Privacy Policy
1. Introduction
Welcome to Therapy with Lana (“we,” “our,” “us”). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.
2. Information We Collect
We collect the following personal information:
• Personal Identification Information: Name, email address, phone number, or other personal identifiers.
• Sensitive Personal Data: Health-related information, including but not limited to mental health data, which is processed for therapy-related purposes. With your explicit consent, we collect and process sensitive health data to tailor our psychotherapy services.
• Payment Information: Billing address, payment details (such as credit card information), and other financial data necessary to process payments for services.
• Usage Data: Information about how you use our website and services, including cookies and other tracking technologies.
3. How We Collect Information
We collect information through:
• Direct Interactions: When you register for our services, subscribe to our newsletters, book appointments, or contact us.
• Automated Technologies: As you interact with our website, we may collect technical data about your equipment, browsing actions, and patterns through cookies or other tracking technologies.
• Third-party Tools: We use services like Calendly for appointment bookings, which may collect your personal data (e.g., name, email, and phone number) when you schedule an appointment with us.
4. Use of Your Information
We use your information for the following purposes:
• Service Delivery: To provide and manage our psychotherapy services, online programs, courses, teachings, and classes.
• Payment Processing: To process payments for our services through third-party services like Stripe or ThriveCart.
• Communication: To send administrative information, respond to inquiries, and provide customer support.
• Marketing: To send promotional materials and updates about our services, with your consent. You can opt out at any time by unsubscribing from our emails or adjusting your preferences.
5. Legal Basis for Processing
Our legal bases for processing your personal data include:
• Consent: Where you have given explicit consent for processing (e.g., subscribing to newsletters or booking appointments via Calendly). The processing of health-related data is based on your explicit consent, as required under GDPR Article 9 for sensitive data.
• Contractual Necessity: To perform a contract with you or to take steps at your request before entering into a contract (e.g., delivering therapy services).
• Legal Obligation: To comply with legal obligations (e.g., tax laws, accounting regulations).
• Legitimate Interests: For our legitimate business interests, such as improving our services or direct marketing, provided these interests do not override your rights and freedoms.
6. Data Retention
We retain personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying legal, accounting, or reporting requirements. Specifically:
• Emails and Account Information: Retained for up to five years to comply with Danish tax regulations.
• Payment Information: Retained for five years to comply with legal and tax obligations.
• Sensitive Personal Data: Retained in accordance with applicable health privacy laws, including only as long as necessary to provide therapy or related services. Health-related data will be retained only as long as necessary for service delivery or legal requirements, distinct from other data retention periods.
7. Sharing Your Information
We do not sell or rent your personal data. We may share your information with:
• Service Providers: Third-party vendors (e.g., Stripe, ThriveCart, MailerLite) who provide services on our behalf, such as payment processing, marketing, and email communications. These service providers are contractually obligated to protect your information and only use it for the purposes outlined here. We ensure that all vendors have GDPR-compliant Data Processing Agreements (DPAs) in place.
• Legal Authorities: When required by law or to protect our rights or the rights of others.
8. International Transfers
As we operate globally, your information may be transferred to and processed in countries outside of your country of residence. We ensure appropriate safeguards are in place to protect your data in such cases, including using Standard Contractual Clauses where applicable.
9. Your Rights
You have the following rights regarding your personal data:
• Access: To request access to your personal data.
• Rectification: To request correction of inaccurate data.
• Erasure: To request deletion of your data under certain conditions (e.g., if the data is no longer needed for the purposes it was collected for).
• Restriction: To request restriction of processing under certain conditions.
• Portability: To receive your data in a structured, commonly used format and transmit it to another controller.
• Objection: To object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent: To withdraw consent at any time, where processing is based on consent.
To exercise these rights, please contact us at lana.kunstek7@gmail.com.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, and firewalls. While we take all reasonable precautions, please note that no system is completely secure.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website. This includes tools like Google Analytics and Facebook Pixel for performance monitoring and marketing. You can control cookies through your browser settings. By using our website, you consent to the use of cookies and similar technologies. We use cookies with your prior consent. Manage preferences via our cookie banner. Essential cookies do not require consent.
12. Children’s Privacy
Our services are not directed to individuals under the age of 13. Parental consent is required for users aged 13–15. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to remove that information.
13. Health Disclaimer
Our services, including psychotherapy, courses, and teachings, are not intended to replace or serve as a substitute for medical or psychiatric care. If you are seeking medical or psychiatric advice or treatment, please consult a licensed healthcare provider. By using our services, you acknowledge that you are responsible for your own health and well-being.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website.
15. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
• Email: lana.kunstek7@gmail.com