top of page

Privacy Policy

This privacy policy provides details of how we collect and process your personal data in the Surrey Therapy Practice and took effect from the 25th of May 2018 according to GDPR guidelines. We take data protection and confidentiality very seriously in our Practice and hope this policy covers any questions you may have.  However, please see our contact information below if you have any further concerns or queries. 

  • Why we collect data on you

If you are a client, we collect information about you to provide you with psychological assessment and treatment and because it supports the provision of a safe and professional service. It is therefore in our legitimate interests as Registered Psychologists, Psychotherapists and CBT Therapists to collect your personal data. We also collect sensitive ‘special category’ data (such as details about psychological difficulty). The lawful reason for doing so is that it is necessary for the provision of safe and professional (mental) health treatment (psychological therapy). You do not have to agree to share information with us, however, in many cases we may not be able to offer you a service if you do not.   

If you are a therapist renting rooms in the Practice, we collect information about you to ensure your professional qualifications, insurance and registrations are appropriate to fulfil your rental contract in the Practice.  We also collect some accounting information to keep track of rental/referral payments to fulfil the agreed contract.  The lawful reason for doing so is contractual necessity.   We collect personal contact information in case of emergencies to ensure safe practice and in order to share your basic contact details with patients where you have agreed under the lawful basis of legitimate interest.

  • Collection and Use of Personal Data 

You may be asked to share personal information any time you are in contact with Surrey Therapy Practice.  The information we collect about you will be used to offer you the best possible service and to comply with legal requirements. It will not be shared with 3rd parties unless there is a legal requirement to do so or it is in your best interest but this will always be discussed and agreed with you in advance.   

  • What Personal Data We Collect 

When you get in touch, you may be asked for some basic personal information such as your name, email address and telephone number as well as some more sensitive information about the difficulties you are seeking support for.  

If you are being referred by a third party such as your GP, Psychiatrist or your medical insurer, they might provide us with information like this on your behalf. When you start to receive a therapeutic service from us the information you share during sessions will be recorded in session notes. All of this information will be kept together in your personal records. 

If you are a therapist renting rooms in the Practice, you will be asked for some basic contact information as well and the reason you are interested in renting rooms from us.  When you enter a rental agreement, we will ask to see references, proof of qualifications, professional registrations and insurance details.  We also keep information on invoices/payments made, booking arrangements in the clinic, a copy of the contract you sign with us as well as contact information in case of emergencies to reach you or next of kin and to share with clients where agreed. 


  • What Cookies we collect and what they are used for 

We collect some cookies on our website. Some of them are necessary to make the website usable by enabling basic functions like page navigation. The website cannot function properly without these cookies. Some of them are statistical and help us to understand how visitors interact with our website by collecting and reporting information anonymously. Some of them we are still trying to classify with their providers. If you prefer, you can choose to opt out of most of these when you visit our website. 


  • How We Store your Personal Information 

All your personal information is stored in a variety of paper and digital files. Your telephone number may also be stored on SMS if you have communicated using this method. A number of administrative and technical measures are kept in place to ensure the safety and security of your personal information. For example: 

  • Locked filing cabinets with keys stored offsite when not in use 

  • Encrypted Cloud Storage 

  • Encrypted and secure third-party practice management and invoicing systems (Healthcode, Writeupp)  

  • Regularly deleting emails 

  • All smartphones and computers used are password protected 

  • Use of 2 factor authentication wherever possible for added security



  • Protection of your Personal Information 

Surrey Therapy Practice takes the security of your personal information very seriously. 

No one apart from your treating therapist or practice managers and administrators (as relevant) has access to your personal information at any time.  

When information about you is sent to a third party it is sent in a password protected document or via encrypted email. 

Any information stored digitally is stored in an encrypted format. 



  • How We Use your Personal Information 

We use the information you provide us to: 

  • Respond to your enquiries 

  • Communicate with you about appointments 

  • Offer you high quality therapeutic interventions and treatment packages 

  • Comply with the law 

  • To keep track of room rental arrangements 

  • To create invoices 

  • To chase payments 

  • To keep accurate payment / accounting records 


  • Disclosure to Third Parties 

Surrey Therapy Practice will only disclose your personal information to 3rd parties when: 

  • There is a legal requirement to do so  

  • You have given consent for the information to be shared, for example, reports or treatment summaries to other health care professionals involved in your care or to medical health insurance companies 

  • There are concerns about someone's safety or wellbeing 

  • When we are required as part of our professional practice to have supervision for the assessment and treatment we provide to maintain standards. We discuss our work with qualified supervisors (registered psychologists or CBT Therapists equally bound to keep information confidential).  

  • We need to arrange for the funding and/or payment of services received, for example, with medical health insurance companies, the secure Health Code invoicing system or Money Claim Online Government Service.  

  • You have agreed for us to pass your details to a client as you have accepted a referral as the treating therapist. 

  • Clinical Wills

Your Therapist may operate a “Clinical Will”, which would be enacted if your Therapist is suddenly significantly incapacitated during your treatment. This is to ensure that a confidential and trusted professional from within the practice can become executor over your therapist's case files if they are unable to continue your treatment. In this scenario, you would be contacted by someone from the practice to discuss future options for your treatment. This is an exceptional occurrence, and would hopefully never happen, but if enacted it will help ensure the highest level of client care whilst ensuring maximum confidentiality.


  • Accuracy and Retention of Personal Information 

Surrey Therapy Practice makes every effort to keep your personal information accurate, complete, and up to date. If any of your information changes please let us know so that we can update our records. 

We are legally required to hold certain information (i.e. treatment related clinical records or accountancy related records) about you for a set period of time. Electronic and paper documents are kept securely for 7 years after treatment ends or for 7 years from the date you turn 18 if you were seen as a child or 7 years after financial transactions. This is in line with professional and HMRC guidelines. For therapists renting a room, all additional information will be destroyed or deleted at the termination of the rental contract. All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required or permitted by law.  


  •  Access to Personal Information 

You are entitled to access the information stored about you at any time. If you would like access please make the request in writing to the address given below and Surrey Therapy Practice will endeavour to respond within 30 days.  


  •  Additional Rights 

You may also have the right to: 

To be informed of what information I collect and hold about you and how it is processed 

To rectify any inaccurate or incomplete personal information 

To restrict the processing of your personal data under certain circumstances 

To object to the processing we carry out if the processing is carried out on a legal basis other than that outlined in this policy  

To request your personal information be erased under certain circumstances or when our 

processing no longer has a lawful basis (we would discuss whether this right can over-ride the requirement to retain data).  

If you believe you have any of these additional rights or you wish to exercise them, please let us know. 


  •  What happens if there is a breach of data security 

Should there be any breaches with regard to your personal data this will be reported to the ICO within 72 hours together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The individuals affected will also be informed if this occurs.  


  •  Children and Young People's Personal Information 

Surrey Therapy Practice understands the importance of taking extra care to protect the privacy and safety of children and young people.  

The information we may collect about children and young people includes things like: 

Basic Information: Name, Address, Date of Birth, School 

Characteristics: Sexuality, Gender Identity 

Sensitive Information: Emotional and Behavioural Difficulties, Academic Ability. 

We use the information to provide high quality therapeutic interventions. Although there is no obligation for children and young people to share this information with us, in many cases this will prevent Surrey Therapy Practice from being able to offer them the best possible service.  

We store this information in the same way as we store other information detailed in this Privacy Notice.  

We only share this information with 3rd parties when we are required to by law (for example to protect the welfare of a child, young person or vulnerable adult) or when it is in the best interest of the child or young person. However, we always discuss this with children, young people and their parents/carers beforehand and where possible obtain consent.  


  •  Questions about Privacy and Details of Data Controller 

If you have any questions or concerns about this Privacy Notice or how we process your information or if you would like to make a complaint about a possible data breach, please contact: 

Postal Address: 

Dr Louise Oliver, Surrey Therapy Practice, Castle House, Park Road, Banstead, SM7 3BT 

Dr Emilie Cassell, Surrey Therapy Practice, Castle House, Park Road, Banstead, SM7 3BT 

Email addresses:

Please include the subject "DATA ISSUE" in the subject line. 

We take data security extremely seriously and all such communications are examined, and replies issued where appropriate as soon as possible. If you are unsatisfied with the reply you receive, you may refer your complaint to the Information Commissioner’s Office ( 


We may occasionally make changes to this statement and when we do, we will post the update on the Surrey Therapy Practice website. 

Cookies Report

bottom of page