Privacy Notice
Last Updated: 23.03.26

1. Who we are

  • This practice is operated by In Search of Me Ltd, a UK-registered company providing psychological therapy services.

  • For the purposes of UK data protection law, In Search of Me Ltd is the Data Controller.

  • Therapy is delivered by Pip Williams, Counselling Psychologist

  • HCPC registration number: PYL045847

  • Company name: In Search of Me Ltd

  • Registered office: Wood House, Pirbright, Surrey, GU240DH

  • Company number: 07354733

  • Email: info@drpip.co.uk

  • Website: drpip.co.uk

2. How personal data is collected

  • Personal data may be collected when you make initial contact via email, telephone, or the website contact form.

  • This initial contact typically involves limited personal information such as your name and contact details.

  • Where therapy proceeds, further personal and clinical information is collected and managed through a secure, GDPR-compliant practice management system.

  • Communication may take place via secure systems and via email where appropriate, with sensitive information kept to a minimum outside secure platforms.

3. What personal data is held

  • Depending on your contact with the practice, different types of personal data may be held.

  • For initial enquiries, this typically includes limited information such as your name, contact details, and the content of your enquiry.

  • Where therapy proceeds, more detailed personal data is collected and stored within a secure, GDPR-compliant practice management system. This may include contact details, date of birth, relevant personal and background information, next of kin details where appropriate, appointment and attendance records, correspondence, and clinical notes created during therapy.

  • Payment information is processed securely via Stripe, a third-party payment provider. Card details are not stored by the practice and are handled directly by Stripe in accordance with their own privacy and security policies.

4. Purpose of processing

  • Personal data is processed only where necessary to provide psychological therapy.

  • This includes responding to enquiries and communicating with clients in relation to services.

  • It also includes managing appointments, scheduling, and payments.

  • Accurate clinical and administrative records are maintained as part of this process.

  • Processing is carried out in order to meet professional, ethical, and legal obligations.

  • Personal data is never used for marketing purposes.

5. Lawful basis for processing

  • Personal data is processed in accordance with UK GDPR on one or more lawful bases.

  • Processing is carried out on a contractual basis where this is necessary to provide agreed therapy services.

  • Legitimate interests apply in order to operate a safe and effective clinical practice.

  • Processing may also be required to meet legal obligations, including record-keeping and financial requirements.

  • Explicit consent is relied upon where required, for example in relation to limited disclosures.

6. Data storage and security

  • Personal and clinical data relating to therapy is stored securely using appropriate technical and organisational safeguards.

  • Access to data is restricted and protected by passwords and security controls.

  • Initial contact data is handled confidentiality and retained only for as long as necessary.

  • Email communication may be used in relation to appointments and, where relevant, therapy-related matters.

  • While reasonable steps are taken to protect confidentiality, email may not offer the same level of security as a dedicated encrypted platform.

7. Data sharing

  • Personal data is shared only where necessary and proportionate to the provision of services.

  • Data may be shared with the practice management system provider, who acts as a data processor.

  • Payment processing providers receive limited data required to process payments.

  • Financial information may be shared with HMRC where required.

  • Where sessions are funded through private health insurance, limited personal and appointment information may be shared with the insurer for the purposes of authorisation and payment.

  • Clinical work may be discussed with the practitioner’s supervisor, with all identifying information removed.

  • Information may be disclosed to relevant authorities where required by law or where there is a serious risk of harm.

  • Personal data is never sold or shared with third parties for marketing purposes.

8. Data retention

  • Clinical records are retained for 7 years following the end of therapy in line with professional and legal guidance.

  • Where therapy does not proceed, enquiry data is retained for a shorter and proportionate period before being securely deleted.

9. Your rights

  • You have rights under UK data protection law in relation to your personal data.

  • These include the right to access your data and to request correction of inaccurate information.

  • You may request erasure of your data, subject to legal and professional limitations.

  • You have the right to request restriction of processing in certain circumstances.

  • You may object to certain forms of processing where applicable.

  • You also have the right to lodge a complaint with the Information Commissioner’s Office.

10. Contact and complaints

  • If you have questions or concerns about how your data is handled, you are encouraged to contact the practice directly in the first instance.

  • Further information and complaints can be directed to the Information Commissioner’s Office via ico.org.uk.

Click here to download a copy of the Privacy Notice.