top of page

Privacy Policy

Clinical Psychology Direct

This privacy policy covers Clinical Psychology Direct and explains how we use personal data we collect from you when you use our website and/or make an enquiry regarding services on offer.  Please be assured we only collect the personal data we need in order to provide and oversee our service to you, and do not use it for marketing purposes without your prior consent.


Topics Covered:

  1. What data do we collect?

  2. How do we collect your data?

  3. How will we use your data?

  4. How do we store your data and keep it protected?

  5. How long are records kept?

  6. Use of data for marketing purposes

  7. What are your data protection rights?

  8. How is data collected through cookies

  9. Privacy policies of therapists/practitioners affiliated with us

  10. How to contact us to update or request your data to be removed

  11. How to contact us to request access to personal data or clinical records we hold

  12. How to contact relevant authorities if you have concerns


  1. What data do we collect?

    Clinical Psychology Direct collects the following data:


  • Personal identification information (name, email address, phone number) which i) is sometimes supplied in your initial email to the service; ii) may be obtained by way of a contact/enquiry form you choose to fill out when making an initial enquiry; and iii) may be invited from you when we respond to your initial enquiry.

  • If you are a minor (under the age of 18yrs) or for some reason lack decision making capacity (e.g. due to a learning disability), we will also collect data for your parent or legal guardian (name, email address, phone number etc.).  


Data collected by your therapist or practitioner:

  • If you choose to book assessment or treatment sessions with us, we will also ask for your postal address, date of birth and the contact details for your GP. These are necessary aspects of the clinical record we hold for you.  We may additionally ask for details of your next of kin.

  • Your therapist may ask questions about your history and personal context (e.g. education, health, family background, employment etc.), which would be part of the clinical record he/she holds for you.


2. How do we collect your data?

Data is collected in a number of ways;


  • from you personally, when you contact the service (or in the case of a minor, when a parent or legal guardian contacts us) either by telephone or email

  • if you fill out a contact form or chat request on the service’s website or social media pages

  • if your contact details are passed to us by a third party who is referring you for services (e.g. a health insurance company, GP, private consultant/ therapist, employee assistance programme, legal representative etc). 

  • if you attend group sessions, workshops or open days run by Clinical Psychology Direct, and choose to volunteer your contact information

  • if you use or view our website and your web browser allows use of cookies.


3. How will we use your data?


We never share your data with third parties and will never sell your data to others. Our service collects your data so that we can;

  • Process a referral request (e.g. so that we ensure we contact you as requested and discuss your needs)

  • Keep in contact with you regarding any service provision we may offer (e.g. appointments, waiting lists etc.) 

  • Update your GP, referrer or health insurance provider regards progress or additional needs, where relevant and appropriate.

  • Share your data with a named therapist or practitioner when they have been identified as the person best placed to assist you, and where you have given consent for the data to be shared

  • Email you or send a newsletter with information we feel may benefit you (but only if you have opted into this process, and with the option to unsubscribe).

  • Pursue unpaid invoices, using a debt collection agent in the unlikely event that services rendered have not been paid for.  


4. How do we store your data and keep it protected?

Centrally held data is stored in a spreadsheet document.  Therapists/practitioners affiliated with Clinical Psychology Direct may also hold data in their respective client folders.  Where there are physical files, these must always be kept in a secure filing cabinet.  Some therapists/practitioners lock away files at Clinical Psychology Direct premises, where security measures are in place (e.g. lockable filing cabinet, building intrusion alarm, controlled access to the building when open and CCTV).   


Where data is kept electronically by Clinical Psychology Direct, it is held within subscribed cloud services which afford encryption of data both in transit and at rest. The cloud services used are consistent with industry-specific security, privacy, and compliance requirements, being HITRUST-CSF-certified, and meeting both HIPAA (Health Insurance Portability and Accountability Act of 1996) and ISO/IEC 27000-series standards, among many others, designed to protect from intrusion, theft, and cyber attack.  


All computers used to access documents stored in the cloud have up to date malware and antivirus protection.  Clinical Psychology Direct emails afford encryption of data emails in transit, using TLS (Transport Layer Security). Unfortunately, this does not necessarily keep email encrypted after it arrives at its destination server.  Any client who is not satisfied with these security arrangements, would need to request communication by phone or postal mail, which Clinical Psychology Direct can arrange.


5. How long are records kept?


The Data Protection Act 1998, The Access to Health Records Act 1990 and The Medical Reports Act 1998 outline the need for Hospital records to be retained for a minimum of eight years, whilst GP records are retained for a minimum of 10 years. Clinical Psychology Direct keeps all clinically relevant client records for an 8yr period, after which they are destroyed using confidential waste services. The only exception is for minors, whose data needs to be kept for a minimum of 3years after the date they turn 18 years of age, at which point it is destroyed using confidential waste services.  This arrangement allows us to comply with Professional Body Guidance, UK Tax Law and Indemnity Insurance Policies.  


Personal contact details may be retained with Clinical Psychology Direct, as per the arrangements described in this privacy document, if you have opted to receive a newsletter or email updates of services, until such time that you unsubscribe from these arrangements.


6. Use of data for marketing purposes

As indicated, any information Clinical Psychology Direct uses for marketing our services to you is taken with consent, and thereafter kept with us until you notify us that you no longer wish to receive this information. We never share your data for marketing purposes with other organisations.

7. What are your data protection rights?

Clinical Psychology Direct manages all personal data in accordance with GDPR guidelines, which provide a range of rights for individuals.  These rights include;

  • the right to be informed about the collection and use of your personal data (e.g. the purposes for processing personal data, retention periods for that personal data, and who it will be shared with. This is all termed ‘privacy information’)

  • the right to access privacy information that is concise, transparent, intelligible, easily accessible, and offered in a clear and plain language

  • the right to be informed as to the lawful basis and legitimate purposes of processing data

  • the right to withdraw consent for processing personal data (where applicable)

  • the right to be informed and to give consent to any proposed changes in use of personal data, before those changes are implemented

  • the right to be informed as to who you may contact at Clinical Psychology Direct, in their role as Data Protection Officer 

  • the right to lodge a complaint with a supervisory authority


8. How is data collected through cookies

Clinical Psychology Direct’s website has been developed through a third party organisation.  The website uses 'cookies', which are small pieces of data stored in the browser of the device (e.g. computer or smartphone) you use when accessing any website. It allows the website to recognise your device and store some information about your preferences or past actions (e.g. actions you may have taken on the site). Cookies may also be used to monitor and analyse the performance, operation and effectiveness of our website, whilst also checking it remains secure and safe to use. There is a choice to opt out of any analytical or marketing based cookies (this option appears when you arrive on Clinical Psychology Direct's website home page). You can also disable cookies on your own device, following the guidance provided by your web browser/supplier. Rest assured any cookies we collect do not identify you, as we do not ask you to register to use our website.  Neither do we share or sell data to any third party.

9. Privacy policies of therapists/practitioners who use rooms with us


All therapists/practitioners affiliated with Clinical Psychology Direct have been informed about this privacy policy, and encouraged to adhere to these standards of processing personal data.  However, as these individuals are sole traders, they are responsible for their own privacy policy and management of clinical records.  If you have questions about the use and processing or personal data and clinical records by your therapist/practitioner, it would be advisable for you to contact them, and make a specific request to see their policy documents.  Clinical Psychology Direct, by way of this privacy document, is responsible only for the personal data held centrally, as stipulated in earlier parts of this document.  


Dr Bobby Sura is Directors at Clinical Psychology Direct, and also holds a clinical caseload. The processing of personal data and clinical records held by Dr Bobby Sura is in accordance with this privacy document.  You will also be informed as to confidentiality of clinical records, by way of the therapeutic contract Dr Bobby Sura asks you to sign, before assessment and intervention begins.  Other therapists/practitioners affiliated with Clinical Psychology Direct will have their own policy and responsibilities for managing the clinical records they hold.

10. How to contact us to update or request your data to be removed

Personal data that we hold is destroyed or erased from our systems as per section 5 of this privacy document.  If you think that we are holding out-of-date or inaccurate personal data, please let us know.


If at any point you believe the personal information that we hold for you may be incorrect, or you would prefer we no longer hold this data, you can request to see the information we have in order to have it corrected or deleted.  We cannot erase or destroy the clinical records we hold, and need to retain these as stipulated in section 5 of this document.

11. How to contact us to request access to personal data or clinical records we hold


You may request access to any personal data or clinical record held about you within our service, by raising a SARS request.  We are obliged to give access to your records within 21 days, and will respond accordingly to all formal, written requests.  (Please note that Clinical Psychology Direct is only responsible for clinical records and personal data held by Dr Bobby Sura as per section 9 of this document)


Please make your request to the Data Protection Officer, Dr Bobby Sura, by in writing to Clinical Psychology Direct, Solihull Well Being Clinic, 15 Highfield Road, Hall Green, Birmingham, B280EL

Any therapist/practitioner is at liberty to limit access to clinical records where the practitioner/therapist who has worked with you assesses the information could cause harm to your physical or mental health, or where information would be disclosed relating to a third person who has not consented. An individual with parental responsibility for a child has the right to view the child’s clinical records, although the therapist/practitioner who met with the child would need to take into account their confidentiality duty. 


The Access to Health Records Act 1990 allows client’s personal representatives and any person who may have a claim arising out of the client’s death access to their record.


If you or a representative require access to clinical records for the purposes of a legal matter, a SARS request may be made for us to release any records held centrally at Clinical Psychology Direct (including those managed by Dr Bobby Sura) within 21 days of the request.  If the request is for a summary report, this will be charged at the usual fee rate we charge, which we can explain at the point of enquiry.  Please note that therapists/practitioners other than Dr Bobby Sura will need to be approached directly, and they will be responsible for managing the access request or need for a report, as per their own policy in such matters. All access requests are managed as per the policy stipulated in section 11 of this document.


12. How to contact relevant authorities if you have concerns


If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office or by phone using the ICO helpline by calling 0303 123 1113.

bottom of page