Privacy Policy
This policy describes the personal data we process when you visit mind-space.sk and book a therapy session. Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Slovak Act No. 18/2018 on Personal Data Protection.
1. Data controller
mindspace s. r. o.
Registered office: Jaskový rad 1983/169, 831 01 Bratislava
Address: Michalská 20, 811 03 Bratislava
Company ID (IČO): 56069073, Tax ID (DIČ): 2122171458
Registered in the Commercial Register of the Žilina District Court, Section: Sro, Entry No.: 84278/L
Email: psycholog@mind-space.sk
2. Personal data we process
When you book an appointment via the form on this site, we process:
- full name,
- email address,
- phone number (optional),
- free-text message (optional),
- the chosen appointment date and time,
- IP address and technical device data (for security purposes, to verify that the form is being submitted by a person rather than an automated bot).
During the therapy itself, further personal and health-related data necessary for providing care may be processed. Such data is not collected through this website, is subject to the therapist's confidentiality obligation, and is processed separately under a distinct session-records regime.
3. Purposes and legal bases of processing
Our services are provided outside the scope of healthcare. This is not certified psychotherapeutic activity under Slovak Act No. 576/2004 on Healthcare. These are therapeutic consultations using the biosynthesis method in a private capacity.
- Booking an appointment and pre-contractual steps before concluding a contract for therapeutic consultations: Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures).
- Communicating with you about your booking, confirming it, and sending reminders: Art. 6(1)(b) GDPR.
- Protecting the form against abuse (CAPTCHA): Art. 6(1)(f) GDPR (the controller's legitimate interest in preventing automated abuse of the booking system).
- Processing personal data concerning health that you communicate to us during therapy: Art. 9(2)(a) GDPR (your explicit consent). Consent is given voluntarily and you have the right to withdraw it at any time.
- Compliance with legal obligations (in particular accounting): Art. 6(1)(c) GDPR.
4. Recipients and transfers to third parties
We disclose personal data only to providers necessary for operating the booking system. These are processors with whom we have concluded contracts under Art. 28 GDPR:
- Microsoft Ireland Operations Ltd. (Microsoft 365 / Outlook, Azure Static Web Apps): storing the booking in the calendar and sending the invitation via Microsoft Graph; hosting the website and server functions in the EU (West Europe region).
- Cloudflare, Inc. (Turnstile, Web Analytics): verifying form submissions and measuring aggregate site traffic (no cookies, no personal data). Headquartered in the USA. EU Standard Contractual Clauses.
- Google LLC (Google Maps): displaying the map in the contact section. The map is loaded only after you click. Headquartered in the USA. Transfers are safeguarded by EU Standard Contractual Clauses and the EU–US Data Privacy Framework.
We do not sell personal data to any third party and do not use it for marketing, profiling, or automated decision-making with legal effects.
5. Retention periods
- Data from an unsubmitted form: not retained.
- Data on a confirmed reservation in the Outlook calendar: for the duration of the therapeutic relationship and a further 3 years (the limitation period under the Slovak Civil Code for any claims arising from the contract), unless you request earlier deletion.
- Accounting and invoicing records: 10 years under Slovak Act No. 431/2002 on Accounting.
- Cloudflare logs (Turnstile + Web Analytics): per Cloudflare's policy, typically a few days.
6. Cookies and similar technologies
This website does not use its own analytics or marketing cookies. Cookies or similar identifiers may be set by these external services:
- Cloudflare Turnstile: required to verify the authenticity of the request before the form is submitted (strictly necessary, no consent required).
- Google Maps: when the map loads in the contact section, Google may set its own cookies under its terms.
- Google Fonts / Fontshare: used only to load typography; may log your device's IP address.
7. Your rights as a data subject
In connection with the processing of personal data, you have the following rights:
- the right of access to personal data (Art. 15 GDPR),
- the right to rectification of inaccurate data (Art. 16),
- the right to erasure ("the right to be forgotten", Art. 17), where there is no legal obligation to retain the data,
- the right to restriction of processing (Art. 18),
- the right to data portability (Art. 20),
- the right to object to processing based on legitimate interest (Art. 21),
- the right to withdraw consent at any time,
- the right to lodge a complaint with a supervisory authority.
You can exercise your rights by emailing psycholog@mind-space.sk. We respond without undue delay, no later than within 30 days.
Supervisory authority:
Personal Data Protection Office of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27
www.uoou.sk
8. Security
The connection between your device and our site is encrypted using HTTPS. The booking form is protected against automated abuse. Calendar entries are stored in a secured Microsoft 365 account with multi-factor authentication. Processors contractually guarantee technical and organisational measures appropriate to the nature of the data processed.
9. Changes to this policy
We may update this policy from time to time. The current version is always published on this page, with the effective date shown. Changes take effect on the date of publication.