PRIVACY POLICY

Your privacy is a fundamental part of the therapeutic relationship. This policy explains how your personal data is handled at Elara Practice.

1. Responsible Entity

This privacy policy applies to services offered by Elara Practice

2. Types of Data Processed

I collect only the information necessary to provide safe and effective therapy. This includes:

  • Identity Data: Name, date of birth, and gender.

  • Contact Data: Email address, phone number, and physical address.

  • Sensitive Data: Health information, psychological history, session notes, and any other personal details shared during therapy.

  • Financial Data: Billing address and payment details (processed securely via third-party providers).

3. Duration of Data Keeping

I do not keep your data longer than is necessary.

  • Medical Records: In accordance with Dutch and EU law, therapeutic records are generally kept for 20 years after the conclusion of treatment.

  • Administrative Data: Invoices and financial records are kept for 7 years for tax purposes.

  • Inquiries: If you contact me but do not start therapy, your data will be deleted immediately after.

4. Sharing Data

Your data is never sold to third parties. It is only shared in the following specific circumstances:

  • Service Providers: To run my practice (e.g., secure email, booking systems, and accounting software). These providers are GDPR-compliant.

  • Legal Obligation: If I am legally required to share information (e.g., a court order or immediate risk of harm to yourself or others).

  • Supervision: As part of professional development, I may discuss cases with a supervisor. In these instances, all identifying details are removed to ensure your anonymity.

5. Third-Party Tools

For scheduling, I use Calendly.

  • When you book a session, the information you provide (name, email) is stored by Calendly.

  • They adhere to strict privacy standards and are compliant with international data transfer regulations. You can view their specific privacy policy on their website.

6. Data Protection

I take the security of your information seriously. Technical and organizational measures include:

  • Using encrypted, password-protected devices.

  • Storing digital records in GDPR-compliant, encrypted cloud storage.

  • Ensuring any physical notes are kept in a locked filing cabinet.

7. Confidentiality & Professional Standard

Beyond legal requirements, I am bound by the ethical codes of the Netherlands Institute of Psychologists (NIP) . This ensures that the content of our sessions remains strictly confidential unless a specific “duty of care” exception applies (as outlined in the Terms & Conditions).

8. Your Rights Under GDPR

You have specific rights regarding your personal data:

  • Access: You can request a copy of the data I hold about you.

  • Correction: You can ask me to correct inaccurate or incomplete information.

  • Erasure: You can request that I delete your data (subject to legal retention requirements).

  • Withdrawal of Consent: You can withdraw your consent for data processing at any time.

If you wish to exercise any of the rights mentioned above, please send a written request to info@elarapractice.com. I will respond to your request within 30 days. Please note that I may ask for proof of identity to ensure your data is not shared with the wrong person.

Last Update: February 2026