​

This Privacy Policy explains how ClearPath Psychology collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR/AVG) and relevant Dutch privacy and healthcare regulations.

Your privacy and confidentiality are important. Personal information shared with ClearPath Psychology is handled carefully, securely, and only for the purposes described below.

​

1. Data Controller

The data controller responsible for processing your personal data is:

Practice name: ClearPath Psychology
Contact person: Mahnoush Nekoufar
Website: mahnoushnekoufar.com
Email: mahnoush.nk@gmail.com
KVK number:  42034034

​

2. Personal Data Collected

ClearPath Psychology may collect and process the following personal data:

Identification and contact details: such as your name, date of birth, address, phone number, and email address.
Information related to psychological support, such as data from contact forms, intake, sessions, questionnaires, treatment notes, and other relevant communications.
Payment and invoicing details, such as invoice information and payment records.
Communication data: such as emails, messages, and phone contacts related to appointments or psychological support.

3. Purpose of Processing

Your personal data is processed for the following purposes:

to provide psychological support;
to communicate with you and manage appointments;
to prepare and maintain client records;
to handle invoicing and administration;
to comply with legal and professional obligations;
to support professional supervision or intervision, using anonymised or non-identifiable information wherever possible.

4. Legal Basis for Processing

ClearPath Psychology processes personal data based on one or more of the following legal grounds:

your consent;
the performance of a treatment or service agreement;
compliance with legal obligations;
legitimate interests, such as maintaining safe, ethical, and high-quality professional practice.

Health-related data is treated as sensitive personal data and is processed only when necessary to provide psychological support, in accordance with applicable privacy laws.

​

5. Confidentiality

Information shared during psychological support is treated confidentially.

Information will not be shared with third parties without your explicit consent, unless there is a legal obligation to do so or there is a serious concern about safety or risk of harm.

Where professional supervision or intervision is used, information is discussed anonymously or in a way that does not identify you wherever possible.

​

6. Data Retention

Client records are retained in accordance with Dutch legal requirements. In general, healthcare records must be kept for 20 years from the last change in the file, unless a different legal retention period applies or longer retention is necessary.

Administrative and financial records may be retained for the period required under Dutch tax and administrative laws.

After the applicable retention period, personal data will be securely deleted or anonymised.

​

7. Protection of Personal Data

ClearPath Psychology takes appropriate technical and organisational measures to protect your personal data, including:

secure storage of digital files;
restricted access to personal data;
use of secure communication and administrative systems where possible;
careful handling of physical and digital records.

8. Sharing Personal Data with Third Parties

Your personal data is only shared with third parties when necessary and legally permitted, such as:

with your explicit consent;
when required by law;
with service providers who support the practice, such as secure email, website, invoicing, or administration tools;
in situations involving serious safety concerns or legal obligations.

Where third-party service providers process personal data on behalf of ClearPath Psychology, appropriate data processing agreements are used where required.

​

9. Your Rights

Under the GDPR, you have rights regarding your personal data, including:

the right to access your personal data;
the right to request correction of inaccurate data;
the right to request deletion of data, within legal limits;
the right to restrict processing;
the right to object to certain processing;
the right to data portability where applicable;
the right to withdraw consent where processing is based on consent.

You may also have rights under Dutch healthcare law regarding access to, correction of, or deletion of your client file. Some requests may be limited by legal or professional obligations.

To exercise your rights, please contact ClearPath Psychology using the contact details above.

​

10. Data Breaches

If a data breach occurs that may affect your personal data, ClearPath Psychology will take appropriate steps in accordance with GDPR requirements. Where required, the breach will be reported to the Autoriteit Persoonsgegevens within 72 hours, and you will be informed if the breach is likely to result in a high risk to your rights and freedoms.

​

11. Complaints and Questions

If you have questions or concerns about how your personal data is handled, please contact ClearPath Psychology first.

You also have the right to file a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)88 1805 250

​

12. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in legal requirements or practice procedures. The latest version will be available on the website.