Privacy Policy
(Updated 2025)
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), Therapsy, owned by Francesca Adriana Boccalari (hereinafter referred to as “Therapsy” or the “Data Controller”), with registered office at Via Giovanni Battista Boeri, n. 11, Milan (MI), Italy, VAT number 08916920963, provides the following information regarding the processing of personal data collected through the website www.therapsy.it.
1. Data controller and contact details
Data Controller: Therapsy, owned by Francesca Adriana Boccalari
Registered office: Via Giovanni Battista Boeri, n. 11, Milan (MI), Italy
Email: info@therapsy.it
Privacy Contact (NOT a DPO):
Name: Lorenzo Ferrari
Email: info@therapsy.it
2. Categories of personal data collected
Therapsy processes the following categories of personal data:
a) Data of users requesting therapy services
- First and last name
- Phone number
- Email address
- Preferred city
- Spoken language
- Health data (difficulties and reasons for requesting services)
- Other data voluntarily provided through contact forms or communication
Health data is anonymized until the first consultation with the assigned therapist, transmitted via a secure channel, and stored in a database with restricted access.
b) Data of therapists collaborating with therapsy
- First and last name
- Email and phone number
- City and addresses of physical offices
- Spoken languages
- Curriculum vitae
- Professional license registration details
- Facial photograph
c) Browsing data and tracking technologies
- IP address
- Website usage data
- Cookies and tracking technologies (see Cookie Policy for details)
3. Purposes, legal bases, and data retention periods
| Purpose | Legal basis | Retention period |
|---|---|---|
| Enabling website navigation and technical management | Legitimate interest (Article 6(1)(f) GDPR) | Until the session ends |
| Responding to contact requests and service inquiries | Pre-contractual obligations (Article 6(1)(b) GDPR) | 24 months from the response date |
| Matching users with a suitable therapist | Explicit consent (Article 9(2)(a) GDPR) | For the duration of the therapeutic relationship and for 6 months thereafter |
| Managing therapist collaborations | Contractual obligations (Article 6(1)(b) GDPR) | For the duration of the collaboration and for 1 year thereafter |
| Sending promotional emails and newsletters | Consent (Article 6(1)(a) GDPR) | 36 months or until consent is withdrawn |
| Statistical analysis and service improvement | Legitimate interest (Article 6(1)(f) GDPR) | Aggregated and anonymized data is retained indefinitely |
| Legal defense and compliance | Legitimate interest (Article 6(1)(f) GDPR) | For as long as necessary to protect legal rights |
Profiling: No automated algorithms are used to match therapists and patients. Assignments are made by a Therapsy staff member.
4. Data recipients and international transfers
Personal data may be shared with:
- Therapists collaborating with Therapsy to provide services
- IT service providers managing the website and communication platforms
- Public authorities, when required by law
International data transfers
Some service providers used by Therapsy (e.g., Google, Meta, Microsoft Clarity, Calendly) may transfer data outside the European Economic Area (EEA). In such cases, Standard Contractual Clauses (SCCs) under Article 46 GDPR are implemented to ensure adequate data protection.
5. Data deletion procedure
User data
- Health and personal data are automatically deleted 6 months after the end of the therapy process.
- Users receive an email notification confirming data deletion.
Therapist data
- Therapist data is deleted 1 year after the termination of collaboration.
Backup retention: Any backup copies containing personal data are permanently deleted within 90 days.
6. User rights
Under GDPR, users have the right to:
- Access their personal data
- Rectify inaccurate data
- Request deletion (“Right to be forgotten”)
- Restrict processing
- Request data portability
- Object to processing
- Withdraw consent (for consent-based data processing)
Right to data portability
Users may request a copy of their personal data in a structured, machine-readable format by emailing info@therapsy.it. Requests will be processed within 30 days.
Gdpr request management procedure
- Requests are logged in an internal registry and processed within 30 days (extendable by an additional 60 days for complex cases).
- If a request is denied, the user will receive a clear explanation and information on their right to file a complaint with the Italian Data Protection Authority.
Right to lodge a complaint
Users can submit a complaint to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if they believe their data has been misused.
7. Cookie policy
Therapsy uses technical, profiling, and marketing cookies.
Users can manage their preferences through the interactive banner on the website.
For complete details, refer to the Cookie Policy.
8. Policy updates
Therapsy reserves the right to periodically update this privacy policy.
Users will be informed via email or website notifications if substantial changes occur.
This privacy policy is designed to ensure compliance with GDPR and transparency in data processing. For any questions or requests, contact info@therapsy.it.
Need help?
Want expert tips?
Are you a therapist?
