top of page

ClearPath

PSYCHOLOGY

Services offered in English and Farsi

Privacy Policy

This Privacy Policy explains how ClearPath Psychology collects, uses, and protects personal data in compliance with the General Data Protection Regulation (GDPR) and Dutch data protection laws. Protecting your privacy is of utmost importance to us.

1. Data Controller Information

The data controller responsible for processing your personal data is:

  • Practice Name: ClearPath Psychology

  • Contact Person: Mahnoush Nekoufar

2. Types of Personal Data Collected

We may collect the following types of personal data from clients:

  • Identification Data: Name, date of birth, address, phone number, and email address.

  • Health Data: Information shared during therapy sessions, including medical history, psychological assessments, and treatment plans.

  • Financial Data: Bank account details for payment purposes.

  • Communication Data: Emails, phone calls, and messages exchanged with the therapist.

3. Purpose of Data Collection

Your personal data is collected and processed for the following purposes:

  • To provide psychological counseling and therapy services.

  • To manage appointments and communication.

  • To handle invoicing and payment processing.

  • To comply with legal obligations (e.g., record-keeping requirements).

  • To improve the quality of our services through supervision and intervision (with anonymized data).

4. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

  • Consent: You provide explicit consent for us to process your personal data for therapy purposes.

  • Contractual Obligation: Processing is necessary to fulfill the treatment agreement between you and the therapist.

  • Legal Obligation: We are required to retain certain data by Dutch law (e.g., financial records).

  • Legitimate Interest: To ensure the quality and continuity of the therapy provided.

5. Data Retention Policy

We retain personal data for a period of 15 years from the date of the last session, as required by Dutch healthcare regulations.

After this period, your data will be securely deleted or anonymized.

6. How Your Data is Protected

We take appropriate technical and organizational measures to ensure that your personal data is secure. This includes:

  • Encrypted storage of digital files.

  • Secure filing systems for physical documents.

  • Restricted access to data.

  • Regular data security checks and updates.


7. Sharing of Personal Data

Your personal data will only be shared with third parties in the following cases:

  • With Your Explicit Consent: For example, sharing information with a medical specialist.

  • Legal Requirements: If we are legally required to disclose your information (e.g., court order).

  • Data Processors: We use GDPR-compliant third-party services (e.g., practice management software, invoicing tools) that process data on our behalf.

All data processors we work with have signed Data Processing Agreements (DPAs) to ensure your data is handled securely.

8. Your Rights as a Client

Under the GDPR, you have the following rights regarding your personal data:

  1. Right to Access: You can request a copy of your personal data.

  2. Right to Rectification: You can request corrections to your data if it is inaccurate.

  3. Right to Erasure: You can request the deletion of your data (within legal limits).

  4. Right to Restrict Processing: You can request that we limit the processing of your data.

  5. Right to Data Portability: You can request that your data be transferred to another service provider.

  6. Right to Object: You can object to the processing of your data in certain cases.

  7. Right to Withdraw Consent: You can withdraw your consent for data processing at any time.

To exercise any of these rights, please contact us using the details provided above.

9. Data Breach Procedure

In the unlikely event of a data breach that affects your personal data, we will:

  1. Notify the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) within 72 hours.

  2. Inform you if the breach poses a high risk to your privacy.

10. Complaints and Questions

If you have any concerns or complaints about how we handle your personal data, you can contact us at any time. If we cannot resolve your concern, you have the right to file a complaint with the Autoriteit Persoonsgegevens:

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website or upon request.

bottom of page