2. DEFINITIONS (Article 4 GDPR)

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation performed on personal data (collection, storage, use, disclosure, etc.).

Data Controller – the entity determining the purposes and means of processing.

Data Subject – the individual whose personal data is processed.

Processor – a third party processing personal data on behalf of the Data Controller.

3. CATEGORIES OF PERSONAL DATA COLLECTED

A. Data provided voluntarily

• First and last name

• Email address

• Phone number

• Information submitted via contact forms

• Information necessary for booking sessions

• Any information voluntarily disclosed during communication

B. Automatically collected data

• IP address

• Browser type

• Operating system

• Pages visited

• Time spent on website

• Referring source

• Cookie-related data

C. Special categories of data (Article 9 GDPR)

In the context of psychotherapy services, sensitive personal data (including health-related or emotional information) may be voluntarily disclosed.

Such data is processed exclusively based on explicit consent and under strict professional confidentiality obligations.

4. PURPOSES OF PROCESSING

Personal data is processed for the following purposes:

1. Providing psychotherapy services and workshops

2. Managing appointments and communication

3. Sending newsletters and informational emails

4. Delivering free downloadable resources (ebooks, journals)

5. Administrative and contractual communication

6. Improving website functionality and user experience

7. Legal and accounting compliance

Personal data will not be used for automated decision-making or profiling.

5. LEGAL BASIS FOR PROCESSING (Article 6 GDPR)

Processing is based on:

a) Consent (Art. 6(1)(a))

• Newsletter subscription

• Free resource downloads

• Marketing cookies

• Sensitive data processing (explicit consent required)

b) Performance of a contract (Art. 6(1)(b))

• Psychotherapy services

• Workshop participation

• Booking and payment processes

c) Legal obligation (Art. 6(1)(c))

• Accounting and tax obligations

d) Legitimate interest (Art. 6(1)(f))

• Website security

• Statistical analysis

• Fraud prevention

Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. NEWSLETTER AND FREE DOWNLOADS

When subscribing to the newsletter or downloading free resources:

• Explicit consent is required

• A Double Opt-In procedure is implemented

• Users may unsubscribe at any time via the unsubscribe link

• Email addresses are stored until consent is withdrawn

Personal data will never be sold, rented, or shared for commercial purposes with third parties.

7. DATA RETENTION PERIOD

Personal data is retained as follows:

• Newsletter data: until withdrawal of consent

• Contact form data: up to 24 months

• Contractual and billing data: according to applicable legal requirements (5–10 years)

• Cookies: according to the Cookie Policy

After the retention period expires, data is securely deleted or anonymized.

8. DATA RECIPIENTS AND PROCESSORS

Personal data may be processed by third-party service providers acting as Data Processors, including:

• Website hosting provider

• Email marketing platform (e.g., Mailchimp, ConvertKit)

• Analytics provider (e.g., Google Analytics)

• Advertising platforms (e.g., Meta / Facebook Ads)

• Payment processors (if applicable)

All processors are contractually bound through Data Processing Agreements (DPA) and comply with GDPR requirements.

9. INTERNATIONAL DATA TRANSFERS

If personal data is transferred outside the European Economic Area (EEA), such transfers are safeguarded through:

• Standard Contractual Clauses approved by the European Commission

• Adequacy decisions issued by the European Commission

• Other lawful transfer mechanisms under GDPR

10. DATA SUBJECT RIGHTS (Articles 15–22 GDPR)

Data subjects have the following rights:

• Right of access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

• Right to object

• Right to withdraw consent

• Right to lodge a complaint with the supervisory authority

Requests may be submitted to: adriana@togetherafterbaby.com

Data subjects also have the right to file a complaint with their local Data Protection Authority.

11. DATA SECURITY

Appropriate technical and organizational measures are implemented to ensure the security of personal data, including:

• SSL encryption (HTTPS)

• Restricted access to personal data

• Secure password management

• Regular system updates

• Secure data storage

12. COOKIES

The website uses:

• Strictly necessary cookies

• Analytics cookies

• Marketing cookies (if advertising tools are active)

Users may manage cookie preferences through the cookie banner.

For detailed information, please consult the Cookie Policy.

13. CHANGES TO THIS POLICY

This Privacy Policy may be updated periodically. The latest version will always be available on the website.