top of page

Privacy Policy

Effective Date: 30th March 2025

1. Introduction This Privacy Policy explains how Dr Karen Surridge ("we," "us," "our") collects, uses, and protects personal data when providing psychological services in private practice in Gibraltar. We are committed to maintaining confidentiality and complying with applicable data protection laws, including the Gibraltar General Data Protection Regulation (Gibraltar GDPR).

2. Data Controller Dr Karen Surridge is the data controller responsible for the processing of personal data.

3. What Personal Data We Collect We may collect and process the following types of personal data:

  • Personal identification data: Name, date of birth, address, contact details.

  • Health-related data: Psychological history, medical history, therapy notes, assessment results.

  • Billing information: Payment details, invoices, insurance information.

  • Communication data: Emails, text messages, or other correspondence.

  • Website usage data: IP address, cookies, browsing behaviour.

 

4. How We Collect Data We collect personal data through:

  • Initial consultations and intake forms.

  • Direct communication via email, phone, or in-person sessions.

  • Referrals from medical or legal professionals (with your consent).

  • Third-party service providers (e.g., payment processors).

  • Website interactions, including contact forms and cookies.

 

5. Purpose of Data Processing We use personal data to:

  • Provide psychological assessment and therapy services.

  • Maintain accurate clinical records.

  • Schedule appointments and manage billing.

  • Comply with legal and regulatory obligations.

  • Improve our services and client experience.

  • Analyse website traffic and improve website functionality.

 

6. Legal Basis for Processing We process personal data based on:

  • Consent: When you agree to receive psychological services.

  • Contractual necessity: To fulfil the terms of therapy agreements.

  • Legal obligations: Compliance with professional and legal requirements.

  • Legitimate interest: To improve services and ensure security.

 

7. Confidentiality and Data Sharing We maintain strict confidentiality in accordance with professional ethical guidelines. We may share data only when:

  • Required by law (e.g., safeguarding concerns, legal proceedings).

  • You provide explicit consent to share information.

  • Collaborating with other healthcare professionals for your treatment (with your permission).

  • Engaging third-party service providers for website hosting and analytics (limited to necessary data processing).

 

8. Data Security We implement appropriate security measures to protect personal data from unauthorized access, loss, or misuse. This includes encrypted digital records and secure storage of physical documents.

 

9. Data Retention Personal data will be retained for as long as necessary to fulfil legal and professional obligations. Specifically, client records will be kept for 20 years after the last contact or 10 years after the patient's death, whichever is longer, after which they will be securely disposed of. Website-related data (such as cookies) will be retained for as long as necessary to analyse trends and improve user experience, typically no longer than [insert duration, e.g., 12 months].

 

10. Website Cookies and Tracking Our website may use cookies and similar tracking technologies to enhance user experience. These may include:

  • Essential cookies: Necessary for website functionality.

  • Analytical cookies: Used to track visitor behaviour and improve website performance.

  • Third-party cookies: From external services such as Google Analytics.

Users can manage cookie preferences through their browser settings or opt out where applicable.

 

11. Your Rights You have the following rights regarding your personal data:

  • The right to access your data.

  • The right to request correction or deletion.

  • The right to withdraw consent at any time.

  • The right to object to processing.

  • The right to lodge a complaint with the Gibraltar Regulatory Authority.

12. Links to Third-Party Websites
Our website may contain links to third-party websites for your convenience and information. Please note that we do not have control over the content, policies, or security of these external websites. We encourage users to review the privacy policies of any third-party sites they visit before providing any personal information. We are not responsible for the privacy practices or content of such websites.

13. Enquiry Forms and Third-Party Clinics
If you submit an enquiry through our website, the information you provide on some forms may be sent to the 'Specialist Medical Clinic' (Gibraltar) for the purpose of scheduling appointments or responding to your request. This information is submitted by email and only when necessary to facilitate your care. Where this will be the case, it will explicitly be stated on the Enquiry form. We recommend reviewing the privacy policy of the Specialist Medical Clinic to understand how they process your data. If you do not wish for your information to be sent directly to the Specialist Medical Clinic, please contact us directly via info@drsurridge.gi

14. Contact Information For any questions regarding this Privacy Policy or to exercise your rights, please contact:

Dr Karen Surridge

info@drsurridge.gi
 

15. Changes to This Policy We may update this Privacy Policy from time to time. The latest version will always be available on our website or upon request.

bottom of page