EU GDPR COMPLIANCE DOCUMENTS

1. PRIVACY POLICY

Last Updated: 1.6.2025

1.1 Introduction

Welcome to Feel & Heal Therapy. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

This privacy policy applies to:

  • Website visitors
  • Clients and potential clients
  • Newsletter subscribers
  • Anyone who contacts us through our website

1.2 Data Controller

The data controller responsible for your personal data is:

  • Company: BUĐENJE, obrt za pos. savjetovanje
  • Owner: Ivan Čanžek
  • Address: I. Retkovec 3B, 10040 Zagreb, Croatia
  • Email: [email protected]
  • Phone: +385 91 616 7149

1.3 Personal Data We Collect

We may collect, use, store and transfer different kinds of personal data about you:

a) Identity Data

  • First name and last name
  • Username or similar identifier
  • Title, date of birth, and gender

b) Contact Data

  • Email address
  • Telephone numbers
  • Billing/delivery address

c) Technical Data

  • Internet protocol (IP) address
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other technology on devices used to access this website

d) Usage Data

  • Information about how you use our website, products and services
  • Pages visited, time spent on pages
  • Click-through rates

e) Marketing and Communications Data

  • Preferences in receiving marketing from us
  • Communication preferences

f) Health Data (for therapy clients only)

  • Medical history relevant to therapy
  • Mental health information
  • Session notes and treatment records
  • Emergency contact information

1.4 How We Collect Your Personal Data

a) Direct interactions

  • When you fill in forms on our website
  • When you book an appointment
  • When you contact us via email, phone, or WhatsApp
  • When you subscribe to our newsletter
  • When you request marketing materials

b) Automated technologies

  • As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns using cookies and similar technologies

c) Third parties

  • Analytics providers (Google Analytics)
  • Payment processors
  • Technical service providers

1.5 How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:

a) To provide therapy services

  • Legal basis: Contract performance
  • Purpose: Deliver psychotherapy and counseling services

b) To manage appointments

  • Legal basis: Contract performance
  • Purpose: Schedule, confirm, and remind about appointments

c) To communicate with you

  • Legal basis: Legitimate interests
  • Purpose: Respond to inquiries, provide customer service

d) To send marketing communications

  • Legal basis: Consent
  • Purpose: Send newsletters, promotional materials (only with your consent)

e) To improve our website

  • Legal basis: Legitimate interests
  • Purpose: Analyze usage patterns, improve user experience

f) To comply with legal obligations

  • Legal basis: Legal obligation
  • Purpose: Maintain records as required by healthcare regulations

1.6 Data Security

We have implemented appropriate technical and organizational measures to secure your personal data, including:

  • SSL encryption for data transmission
  • Secure storage of personal data
  • Limited access to personal data (need-to-know basis)
  • Regular security assessments
  • Staff training on data protection

1.7 Data Retention

We will only retain your personal data for as long as necessary:

  • Client therapy records: 10 years after last session (legal requirement)
  • Contact inquiries: 2 years
  • Newsletter subscriptions: Until you unsubscribe
  • Website analytics: 26 months
  • Financial records: 7 years (legal requirement)

1.8 Your Legal Rights

Under GDPR, you have the following rights:

a) Right to access – Request a copy of your personal data

b) Right to rectification – Request correction of inaccurate data

c) Right to erasure – Request deletion of your personal data

d) Right to restrict processing – Request limitation of processing

e) Right to data portability – Receive your data in a structured format

f) Right to object – Object to processing based on legitimate interests

g) Right to withdraw consent – Withdraw consent at any time

To exercise any of these rights, contact us at: [insert email]

1.9 Cookies

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience and allows us to improve our site. For detailed information, see our Cookie Policy below.

1.10 Third-Party Links

Our website may include links to third-party websites. We have no control over these websites’ privacy policies and are not responsible for their practices.

1.11 Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date.