Why we collect data on you
If you are a client, we collect information about you to provide you with psychological assessment and treatment and because it supports the provision of a safe and professional service. It is therefore in our legitimate interests as Registered Psychologists and CBT Therapists to collect your personal data. We also collect sensitive ‘special category’ data (such as details about psychological difficulty). The lawful reason for doing so is that it is necessary for the provision of safe and professional (mental) health treatment (psychological therapy). You do not have to agree to share information with us, however, in many cases we may not be able to offer you a service if you do not.
If you are a therapist renting rooms in the Practice, we collect information about you to ensure your professional qualifications, insurance and registrations are appropriate to fulfil your rental contract in the Practice. We also collect some accounting information to keep track of rental/referral payments to fulfil the agreed contract. The lawful reason for doing so is contractual necessity. We collect personal contact information in case of emergencies to ensure safe practice and in order to share your basic contact details with patients where you have agreed under the lawful basis of legitimate interest.
Collection and Use of Personal Data
You may be asked to share personal information any time you are in contact with Surrey Therapy Practice. The information we collect about you will be used to offer you the best possible service and to comply with legal requirements. It will only be shared with people contracted to work for Surrey Therapy Practice where this is necessary to provide best quality services. All individuals contracted to work with Surrey Therapy Practice carefully follow GDPR guidance and regulations. Any personal data will not be shared with 3rd parties outside of our practice unless there is a legal requirement to do so or it is in your best interest and this will be discussed with you wherever possible in advance.
What Personal Data We Collect
When you get in touch, you may be asked for some basic personal information such as your name, email address and telephone number as well as some more sensitive information about the difficulties you are seeking support for. If you agree to be placed on our waiting list, this information will be stored.
If you are being referred by a third party such as your GP, Psychiatrist or your medical insurer, they might provide us with information like this on your behalf.
When you start to receive a therapeutic service from us the information you share during sessions will be recorded in session notes.
All of this information will be kept together in your personal records.
If you are a therapist renting rooms in the Practice, you will be asked for some basic contact information as well and the reason you are interested in renting rooms from us. When you enter a rental agreement, we will ask to see references, proof of qualifications, professional registrations and insurance details. We also keep information on invoices/payments made, booking arrangements in the clinic, a copy of the contract you sign with us as well as contact information in case of emergencies to reach you or next of kin and to share with clients where agreed.
What Cookies we collect and what they are used for
We collect some cookies on our website. Some of them are necessary to make the website usable by enabling basic functions like page navigation. The website cannot function properly without these cookies. Some of them are statistical and help us to understand how visitors interact with our website by collecting and reporting information anonymously. Some of them we are still trying to classify with their providers. If you prefer, you can choose to opt out of most of these when you visit our website.
How We Store your Personal Information
All your personal information is stored in a variety of paper and digital files. Your telephone number may also be stored on SMS if you have communicated using this method. A number of administrative and technical measures are kept in place to ensure the safety and security of your personal information. For example:
Locked filing cabinets with keys stored offsite when not in use
Encrypted Cloud Storage
GDPR compliant digital record management systems and accounting systems (Healthcode, Write-Upp and Xero)
Regularly deleting emails
All smartphones and computers used are password protected
Protection of your Personal Information
Surrey Therapy Practice takes the security of your personal information very seriously.
No one apart from your treating therapist or practice managers/practice administrators (as relevant) has access to your personal information at any time.
When information about you is sent to a third party it is sent in a password protected document or via encrypted email.
Any information stored digitally is stored in an encrypted format.
How We Use your Personal Information
We use the information you provide us to:
Respond to your enquiries
Manage a waiting list
Communicate with you about appointments
Offer you high quality therapeutic interventions and treatment packages
Comply with the law
Keep track of room rental arrangements
Keep accurate payment / accounting records
Provide health and safety updates
Disclosure to Third Parties
Surrey Therapy Practice will only disclose your personal information to 3rd parties outside of the organisation when:
There is a legal requirement to do so
You have given consent for the information to be shared, for example, reports or treatment summaries to other health care professionals involved in your care or to medical health insurance companies
There are concerns about someone's safety or wellbeing
When we are required as part of our professional practice to have supervision for the assessment and treatment we provide to maintain standards. We discuss our work with qualified supervisors (registered psychologists or CBT Therapists equally bound to keep information confidential).
We need to arrange for the funding and/or payment of services received, for example, with medical health insurance companies or secure health code invoicing system.
You have agreed for us to pass your details to a client as you have accepted a referral as the treating therapist.
Accuracy and Retention of Personal Information
Surrey Therapy Practice makes every effort to keep your personal information accurate, complete, and up to date. If any of your information changes please let us know so that we can update our records.
We are legally required to hold certain information (i.e. treatment related clinical records or accountancy related records) about you for a set period of time. Electronic and paper documents are kept securely for 7 years after treatment ends or for 7 years from the date you turn 18 if you were seen as a child or 7 years after financial transactions. This is in line with professional and HMRC guidelines.
For therapists renting a room, all additional information will be destroyed or deleted at the termination of the rental contract. All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required or permitted by law.
Access to Personal Information
You are entitled to access the information stored about you at any time. If you would like access please make the request in writing to the address given below and Surrey Therapy Practice will endeavour to respond within 30 days.
You may also have the right to:
To be informed of what information we collect and hold about you and how it is processed
To rectify any inaccurate or incomplete personal information
To restrict the processing of your personal data under certain circumstances
To object to the processing we carry out if the processing is carried out on a legal basis other than that outlined in this policy
To request your personal information be erased under certain circumstances or when our
processing no longer has a lawful basis (we would discuss whether this right can over-ride the requirement to retain data).
If you believe you have any of these additional rights or you wish to exercise them, please let us know.
What Happens if there is a Breach of Data Security
Should there be any breaches with regard to your personal data this will be reported to the ICO within 72 hours together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The individuals affected will also be informed if this occurs.
Children and Young People's Personal Information
Surrey Therapy Practice understands the importance of taking extra care to protect the privacy and safety of children and young people.
The information we may collect about children and young people includes things like:
Basic Information: Name, Address, Date of Birth, School
Characteristics: Sexuality, Gender Identity
Sensitive Information: Emotional and Behavioural Difficulties, Academic Ability.
We use the information to provide high quality therapeutic interventions. Although there is no obligation for children and young people to share this information with us, in many cases this will prevent Surrey Therapy Practice from being able to offer them the best possible service.
We store this information in the same way as we store other information detailed in this Privacy Notice.
We only share this information with 3rd parties when we are required to by law (for example to protect the welfare of a child, young person or vulnerable adult) or when it is in the best interest of the child or young person. However, we always discuss this with children, young people and their parents/carers beforehand and where possible obtain consent.
Questions about Privacy and Details of Data Controller
If you have any questions or concerns about this Privacy Notice or how we process your information or if you would like to make a complaint about a possible data breach please contact:
Dr Louise Oliver, Surrey Therapy Practice, Castle House, Park Road, Banstead, SM7 3BT
Dr Emilie Cassell, Surrey Therapy Practice, Castle House, Park Road, Banstead, SM7 3BT
Please include the subject "DATA ISSUE" in the subject line.
We take data security extremely seriously and all such communications are examined and replies issued where appropriate as soon as possible. If you are unsatisfied with the reply you receive, you may refer your complaint to the Information Commissioner’s Office (ico.org.uk).
We may occasionally make changes to this statement and when we do we will post the update on the Surrey Therapy Practice website.