Privacy Policy

1. Introduction

PsyMentalHealth Ltd ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This policy applies to all personal data we collect through our website, appointment booking system, and therapeutic services.

2. Data Controller

3. Information We Collect

3.1 Personal Information You Provide:

• Contact Information: Name, email address, phone number, postal address
• Appointment Information: Service requested, preferred practitioner, session type (online/in-person), preferred dates and times
• Health Information: Medical history, mental health information, assessment results, therapy session notes (maintained by individual practitioners)
• Payment Information: Billing details, payment history (processed securely by practitioners)
• Communication Records: Emails, phone calls, and messages exchanged with us

3.2 Information Automatically Collected:

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on pages, links clicked, referral sources
• Cookies: See our Cookies Policy for detailed information

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Delivery:

• Processing and confirming appointment requests
• Matching you with appropriate therapists
• Providing therapeutic services and support
• Maintaining clinical records (by individual practitioners)
• Sending appointment reminders and service-related communications

4.2 Business Operations:

• Managing our client database
• Processing payments and managing billing
• Responding to inquiries and providing customer support
• Improving our services and website functionality
• Conducting internal research and analytics

4.3 Legal Compliance:

• Complying with legal obligations and professional standards
• Protecting our rights and those of our clients
• Preventing fraud and ensuring security

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To fulfill our contractual obligations to provide therapeutic services
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: To comply with legal and regulatory requirements
• Legitimate Interests: For business operations, fraud prevention, and service improvement, where not overridden by your rights
• Vital Interests: To protect life or physical safety in emergency situations

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Independent Practitioners: Your information is shared with the therapist you are matched with, who operates independently and maintains their own clinical records.

6.2 Service Providers: Trusted third-party service providers who assist us with:

• Website hosting and maintenance
• Email services
• Data storage and backup
• IT support and security

6.3 Legal Requirements: We may disclose information when required by law, court order, or to protect the safety of individuals.

6.4 Professional Bodies: In cases of complaints or professional misconduct investigations, information may be shared with relevant accreditation bodies.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Secure SSL/TLS encryption for data transmission
• Regular security assessments and updates
• Access controls and authentication systems
• Staff training on data protection and confidentiality
• Regular data backups with secure storage
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but maintain industry-standard protections.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Appointment Requests: Retained for up to 12 months after your last contact
• Clinical Records: Maintained by individual practitioners in accordance with their professional body's requirements (typically 7 years after last session for adults, longer for children)
• Financial Records: Retained for 6 years in compliance with Irish tax law
• Website Analytics: Anonymized after 26 months

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing activities where consent was the basis
• Right to Lodge a Complaint: File a complaint with the Data Protection Commission (Ireland)

To exercise these rights, contact us at info@psymentalhealth.ie. We will respond within one month.

10. Children's Privacy

We provide services to children and adolescents, always with parental or guardian consent. When collecting information about minors, we:

• Obtain consent from a parent or legal guardian
• Collect only information necessary for therapeutic purposes
• Maintain strict confidentiality in accordance with professional standards
• Retain records for extended periods as required by professional guidelines

11. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Other legally approved transfer mechanisms

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. For detailed information about the cookies we use and how to manage them, please see our Cookies Policy.

13. Third-Party Links

Our website may contain links to third-party websites (such as professional accreditation bodies or crisis support services). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Last Updated" date at the top of this policy indicates when it was last revised.

15. Contact and Complaints

For questions, concerns, or to exercise your data protection rights, please contact us:

You also have the right to lodge a complaint with the Data Protection Commission: