Privacy Policy
Last updated: March 6, 2026
GDPR — European Union1. Introduction
Psychology Practice ("we", "us", "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services. It also describes your rights as a data subject and how you can exercise them.
2. Data Controller
The data controller responsible for the processing of your personal data is:
If you have any questions about data protection, please contact us using the details above or through our contact page.
3. Data We Collect
We collect and process the following categories of personal data:
| Data Category | Specific Data | Lawful Basis (Art. 6 GDPR) |
|---|---|---|
| Account Registration | First name, last name, email address, password (hashed) | Contract performance (Art. 6(1)(b)) |
| Appointment Booking | Selected psychologist, service type, appointment date & time, appointment status | Contract performance (Art. 6(1)(b)) |
| Contact Form | Name, email address, message content | Legitimate interest (Art. 6(1)(f)) |
| Blog Comments | Author name, email address, comment content | Consent (Art. 6(1)(a)) |
| Newsletter | Email address, subscription preferences | Consent (Art. 6(1)(a)) |
| Cookies | Session identifier, cookie consent preferences | Legitimate interest / Consent (Art. 6(1)(a)(f)) |
| reCAPTCHA | IP address, browser data (processed by Google) | Legitimate interest (Art. 6(1)(f)) |
| Google Analytics | Pages visited, session duration, device & browser type, approximate location (country/city level), referral source (anonymised IP) | Consent (Art. 6(1)(a)) |
Special category data: We do not intentionally collect special category data (Art. 9 GDPR) such as health data through this website. Any health-related information discussed during therapy sessions is handled under separate professional confidentiality obligations and is not stored in our website database.
4. How We Use Your Data
- Provide our services: manage your account, schedule and manage appointments, facilitate communication with your psychologist
- Communication: respond to your enquiries via the contact form, send appointment confirmations and reminders
- Newsletter: send periodic updates and mental health resources (only with your explicit consent)
- Blog interaction: display your comments on blog posts (with moderation)
- Security: protect our website from spam and abuse via reCAPTCHA and session management
- Legal compliance: comply with applicable legal obligations
We do not use your personal data for automated decision-making or profiling.
5. Data Retention
- Account data: retained for the duration of your account and up to 12 months after deletion request
- Appointment records: retained for 5 years after the last appointment (professional record-keeping requirements)
- Contact form messages: retained for 12 months, then deleted
- Blog comments: retained for the lifetime of the blog post, or until you request removal
- Newsletter subscriptions: retained until you unsubscribe
- Session cookies: expire when you close your browser or after inactivity
- Consent cookies: retained for 12 months
6. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access (Art. 15): request a copy of all personal data we hold about you
- Right to Rectification (Art. 16): request correction of inaccurate or incomplete data
- Right to Erasure (Art. 17): request deletion of your personal data ("right to be forgotten")
- Right to Restriction (Art. 18): request that we limit how we process your data
- Right to Data Portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
- Right to Object (Art. 21): object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7(3)): withdraw consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us. We will respond within 30 days of receiving your request.
7. Cookies
We use the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Session management (PHPSESSID), authentication, CSRF protection | Session / browser close |
| Consent | Stores your cookie preferences (cookie_consent) | 12 months |
| Analytics | Google Analytics cookies (_ga, _ga_*) — track page views, session duration, and traffic sources. Only set when you accept analytics cookies. | Up to 2 years |
You can manage your cookie preferences at any time using the cookie settings banner at the bottom of any page, or by adjusting your browser settings. Analytics cookies are only set after you give explicit consent — they are not loaded by default.
8. Data Sharing & Transfers
We do not sell, trade, or rent your personal data to third parties.
We may share data with:
- Service providers: hosting providers, email service providers — bound by data processing agreements
- Google (reCAPTCHA): to prevent spam on forms. Google may collect IP address and browser data. See Google's Privacy Policy and Terms of Service
- Google (Analytics): to understand website usage patterns. Data is anonymised (IP anonymisation enabled). Only activated with your consent. See Google's Privacy Policy and Google Analytics Data Practices
International transfers: If data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses approved by the European Commission).
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Password hashing using industry-standard algorithms (bcrypt)
- CSRF token protection on all forms
- Parameterised database queries to prevent SQL injection
- Regular session ID regeneration
- Input sanitisation and output encoding
10. Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your national Data Protection Supervisory Authority.
We encourage you to contact us first so we can try to resolve your concern directly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please reach out:
Psychology Practice
Visit our Contact Page to send us a message.