top of page


Please read this carefully before using our website or services. If you do not agree with these terms, you are advised not to use this website or services.

Our registration details


True North Psychology (TNP) is the name used for the platform provided, which connects clients to services offered by accredited Clinical Psychologists offering psychological therapy, supervision and consultancy services. This website is registered under the sole trader, Dr Sara Tookey, registered Clinical Psychologist and founder of TNP. They are registered with the Information Commissioner’s Office (ICO) registration number: ZB440775.


You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 


This privacy policy applies to (referred to as “website”). 


Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on 8th February, 2023.


It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

About us- Controller


TNP is a platform for the provision of psychological therapy, assessment, supervision and consultancy services. As a core part of our work, we need to collect personal information about you, so that we can properly engage with you and provide the best possible service to you. This Privacy Policy outlines how we collect, use, store and manage your data and your rights regarding that data. We take all reasonable steps to ensure that your personal data is safeguarded and kept in accordance with data protection law. 


True North Psychology is referred to as "TNP", “we”, “us” and “our”, and you the user are referred to as “customer” “client”, “you” or “your”.


We are a platform to connect you with accredited mental health professionals. The mental health professionals we are affiliated with are referred to as “therapist/s”, “clinical psychologists” or “clinician/s”;


“Platform” means services provided using our website.


Purpose of this privacy policy


This privacy policy aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you purchase our services, sign up for our newsletter or obtain offered informational resources. This includes when you fill out online forms through our practice management system, Clinix.


This website is not intended for children and we do not knowingly collect data relating to children via our website.


It is important that you read this privacy policy together with our Terms and Conditions of services and use of website, and any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal or sensitive data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. Your use of this website is deemed to be an agreement with this Privacy Policy. 


What data do we collect?


We collect the following data:

- Identity data includes title, first name, last name, usernames, date of birth, gender.

- Contact data includes address, email address, telephone numbers, primary care provider details.

- Transaction data includes details about payments to and from you and details of services you have bought from us

- Financial Data includes bank account and payment card details. If you chose to pay using one of our third party accounts (e.g. Stripe or Paypal), they have their own privacy policies (; 

- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

- Profile data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

- Usage data includes information about how you use our website and the products and services that you choose from our website.

- Marketing and communication data includes your preferences on marketing communication, communication preferences.


We also collect, use and share Aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.


- Sensitive data includes information about your health, including information about your existing and previous medical conditions, medication details, psychiatric history and any other relevant health information to enable us to carry out our services to you.  We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing. 


If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or goods). In this case, we may have to cancel a service or product you have with us but we will notify you if this is the case at the time. 


How do we collect your data?


We use different methods to collect data from and about you including through:

- Direct interactions, when you give us your Identity, Contact and Financial Data by filling in forms before or during an appointment, verbally during discussions at our practice, or by corresponding with us by post, phone, email, social media, or otherwise. This includes personal data you provide when you:

  • Register online or purchase any of our products or services 

  • Create an account with us either via our website or via our third party digital therapy service (Clinix Digital, who has their own privacy policy in line with GDPR policies and procedures)

  • request marketing to be sent to you;

  • Voluntarily complete a questionnaires, complete surveys, give us feedback or contact us. 

  • Subscribe to our service or publications


- Automated technologies or interactions. As you interact with our website, we will automatically collect information through your interaction with our website (this may include information about your equipment, browsing actions and patterns). This is collected via cookies and other similar technologies which remember your preferences. See our information below on cookies for further details. 


- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below: 

  • Technical Data from the following parties:

    • Analytics providers such as Google based outside the EU; b) advertising networks such as Facebook based outside the EU; and c) search information providers such as Google based outside the EU.

      1. Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe or PayPal based outside the EU.

      2. Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.


How do we use your personal data?


We will only use your personal data when the UK law allows us to. We collect your data so that we may:

  • Perform the contract we are about to enter into or have entered into with you.

  • Comply with a legal obligation.

  • Provide you with access to our site and manage this access

  • Comply with a legal obligation (e.g., notifying you of a change in our privacy policy)

  • Administer and protect our website (e.g., troubleshooting, system maintenance etc.)

  • Ask you to leave a review or complete a survey;

  • Make suggestions and recommendations to you about services from us that we think you might be interested in (you will only receive this if you have requested services from us and not opted out of receiving this marketing. We have a mailing list which you may opt out of. 

  • We will only use your data where the UK law allows us to. UK law requires us to have a “legal basis” for processing your personal data. These legal bases are:

    • Perform a contract that we are about to enter into or have  with you;

    • Comply with a legal or regulatory obligation;

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.


Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent when collecting sensitive data (such as health information) and before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


Use or view our website via your browser's cookies (see section below on cookie use)

We may use your data in some of the ways outlined in the table below:


  • To register you as a new customer

  • To provide our services and to process and deliver any orders including: (i) provide our services to you; (ii) Manage payments, fees and charges; (iii) Collect and recover money owed to us

  • To manage our relationship with you which will include: (i) Notifying you about changes to our terms or privacy policy; (ii) Asking you to leave a review or take a survey

  • To enable you to partake in a prize draw, competition or complete a survey

  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 


  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

  • To make suggestions and recommendations to you about goods or services that may be of interest to you

Type of data

  • (i) Identity; (ii) Contact

  • (i) Identity; (ii) Contact; (iii) Financial; (iv) Transaction; (v) Marketing and Communications; (vi) Sensitive Data

  • (i) Identity; (ii) Contact; (iii) Profile; (iv) Marketing and Communications

  • (i) Identity; (ii) Contact; (iii) Profile; (iv) Usage; (v) Marketing and Communications

  • (i) Identity; (ii) Contact; (iii) Technical

  • (i) Identity; (ii) Contact; (iii) Profile; (iv) Usage; (v) Marketing and Communications; (vi) Technical

  • (i) Technical; (ii) Usage

  • (i) Identity; (ii) Contact; (iii) Technical; (iv) Usage; (v) Profile; (vi) Marketing and Communications

Lawful basis for processing including basis of legitimate interest

  • Performance of a contract with you

  • (i) Performance of a contract with you; (ii) Necessary for our legitimate interests (to recover debts due to us); (iii) Explicit consent (in the case of Sensitive Data).

  • (i) Performance of a contract with you; (ii) Necessary to comply with a legal obligation;(iii) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

  • (i) Performance of a contract with you; (ii) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

  • (i) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); (ii) Necessary to comply with a legal obligation

  • Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

  • Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

  • Necessary for our legitimate interests (to develop our products/services and grow our business)

How do we store your data?


We securely store your data within the European Economic Area (EEA) on servers that are GPR compliant. Some of your data may be processed by staff operating outside the EEA, for example people who work for us or by one of our third-party suppliers. This may include processing of your identity and payment information by providers of payment services, such as Stripe, who have a separate privacy policy ( 


We will keep your personal identification data for a maximum of seven years after the last date of service from us, unless data is legitimately required by us, such as providing you with the marketing of our services (with your consent). 


Once this time period has expired, we will delete your data, unless it is legitimately required to be kept for reasons that we have a legal basis for. 


Do we disclose your data, and if so, how?


Third parties

We will get your express consent before we share your personal data with a third party for marketing purposes.


We may also share your personal data with the following third parties:

  • Psychologists listed on the TNP website, to ensure they can fulfill the contract we have entered into with you for fulfilling our services.

  • Third parties who are completing services on our behalf including billing, sales, IT support, analytics, data storage, validation, security, fraud prevention, payment processing, legal services (including Clinix Digital for secure client storage in compliance with GDPR policies, and secure virtual therapy platform, Google Workspace for business emails, PayPal for payment, Stripe for payment, FreeAgent for bookkeeping and invoicing, Dropbox for business related data storage, Wix website platform)


These third parties will be able to access your personal data but are not permitted to share your personal data. Third parties if required to do so by law, in connection with any legal proceedings or in order to establish, exercise, or defend our legal rights, or if legally permitted.


Third party links. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


Other third parties with your explicit consent. As outlined in our Terms and Conditions, in exceptional circumstances we may need to use your personal information to contact your GP/Primary Care Provider or emergency contact. This will only be done when we have a duty of care or are required to do so by law. 




Our therapists may be required by their regulatory or accrediting bodies to have professional supervision with another therapist. This is common practice to maintain professional accreditation and does not involve the disclosure of any personal identifying information. Supervision is conducted in accordance with the healthcare professionals (HCPC) code of conduct. 

Therapy notes and Virtual/Telephone Sessions


Our therapists may keep summary notes of their therapy sessions for their own records. They are responsible for ensuring that confidentiality is protected at all times and that the client is not identifiable from the notes. The notes must comply with the requirements of each therapist’s regulatory or accrediting body. 


Please see Terms and Conditions of Service for more on therapy and supervision confidentiality. 


We will never record phone or online video sessions without your consent. Clinix Digital, who provide our virtual therapy platform, have their own Privacy policy which we recommend reading.


Data processors


As a Data Controller that processes personal data, we abide by regulations stated under data protection law, including but not limited to the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). Dr Samantha Rennalls acts as our Data Protection Officer and is responsible for issues relating to data protection. You can contact us about data protection issues by emailing or




TNP would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email us at


What are your data protection rights?


We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access - You have the right to request copies of your personal data. 

  • The right to rectification - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

  • The right to erasure - You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.

  • The right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.


If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:


Use by children


Our website and services are designed for adults. Therefore, our online services that collect personal data should not be accessed by individuals under the age of 18. We request that individuals under the age of 18 do not provide any personal data to us. If we discover that an individual under this age has provided data to us, we will delete the child’s personal data that is in our possession. 





What are cookies?


Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.


Consent banner 

We use our own and third-party cookies and web beacons to deliver a faster and safer experience, to monitor and analyze usage, to comply with laws, and for advertising purposes. By clicking ‘I Consent’, you agree that data such as your IP address and third party identifier may be shared with advertising partners to help us deliver more relevant ads. To update your settings or opt out, go to 'Cookie Settings'. To learn more read our Privacy Policy.


For further information, visit


How do we use cookies?


We use cookies in a range of ways to improve your experience on our website, including understanding how you use our website. 


What types of cookies do we use?


There are a number of different types of cookies, however, our website uses:

  • Functionality - We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.


  • Advertising - We use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. 


How are cookies managed?


You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.


Privacy policies of other websites


The True North website contains links to other websites. Our privacy policy applies only to our website. We have no control over the contents of those sites or resources. So if you click on a link to another website, you should read their privacy policy.


How can you contact us?


If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.


Email us at:

How can you contact the appropriate authority?


Should you wish to report a complaint or if you feel that, after contacting us, we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office (ICO), which is the UK supervisory authority for data protection issues (

bottom of page