Skip to content

Privacy Policy

Last updated: June 2025

1. Data Controller

The data controller is [COMPANY NAME], located at [ADDRESS].

For any request regarding your personal data, please write to: [PRIVACY EMAIL].

2. Data We Collect

We collect the following personal data when you use the platform:

  • Account data: email address, name, phone number (optional), provided at registration or booking.
  • Booking data: service, date, time, professional and location chosen, selected timezone, optional notes.
  • Technical data: IP address, browser user agent, automatically recorded for security and the proper functioning of the service.

We do not collect sensitive data (e.g. health data) through the platform. Any clinical notes entered by professionals are the sole responsibility of the organisation.

3. Cookies and Tracking Technologies

We use only strictly necessary technical cookies required for the service to function:

  • Session cookie (Better Auth): required to maintain an active authentication session. Deleted when the session expires or when you sign out. Legal basis: contractual necessity (Art. 6.1.b GDPR).

We do not use profiling cookies, third-party cookies, or analytics or advertising tracking tools. If we introduce non-essential cookies in the future, we will ask for your explicit consent before setting them.

4. Purpose and Legal Basis

  • Service delivery (bookings, email notifications, agenda management): contractual necessity — Art. 6.1.b GDPR.
  • Security and fraud prevention (technical logs): legitimate interest — Art. 6.1.f GDPR.
  • Legal compliance: legal obligation — Art. 6.1.c GDPR.

5. Data Retention

Account and booking data are retained for the duration of the contractual relationship and for the following 10 years, unless otherwise required by law. Technical logs are retained for a maximum of 90 days.

You can request account deletion at any time from your profile settings.

6. Your Rights

You have the right to access, rectify, erase (right to be forgotten), restrict, object to the processing of your data, and receive a machine-readable copy (data portability). You may exercise these rights by writing to [PRIVACY EMAIL].

You also have the right to lodge a complaint with the relevant supervisory authority in your country of residence.

7. International Data Transfers

Data is processed within the European Union. Any transfers to third countries will be made in compliance with the safeguards provided by the GDPR (adequacy decisions or standard contractual clauses).