Please read this carefully before using our website or services. If you do not agree with these terms, you are advised not to use this website or services.
Our registration details
True North Psychology (TNP) is the name used for the platform provided, which connects clients to services offered by accredited Clinical Psychologists offering psychological therapy, supervision and consultancy services. This website is registered under the sole trader, Dr Sara Tookey, registered Clinical Psychologist and founder of TNP. They are registered with the Information Commissioner’s Office (ICO) registration number: ZB440775.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
About us- Controller
True North Psychology is referred to as "TNP", “we”, “us” and “our”, and you the user are referred to as “customer” “client”, “you” or “your”.
We are a platform to connect you with accredited mental health professionals. The mental health professionals we are affiliated with are referred to as “therapist/s”, “clinical psychologists” or “clinician/s”;
“Platform” means services provided using our website.
This website is not intended for children and we do not knowingly collect data relating to children via our website.
What data do we collect?
We collect the following data:
- Identity data includes title, first name, last name, usernames, date of birth, gender.
- Contact data includes address, email address, telephone numbers, primary care provider details.
- Transaction data includes details about payments to and from you and details of services you have bought from us
- Financial Data includes bank account and payment card details. If you chose to pay using one of our third party accounts (e.g. Stripe or Paypal), they have their own privacy policies (https://stripe.com/gb/privacy; https://www.paypal.com/va/webapps/mpp/ua/privacy-full).
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage data includes information about how you use our website and the products and services that you choose from our website.
- Marketing and communication data includes your preferences on marketing communication, communication preferences.
- Sensitive data includes information about your health, including information about your existing and previous medical conditions, medication details, psychiatric history and any other relevant health information to enable us to carry out our services to you. We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or goods). In this case, we may have to cancel a service or product you have with us but we will notify you if this is the case at the time.
How do we collect your data?
We use different methods to collect data from and about you including through:
- Direct interactions, when you give us your Identity, Contact and Financial Data by filling in forms before or during an appointment, verbally during discussions at our practice, or by corresponding with us by post, phone, email, social media, or otherwise. This includes personal data you provide when you:
Register online or purchase any of our products or services
request marketing to be sent to you;
Voluntarily complete a questionnaires, complete surveys, give us feedback or contact us.
Subscribe to our service or publications
- Automated technologies or interactions. As you interact with our website, we will automatically collect information through your interaction with our website (this may include information about your equipment, browsing actions and patterns). This is collected via cookies and other similar technologies which remember your preferences. See our information below on cookies for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
Analytics providers such as Google based outside the EU; b) advertising networks such as Facebook based outside the EU; and c) search information providers such as Google based outside the EU.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe or PayPal based outside the EU.
Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
How do we use your personal data?
We will only use your personal data when the UK law allows us to. We collect your data so that we may:
Perform the contract we are about to enter into or have entered into with you.
Comply with a legal obligation.
Provide you with access to our site and manage this access
Administer and protect our website (e.g., troubleshooting, system maintenance etc.)
Ask you to leave a review or complete a survey;
Make suggestions and recommendations to you about services from us that we think you might be interested in (you will only receive this if you have requested services from us and not opted out of receiving this marketing. We have a mailing list which you may opt out of.
We will only use your data where the UK law allows us to. UK law requires us to have a “legal basis” for processing your personal data. These legal bases are:
Perform a contract that we are about to enter into or have with you;
Comply with a legal or regulatory obligation;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent when collecting sensitive data (such as health information) and before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Use or view our website via your browser's cookies (see section below on cookie use)
We may use your data in some of the ways outlined in the table below:
To register you as a new customer
To provide our services and to process and deliver any orders including: (i) provide our services to you; (ii) Manage payments, fees and charges; (iii) Collect and recover money owed to us
To enable you to partake in a prize draw, competition or complete a survey
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
To make suggestions and recommendations to you about goods or services that may be of interest to you
Type of data
(i) Identity; (ii) Contact
(i) Identity; (ii) Contact; (iii) Financial; (iv) Transaction; (v) Marketing and Communications; (vi) Sensitive Data
(i) Identity; (ii) Contact; (iii) Profile; (iv) Marketing and Communications
(i) Identity; (ii) Contact; (iii) Profile; (iv) Usage; (v) Marketing and Communications
(i) Identity; (ii) Contact; (iii) Technical
(i) Identity; (ii) Contact; (iii) Profile; (iv) Usage; (v) Marketing and Communications; (vi) Technical
(i) Technical; (ii) Usage
(i) Identity; (ii) Contact; (iii) Technical; (iv) Usage; (v) Profile; (vi) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
Performance of a contract with you
(i) Performance of a contract with you; (ii) Necessary for our legitimate interests (to recover debts due to us); (iii) Explicit consent (in the case of Sensitive Data).
(i) Performance of a contract with you; (ii) Necessary to comply with a legal obligation;(iii) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(i) Performance of a contract with you; (ii) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
(i) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); (ii) Necessary to comply with a legal obligation
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Necessary for our legitimate interests (to develop our products/services and grow our business)
How do we store your data?
We will keep your personal identification data for a maximum of seven years after the last date of service from us, unless data is legitimately required by us, such as providing you with the marketing of our services (with your consent).
Once this time period has expired, we will delete your data, unless it is legitimately required to be kept for reasons that we have a legal basis for.
Do we disclose your data, and if so, how?
We will get your express consent before we share your personal data with a third party for marketing purposes.
We may also share your personal data with the following third parties:
Psychologists listed on the TNP website, to ensure they can fulfill the contract we have entered into with you for fulfilling our services.
Third parties who are completing services on our behalf including billing, sales, IT support, analytics, data storage, validation, security, fraud prevention, payment processing, legal services (including Clinix Digital for secure client storage in compliance with GDPR policies, and secure virtual therapy platform, Google Workspace for business emails, PayPal for payment, Stripe for payment, FreeAgent for bookkeeping and invoicing, Dropbox for business related data storage, Wix website platform)
These third parties will be able to access your personal data but are not permitted to share your personal data. Third parties if required to do so by law, in connection with any legal proceedings or in order to establish, exercise, or defend our legal rights, or if legally permitted.
Other third parties with your explicit consent. As outlined in our Terms and Conditions, in exceptional circumstances we may need to use your personal information to contact your GP/Primary Care Provider or emergency contact. This will only be done when we have a duty of care or are required to do so by law.
Our therapists may be required by their regulatory or accrediting bodies to have professional supervision with another therapist. This is common practice to maintain professional accreditation and does not involve the disclosure of any personal identifying information. Supervision is conducted in accordance with the healthcare professionals (HCPC) code of conduct.
Therapy notes and Virtual/Telephone Sessions
Our therapists may keep summary notes of their therapy sessions for their own records. They are responsible for ensuring that confidentiality is protected at all times and that the client is not identifiable from the notes. The notes must comply with the requirements of each therapist’s regulatory or accrediting body.
Please see Terms and Conditions of Service for more on therapy and supervision confidentiality.
As a Data Controller that processes personal data, we abide by regulations stated under data protection law, including but not limited to the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). Dr Samantha Rennalls acts as our Data Protection Officer and is responsible for issues relating to data protection. You can contact us about data protection issues by emailing firstname.lastname@example.org or email@example.com
TNP would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email us at firstname.lastname@example.org
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access - You have the right to request copies of your personal data.
The right to rectification - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
The right to erasure - You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: email@example.com
Use by children
Our website and services are designed for adults. Therefore, our online services that collect personal data should not be accessed by individuals under the age of 18. We request that individuals under the age of 18 do not provide any personal data to us. If we discover that an individual under this age has provided data to us, we will delete the child’s personal data that is in our possession.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org.
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
Functionality - We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Advertising - We use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address.
How are cookies managed?
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Privacy policies of other websites
How can you contact us?
Email us at: firstname.lastname@example.org
How can you contact the appropriate authority?
Should you wish to report a complaint or if you feel that, after contacting us, we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office (ICO), which is the UK supervisory authority for data protection issues (www.ico.org.uk).