top of page

Privacy Policy

Effective Date: 30th March 2025

Updated: 30th August 2025

1. Introduction This Privacy Policy explains how Dr Karen Surridge ("we," "us," "our") collects, uses, and protects personal data when providing psychological services in private practice in Gibraltar. We are committed to maintaining confidentiality and complying with applicable data protection laws, including the Gibraltar General Data Protection Regulation (Gibraltar GDPR).

2. Data Controller Dr Karen Surridge is the data controller responsible for the processing of personal data.

3. What Personal Data We Collect We may collect and process the following types of personal data:

  • Personal identification data: Name, date of birth, address, contact details.

  • Health-related data: Psychological history, medical history, therapy notes, assessment results.

  • Billing information: Payment details, invoices, insurance information.

  • Communication data: Emails, text messages, or other correspondence.

  • Website usage data: IP address, cookies, browsing behaviour.

 

4. How We Collect Data We collect personal data through:

  • Initial consultations and intake forms.

  • Direct communication via email, phone, or in-person sessions.

  • Referrals from medical or legal professionals (with your consent).

  • Third-party service providers (e.g., payment processors).

  • Website interactions, including contact forms and cookies.

 

5. Purpose of Data Processing We use personal data to:

  • Provide psychological assessment and therapy services.

  • Maintain accurate clinical records.

  • Anonymised research.

  • Notification of Events and Workshops.

  • Schedule appointments and manage billing.

  • Comply with legal and regulatory obligations.

  • Improve our services and client experience.

  • Analyse website traffic and improve website functionality.

 

6. Legal Basis for Processing We process personal data based on:

  • Consent: When you agree to receive psychological services.

  • Contractual necessity: To fulfil the terms of therapy agreements.

  • Legal obligations: Compliance with professional and legal requirements.

  • Legitimate interest: To improve services and ensure security.

 

7. Confidentiality and Data Sharing We maintain strict confidentiality in accordance with professional ethical guidelines. We may share data only when:

  • Required by law (e.g., safeguarding concerns, legal proceedings).

  • You provide explicit consent to share information.

  • Collaborating with other healthcare professionals for your treatment (with your permission).

  • Engaging third-party service providers for website hosting and analytics (limited to necessary data processing).

 

8. Data Security We implement appropriate security measures to protect personal data from unauthorized access, loss, or misuse. This includes encrypted digital records and secure storage of physical documents.

 

9. Data Retention Personal data will be retained for as long as necessary to fulfil legal and professional obligations. Specifically, client records will be kept for 10 years after the last contact or 10 years after the patient's death, whichever is longer, after which they will be securely disposed of. Records for children will be kept until the child's 25th birthday, unless last contact was at age 17, in which case records will be kept until their 26th birthday. Website-related data (such as cookies) will be retained for as long as necessary to analyse trends and improve user experience, typically no longer than 12 months.

 

10. Website Cookies and Tracking Our website may use cookies and similar tracking technologies to enhance user experience. These may include:

  • Essential cookies: Necessary for website functionality.

  • Analytical cookies: Used to track visitor behaviour and improve website performance.

  • Third-party cookies: From external services such as Google Analytics.

Users can manage cookie preferences through their browser settings or opt out where applicable.

 

11. Your Rights You have the following rights regarding your personal data:

  • Access your personal data - request a copy of the data we hold about you.

  • Request correction or erasure of your data - ask us to correct inaccurate data or delete it in certain circumstances.

  • Restrict processing - request that we limit how we use your data in specific situations.

  • Data portability - receive your data in a structured, commonly used, and machine-readable format.

  • Withdraw consent - if processing is based on your consent, you can withdraw it at any time.

  • Object to processing - challenge the use of your data in certain circumstances, including for direct marketing or legitimate interests.

  • Lodge a complaint with the Gibraltar Regulatory Authority (GRA)
    Email: info@gra.gi
    Address: 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar

12. Links to Third-Party Websites
Our website may contain links to third-party websites for your convenience and information. Please note that we do not have control over the content, policies, or security of these external websites. We encourage users to review the privacy policies of any third-party sites they visit before providing any personal information. We are not responsible for the privacy practices or content of such websites.

13. Enquiry Forms and Third-Party Clinics
If you submit an enquiry through our website, the information you provide on some forms may be sent to the 'Specialist Medical Clinic' (Gibraltar) for the purpose of scheduling appointments or responding to your request. This information is submitted by email and only when necessary to facilitate your care. Where this will be the case, it will explicitly be stated on the Enquiry form. We recommend reviewing the privacy policy of the Specialist Medical Clinic to understand how they process your data. If you do not wish for your information to be sent directly to the Specialist Medical Clinic, please contact us directly via info@drsurridge.gi

14. Contact Information For any questions regarding this Privacy Policy or to exercise your rights, please contact:

Dr Karen Surridge

info@drsurridge.gi
 

15. Changes to This Policy We may update this Privacy Policy from time to time. The latest version will always be available on our website or upon request.

bottom of page