
We do not make decisions about you that have legal or similarly significant effects using automated processing alone. Decisions about your care and support always involve our professional judgement.
Confidentiality and its limits
What you share with us is treated as confidential, and we will not share your information with others without your knowledge and, where appropriate, your agreement. There are limited exceptions, which are part of our professional and legal responsibilities. We may need to share information without your consent if we believe there is a serious risk of harm to you or to another person, if a child or vulnerable adult may be at risk, or if we are required to do so by law (for example, by a court order). Wherever we can, we will discuss this with you first.
Who we share your information with
We do not sell your information, and we never rent or trade it for marketing. We share it only where it is necessary, and with appropriate protections in place.
Our diagnostic assessment partners. Where you take part in an autism assessment, we work alongside other specialist clinicians. We will share the information needed to carry out the assessment, and they will have their own responsibilities for the information they hold.
Trusted service providers ("processors"). We use carefully chosen suppliers to help us run our practice. These currently include our website and email platform (Podia), application forms for our programs and contacting our service (Tally), our online booking system (Acuity Scheduling), our video platform for online sessions (Zoom), email and document software (Microsoft and drop box), and our payment providers (Stripe and PayPal). These providers act on our instructions and are bound by contracts that require them to keep your information secure and to use it only for the purposes we have agreed.
Professional and legal advisers. In limited circumstances we may share information with, for example, our insurers, accountant, or legal advisers, where this is necessary and appropriate.
Where the law requires it, or to protect someone. As described under "Confidentiality and its limits" above.
If the suppliers we use change, we will update this policy. Please check it for the current list.
Where your information is stored and international transfers
Your information is stored on secure systems. Some of our service providers, including those listed above, are based outside the UK, often in the United States, or store information on servers outside the UK. This means your information may be transferred internationally.
Whenever we transfer personal information outside the UK, we make sure it is protected to a standard comparable with UK law. We do this by relying on one or more of the following safeguards: transfers to a country the UK government has decided provides adequate protection; an International Data Transfer Agreement (IDTA) or the UK Addendum to the European Standard Contractual Clauses; or, for transfers to the United States, a provider's certification under the UK Extension to the EU–US Data Privacy Framework.
How long we keep your information
We keep your information only for as long as we need it.
Clinical records (notes and assessment reports). Because keeping these records is part of safe and accountable professional practice, we follow national guidance for health records, principally the NHS Records Management Code of Practice. In general, we keep adult client records for a minimum of eight years after your last contact with us. For children and young people, we keep records until the young person's 25th birthday, or their 26th birthday if they were 17 at the time of last contact. This is why records relating to assessments of young children may be held for a number of years.
Enquiry and contact information. If you contact us but do not go on to work with us, we keep your details for up to two years and then delete them.
Marketing information. We keep your details for as long as you remain subscribed. If you unsubscribe, we remove you from our marketing lists, though we may keep a minimal record of your request not to be contacted.
Financial records. We keep records of transactions for as long as required by tax and accounting law (generally at least six years).
When we no longer need your information, we delete it securely, or, for paper records, dispose of it by secure shredding.
How we keep your information safe
We take the security of your information seriously and use a combination of technical and organisational measures to protect it. These include controlling who has access to your information, using secure and password-protected systems, encrypting information where appropriate, and keeping any paper records in a secure location. While no method of storing or transmitting information can ever be guaranteed to be completely secure, we keep our measures under review and act quickly if we become aware of a problem.
If something does go wrong and there is a personal data breach that is likely to put your rights at risk, we will report it to the ICO, and tell you, where the law requires us to.
Your rights
You have a number of rights over your personal information. These include:
· The right to be informed about how we use your information, which is the purpose of this policy.
· The right of access to the information we hold about you (often called a "subject access request"). This can include your clinical notes. Where your records contain information about another person, we may need to remove or hold back that part, and there are limited situations where we may not be able to release information if doing so could cause serious harm.
· The right to rectification if any of your information is incorrect or incomplete.
· The right to erasure of your information in certain circumstances. This right is limited where we are required to keep records for professional, legal, or safety reasons.
· The right to restrict or object to how we use your information in certain circumstances.
· The right to data portability, allowing you to obtain and reuse certain information you have provided to us.
· The right to withdraw consent at any time, where we are relying on your consent.
To exercise any of these rights, please contact us using the details below. We will not charge you in most cases, and we will respond within the time limits set by law (usually one month). We may need to confirm your identity first.
If you have a concern about how we have handled your information, we would like the chance to put it right, so please contact us first. You also have the right to complain to the ICO at any time:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
Children and young people
We recognise that children and young people deserve particular care and protection, and we take this into account in how we design our services and handle information. Where we work with someone under 18, we will do so with the involvement of a parent or person with parental responsibility, and we will collect and use only the information we need. Where a young person is old enough to understand and make decisions about their own information, we will respect their wishes as far as is appropriate. If you are a parent or guardian and have any questions about how we handle your child's information, please get in touch.
Cookies
Cookies are small files that a website places on your device. Some are necessary to make the site work, and others help us understand how the site is being used or remember your preferences.
We use:
Essential cookies, which are needed for the website and your account to work properly, including those set by our website platform.
Analytics and performance cookies, which help us understand how visitors use the site so we can improve it.
Specifically, we use podia session and podia storefront visitor id.
We will not set non-essential cookies without your consent. You can manage your cookie preferences through the cookie settings on our website, and you can also control cookies through your browser settings. If you block some cookies, parts of the site may not work as well.
Marketing communications
We will only send you marketing emails if you have asked us to, for example by subscribing to our newsletter or downloading one of our free resources. Every marketing email includes a simple way to unsubscribe, and you can opt out at any time by clicking that link or by emailing us. Choosing not to receive marketing will never affect the support or service you receive from us.
Links to other websites
Our website may contain links to other websites, such as our booking system or other sites with recommended products. We are not responsible for the privacy practices or content of websites we do not control. We encourage you to read the privacy policy of any website you visit.
Changes to this policy
We may update this policy from time to time, for example if our services change or to reflect changes in the law. When we do, we will update the date at the top of this page. We encourage you to review it occasionally so that you stay informed about how we look after your information.
How to contact us
If you have any questions, requests, or concerns about this policy or about your information, please contact:
Linda Philips, Autism Routemap Email: linda.philips@autismroutemap.com Post: c/o Havard & Associates, Suite 1, Concept House, 23 Billet Lane, Hornchurch, RM11 1XP