At Narcissistic Abuse Rehab, we’re committed to protecting your privacy and being transparent about how we use your information. This policy explains what data we collect, why we collect it, how we use it, and your rights regarding your data. We comply with the General Data Protection Regulation (GDPR).
- What Data We Collect and Why
- How We Use Your Information
- Who We Share Your Information With
- International Data Transfers
- How Long We Keep Your Information
- Your Rights
- How To Exercise Your Rights
- Data Breaches
- Complaints
- Cookies
- Updates to This Policy
- Contact Us
- Further Reading
What Information We Collect and Why
To provide you with the best possible coaching experience, we collect and process certain personal data. Here’s a breakdown:
- Contact Information: This includes your name, email address, phone number, and preferred method of communication. We use this to schedule appointments, send reminders, and communicate with you about your coaching program. The legal basis for processing this information is our contractual obligation to provide you with coaching services.
- Background Information: This may include information about your professional background, education, goals, and any specific challenges you’re facing. This information helps us understand your needs and tailor our coaching approach. The legal basis for processing this information is your consent, which you can withdraw at any time.
- Session Notes: We may take brief notes during our coaching sessions to help us remember key discussion points and track your progress. These notes are kept confidential and are only used to support your coaching journey. The legal basis for processing this information is our legitimate interest in providing you with effective coaching services. We have balanced this interest against your right to privacy, and we only retain these notes for two (2) years after the end of the coaching relationship.
- Progress Tracking Data: With your consent, we may collect data on your progress towards your goals, such as completed tasks, reflections, or any metrics you’ve chosen to track. This data helps us assess the effectiveness of our coaching strategies and make adjustments as needed. The legal basis for processing this information is your consent, which you can withdraw at any time.
- Payment Information: If applicable, we will collect and process your payment information to manage invoices and payments for our services. The legal basis for processing this information is our contractual obligation to provide you with coaching services.
- Scheduling Information: We will collect information about your appointment preferences and availability to schedule coaching sessions that work best for you. The legal basis for processing this information is our contractual obligation to provide you with coaching services.
How We Use Your Information
We use your information solely for the purposes described above: to provide you with personalized coaching services, track your progress, manage our administrative tasks, and communicate with you effectively. We do not sell your data to third parties.
Who We Share Your Information With
We store and process your data securely using the following third-party services:
- Calendly (Scheduling)
- Zoom (Client Communications)
- MailChimp (Client Communications)
- HubSpot (Client Communications)
- PayPal (Payments)
- Stripe (Payments)
- Google Analytics (Website Analytics)
- Google Workspace (Client Communications and Document Storage)
These providers have their own GDPR-compliant policies and safeguard your data appropriately. We have contracts in place with these providers to ensure they protect your data. We do not share or rent your personal data with anyone else without your explicit consent, unless required by law.
International Data Transfers
As stated in the above paragraph, we use several third-party services to operate our business:
- Payment Processors , i.e. PayPal, Stripe, for transactions
- Scheduling Tools, i.e. Calendly, to manage appointments
- Email and CRM Services, i.e. Zoom, MailChimp, HubSpot, for communication
- Legal or Regulatory Authorities if required by law
In using these services, some of your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that appropriate safeguards are in place for these transfers, including entering into data processing agreements with our service providers that incorporate Standard Contractual Clauses approved by the European Commission. These clauses provide adequate protection for your personal data. For more information about the data processing practices of these third-party services, please refer to their respective privacy policies.
How Long We Keep Your Information
We only retain your personal data for as long as it is necessary for the purposes outlined in this policy or as required by law. Here are some examples:
- Contact Information: We retain this information for 3 years after the end of the coaching relationship, otherwise for one (1) year.
- Session Notes: We retain these notes for two (2) years after the end of the coaching relationship.
- Payment Information: We retain this information for seven (7) years as required by Swedish tax law.
For more information about how long your information is stored, please see our Data Retention Policy.
Your Rights
You have the following rights regarding your personal data:
- Access: You can request access to the personal data we hold about you.
- Rectification: You can ask us to correct any inaccuracies in your data.
- Erasure (“Right to be Forgotten”): You can request that we erase your data under certain circumstances.
- Restriction of Processing: You can request that we restrict the processing of your data in specific situations.
- Data Portability: You can receive your data in a machine-readable format to transfer it to another provider.
- Objection: You can object to the processing of your data for direct marketing purposes or processing based on our legitimate interests.
- Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
- Withdraw Consent: If we rely on your consent to process your data, you can withdraw it at any time.
How to Exercise Your Rights
To exercise any of these rights, please contact us. We will respond to your request within one month, as required by GDPR. We may require you to verify your identity before processing your request to ensure the security of your data.
Data Breaches
If a personal data breach occurs, we will notify you and the appropriate authorities as required by GDPR.
Complaints
If you have any concerns about how we handle your personal information, you have the right to complain to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Cookies
Please review our Cookies Policy here.
Updates to this Policy
We may update this privacy policy from time to time. Any changes will be posted on this page.
Last Updated: February 20, 2025.
Contact Us
If you have any questions about this privacy policy, please contact us.