Privacy Policy

Last updated: 23-06-2025

1. Data Controller

I, Marta Baniukiewicz, am the data controller for the processing of personal data I receive about my clients.

Contact Information:
Marta Baniukiewicz
martabaniukiewicz@protonmail.com
+45 42 66 03 63
CVR: 43952560

2. Protection of Your Personal Data

Your personal data is processed in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR).

I place great importance on protecting my clients’ personal data. Therefore, I have implemented both technical and organizational measures to fulfill my responsibilities as a data controller. These include:

  • Using antivirus software

  • Regularly updating passwords

  • Keeping systems up to date

  • Staying informed about IT developments to guard against vulnerabilities and current threats

  • Using two-factor authentication

  • Using an encrypted email

I only process data necessary for my work as a psychotherapist, and that I am legally allowed to process. I have procedures in place to regularly delete data that no longer meets the requirements (data minimization).

For additional security, I use encryption and pseudonymization when processing sensitive data, including health information.

3. Personal Data – What, Why, and for How Long

3.1. When You Make an Inquiry

What Data Is Collected:

Your contact details (typically name, email address, and/or phone number).

Purpose and Legal Basis:

The purpose is to respond to your inquiry. The legal basis is legitimate interest under GDPR Article 6(1)(f).

Retention Period:

Your contact information is retained for a maximum of 6 months after your inquiry is considered fully answered.

3.2. When You Are in Therapy

What Data Is Collected:

  • Contact details (name, email, phone number)

  • Therapy notes containing extracts of our sessions, including health data

Purpose and Legal Basis:

  • Accounting & communication (e.g., rescheduling appointments): Legal basis is contractual obligation under GDPR Article 6(1)(b).

  • Therapy documentation & legal compliance (e.g., to the Danish Business Authority and Tax Agency): Legal basis is your explicit consent under GDPR Article 6(1)(a).

You can withdraw your consent at any time. If you do, I will stop further processing of your personal data. However, any data processed while the consent was valid will be stored to comply with legal obligations (GDPR Article 6(1)(c)).

Retention Period:

  • Accounting-related data: Retained for 6.5 years as per Danish authorities’ requirements.

  • Other data: Retained for up to 1 year after the conclusion of therapy.

4. Third-Party Relationships

Your personal data:

  • Is not sold to third parties

  • Is not transferred to third countries

Website

My website acts as a data processor. All data you submit via the website is stored in my web host’s data centers.

External Providers

I use external providers for services like accounting software and booking systems. These providers may act as data processors and, in some cases, handle personal data on my behalf.

These processors:

  • Only process data based on my instructions

  • Must comply with all legal requirements for data processors

I have signed data processing agreements with each provider to ensure they meet legal obligations.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be informed

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making

You can read more about your rights on the Danish Data Protection Agency’s website.

To exercise your rights, please contact me using the details listed in Section 1.

6. Complaints

If you are dissatisfied with how your personal data is processed, you have the right to file a complaint with the Danish Data Protection Agency.

Guidance on how to do this can be found here.