Privacy Policy
This Privacy Policy is provided pursuant to Art. 13 of European Regulation No. 679/2016 and applies exclusively to all Data collected through the website https://therapsy.it/. This Privacy Policy is subject to updates, which will be promptly published on the website. This Privacy Policy, together with the Terms and Conditions, any other documents referred to herein, and the Cookie Policy, sets out the basis on which the Data Subject’s personal data will be processed. This Privacy Policy describes the methods of processing the personal data of users who access and use the Therapsy platform (hereinafter, the “Platform”). Therapsy is a digital platform that enables users to identify and contact psychologists and psychiatrists registered with the service, facilitating the initial contact and the organization of appointments. Therapsy does not provide healthcare services, does not carry out diagnosis or therapy activities, and does not access or process the content of sessions conducted between the user and the professional. Any consultation or therapy sessions take place via video communication tools chosen and managed independently by the professionals, who operate as independent data controllers with respect to the processing of personal and health data.
Data Controller
The Data Controller of the Data collected by this website is THERAPY Stp Srl
Via Boeri 11, 20141 Milan – VAT No. 14203210969 – REA MI2765995 email: privacy@therapsy.it
The professionals (psychologists and psychiatrists) who use the Platform operate as independent Data Controllers for the personal and health data processed within the scope of the professional activities carried out with users, including data relating to sessions, interviews, and clinical documentation.
Therapsy does not access, store, or process such data, limiting its role to processing the data necessary for the functioning of the Platform.
Category of Personal Data processed
The personal data processed through the Platform may include:
a) Identification and contact data
First name, last name, email address, phone number, as well as account access credentials.
b) Usage and technical data
Information relating to the use of the Platform, browsing data, IP addresses, access logs, information about the device and browser used.
c) Data voluntarily provided by the User
Content entered in free-text fields, in contact requests, or in communications with the Platform. Such information may, by its nature, be capable of revealing the User’s state of health, although it does not constitute clinical data or healthcare documentation.
d) Data relating to the choice of the professional. Information relating to the preferences expressed by the User in selecting psychologists or psychiatrists.
Therapsy does not process, store, or access personal and health data relating to sessions, interviews, summaries, clinical notes, or any content exchanged between the User and the professional in the context of therapeutic activity.
Methods of Processing Personal Data
Personal data are processed in accordance with the principles of lawfulness, fairness, transparency, and minimization, by means of IT and telematic tools, with logic strictly related to the purposes indicated in this notice. The Data Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including access controls, authentication systems, security protocols, and protection of data from unauthorized access, loss, destruction, or improper disclosure. Access to the data is permitted exclusively to persons authorized by the Data Controller, previously instructed and bound by confidentiality.
Purposes of Processing Personal Data and Legal Basis
Personal Data may be collected independently by the Data Controller or through third parties. In this case, the IT systems and software procedures used to operate this website acquire certain Personal Data of Users, of a technical/IT nature (e.g., IP address, type of browser used, operating system, domain name, and addresses of websites from which access was made or to which the user exited, etc.), the transmission of which is inherent in the normal functioning of the internet. Such Data may be processed solely for the purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.
Users’ personal data are processed by the Data Controller exclusively for the purposes indicated in this section, in compliance with Articles 6 and 9 of Regulation (EU) 2016/679 (GDPR), as well as the applicable regulations for users resident in the United Kingdom and Switzerland.
1) Responding to requests and providing information
The Data will be processed in order to be contacted back or to follow up on specific requests addressed to the Data Controller by the Data Subject for communications relating to the Services and/or Contents of the same Data Controller, via email messages or other communication tools such as telephone or instant messaging WhatsApp Business.
Legal basis: this processing is optional and based on the Data Subject’s consent; however, the provision of the Data is necessary to pursue the stated purpose.
Data retention period: until the Data Subject withdraws consent.
2) Registration on the website
The registration procedure, through the creation of an account, is intended to allow use of the website as a “Registered User”.
Registration on the website through the creation of an account allows the Registered User to:
Make purchases more quickly by saving billing and shipping data.
Store previous appointments
Legal basis: The legal basis for processing is: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) since account registration and cart management are necessary to allow the user to purchase and use the services offered by the site.
User consent (Art. 6(1)(a) GDPR) for any extended storage of access data and purchase preferences. The user may withdraw consent at any time by contacting the Data Controller.
Data retention period: Account data will be stored untilWithdrawal of consent by the User for the storage of preferences.
Deletion of the account at the User’s request.
10 years for information related to purchases, in accordance with tax and accounting obligations.
3) Processing necessary within the scope of a contract
The Data will be processed for the following purposes:
Performance of the contract entered into between the Data Subject and the Data Controller for the sale of Products/Services available on the website.
Management of the contractual relationship, including communications relating to orders, invoicing, and shipping.
After-sales assistance, including requests concerning statutory warranties, withdrawal, and contract termination.
Compliance with legal, administrative, and tax obligations arising from the sale of products/services.
Legal basis of processing: the legal basis of processing is:
Performance of the contract (Art. 6(1)(b) GDPR) Processing is necessary to provide the product/service purchased by the Data Subject.
Legal obligation (Art. 6(1)(c) GDPR) Processing is necessary to comply with tax, administrative, and accounting obligations.
Payment-related data
Data retention period
Personal data processed for contractual and administrative purposes will be retained for the time necessary to perform the contract and, subsequently, for a maximum period of 10 years, in compliance with legal obligations in tax and accounting matters. Online payments are processed by external payment service providers (e.g., PayPal, Stripe, Shopify Payments). The Data Controller does not directly store the Data Subject’s credit card or payment details, but only receives confirmation of payment from the service provider.
4) Compliance with any obligations provided for by applicable laws
The Data will be processed to comply with any type of obligation contemplated and provided for by applicable laws, regulations, related rules, commercial practices, and tax/fiscal matters, including for the purposes provided for by anti-money laundering legislation Legislative Decree 231/2007 and subsequent amendments.
Legal basis: this processing is necessary to comply with a legal obligation to which the Data Controller is subject.
Data retention period: period indicated by law and in any case for a maximum of 10 years for the fulfilment of related administrative and tax obligations.
5) Matching between User and professional
Personal data are processed to allow the User to identify and contact psychologists or psychiatrists registered on the Platform, on the basis of the information and preferences provided. The information entered in free-text fields may be capable of revealing the User’s state of health, although it does not constitute clinical data or healthcare documentation.
Legal basis: Art. 6(1)(b) GDPR – performance of the service; Art. 9(2)(a) GDPR – explicit consent of the Data Subject.
Provision of the data is necessary for the provision of the matching service.
Therapsy does not carry out diagnosis, consultation, or therapy activities and does not process personal and health data relating to sessions conducted between the User and the professional.
Processing of data connected with consultation or therapy sessions is carried out directly by the professionals, as independent Data Controllers.
6) Soft spam
The Data Controller may send the Data Subject commercial and promotional communications via email relating to Products/Services similar to those already purchased by the Data Subject, without the need for prior consent, pursuant to Art. 130, paragraph 4, of the Privacy Code, as amended by Legislative Decree 101/2018. The Data Subject has the right to object at any time to such communications, using the unsubscribe link included in every email received or by contacting the Data Controller at its email address.
Legal basis of processing: Processing is based on the legitimate interest of the Data Controller (Art. 6(f) GDPR) in promoting products or services similar to those already purchased by users. This legitimate interest is balanced with the Data Subject’s right to object at any time, as provided for by Recital 47 of the GDPR.
Data retention period: The Data Subject’s data will be processed for this purpose until the Data Subject exercises the right to object.
7) Newsletter
The personal data provided by the Data Subject will be processed for the sending of newsletters containing promotional, commercial, and advertising communications, as well as updates on initiatives and events of the Data Controller. For sending the newsletter, the Data Controller may process first and last name (if provided by the user), email address. The Data Controller may also have interactions with the emails sent (e.g., opening the newsletter, clicking links), where provided for by the tracking systems used by the Data Controller.
Legal basis of processing: processing is based on the explicit and free consent of the Data Subject, pursuant to Art. 6(1)(a) GDPR. Subscription to the newsletter is optional and failure to provide the data does not affect the use of other services of the site.
Data retention period: The data will be processed until the Data Subject withdraws consent, and the Data Subject may exercise the right to unsubscribe at any time:
Via the cancellation link at the bottom of each newsletter received.
Via a direct request to the Data Controller by sending a communication to the email address.
8) Statistics
The data will be processed to perform statistical analyses and market research aimed at understanding user preferences and behaviors in order to improve the products and services offered, analyze user interaction with the website to optimize navigation and user experience. The analyses will be carried out on aggregated and anonymous data, where possible. If the data cannot be made completely anonymous, they will be processed in pseudonymized form and subject to GDPR safeguards.
Legal basis of processing:
Data Subject’s consent (Art. 6(1)(a) GDPR) If data are collected through analysis tools that track user behavior.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If analyses are carried out exclusively on anonymous and aggregated data.
The Data Subject may withdraw consent at any time and disable tracking through:
The cookie management banner on the site.
Browser settings, which allow blocking tracking cookies.
Direct request to the Data Controller at the email address [insert email].
Data retention period: Data will be stored until consent is withdrawn or for the maximum period set in each analysis tool.
Communication of Data
In addition to the Data Controller, Personal Data may be known or processed, within the limits of the purposes indicated in this notice, by the following subjects:
a) Psychologists and psychiatrists registered on the Platform, exclusively for purposes connected with the matching service and contact with the User.
The professionals operate as independent Data Controllers for the personal and health data processed within the scope of the professional activity carried out with the User.
b) Persons authorized by the Data Controller, specifically trained and bound by confidentiality, involved in the organization and management of the Platform (by way of example: administrative, technical, legal staff, system administrators).
c) External subjects providing instrumental or support services for the functioning of the Platform (such as IT service providers, hosting providers, technical maintenance companies), appointed, where necessary, as Data Processors pursuant to Art. 28 GDPR.
The updated list of Data Processors may be requested at any time from the Data Controller.
d) Public or private entities that may access the Data in compliance with obligations of law, regulations, or orders of the Authority.
e) Subjects carrying out ancillary and instrumental activities with respect to the Data Controller’s activity, within the limits strictly necessary to perform their respective functions.
Processing times
Pursuant to Art. 5(1)(e) GDPR, personal data are stored for the time strictly necessary to achieve the purposes for which they were collected and processed, as described in this notice, as well as for compliance with any legal obligations.
In particular:
data relating to the User’s account are stored for the entire duration of registration on the Platform and deleted following closure of the account, without prejudice to further retention obligations provided for by law;
data provided for contact or assistance requests are stored for the time necessary to manage the request;
data processed for matching purposes are stored for the time necessary to provide the service or until consent is withdrawn, where applicable;
data processed for administrative or legal purposes are stored for the terms provided for by applicable law.
At the end of the retention periods indicated above, personal data will be deleted, anonymized, or made no longer identifiable, unless further retention is necessary to comply with legal obligations or for the establishment, exercise, or defense of a right in judicial proceedings.
Cookies
This website uses cookies. Cookies are small text files that websites can use to make the experience more efficient for the Data Subject and to personalize content and ads, provide social network features, and analyze traffic. Cookie Policy
Place of Processing and transfer of Data abroad
Personal data are processed at the operational headquarters of the Data Controller and through technological infrastructures located within the European Union. The Platform is hosted on servers provided by IONOS SE, a company based in Germany, which operates as Data Processor pursuant to Art. 28 GDPR, on the basis of specific contractual agreements. Personal data may be processed by natural persons and/or legal entities operating on behalf of the Data Controller, duly authorized and bound by confidentiality obligations, based within the European Union. At present, no transfer of personal data to countries outside the European Economic Area (EEA) is envisaged.
Should it become necessary in the future to carry out transfers to third countries, the Data Controller will adopt all safeguard measures provided for by Articles 44 et seq. of the GDPR, including Standard Contractual Clauses or other lawful transfer tools.
Exercise of the data subject’s rights
The Data Subject has the right to exercise the rights provided for by Arts. 7, 15-22 of European Regulation 679/2016. In particular, the Data Subject has the right to withdraw consent at any time and, upon simple request to the Data Controller, may request access to Personal Data, receive the personal data provided to the Data Controller and, where possible, transmit them to another data controller without hindrance (so-called portability), obtain updating, restriction of processing, rectification of Data and deletion of data processed in violation of applicable law. The Data Subject has the right, for legitimate reasons, to object to the Processing of Personal Data concerning him/her and to Processing for the purposes of sending advertising material, direct selling, and carrying out market research. The Data Subject also has the right to lodge a complaint with the Data Protection Authority as the supervisory authority in matters of personal data protection or to take legal action before the competent courts. The Data Subject may exercise his/her rights by contacting the Data Controller by email at: privacy@therapy.it
Tools used for the Processing of Personal Data
Hosting
This website is hosted on hosting infrastructures provided by IONOS SE, a company based in Germany. Browsing data, including IP addresses, technical logs, and information relating to the use of the site, may be automatically collected during access and use of the Platform and processed by the provider’s systems in order to ensure security, proper functioning of the services, stability of the infrastructure, and prevention of unauthorized access.
Legal basis of processing:
the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in ensuring website security, proper functioning of the Platform, and technical management of the infrastructure.
Data retention period:
technical data (such as access logs and error logs) are retained according to the timeframes provided for by the hosting provider’s policies and, in any case, for the period strictly necessary for security and maintenance purposes, without prejudice to further needs for the investigation of unlawful acts or legal defense.
Place of processing:
data are processed at IONOS SE data centers, located within the European Union.
Privacy Policy https://www.ionos.it/terms-gtc/privacy-policy/
Web platform
The site is developed and managed via WordPress, an open-source platform that enables the creation and dynamic administration of web content. The use of WordPress involves interaction with components that may collect and process Personal Data for purposes of user management, e-commerce, activity tracking, security, and technical analysis.
Legal basis of processing: Performance of a contract or pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR), and the legitimate interest of the Data Controller in the technical, administrative, and commercial management of the site (Art. 6(1)(f) GDPR).
Data retention period: Data processed via WordPress are retained for the time necessary to ensure site operation, provision of the requested services, and compliance with legal or tax obligations. Retention times may vary depending on the configuration of installed plugins.
Place of processing: Data are processed through servers located predominantly in Ireland, but some integrated services may use servers located geographically elsewhere, including outside the European Economic Area. In such case, appropriate protection measures are adopted pursuant to Arts. 44 et seq. GDPR. Privacy Policy (link https://automattic.com/privacy/#controllers-and-responsible-companies)
CRM
The site uses ActiveCampaign, provided by ActiveCampaign LLC, as a system for managing contacts and communications with Users. The tool allows managing a contact database and sending communications strictly connected to the use of the Platform (for example operational, informational, or support communications), as well as monitoring in aggregated form interaction with such communications (e.g., email opens), in order to improve service organization. ActiveCampaign is not used for automated profiling, aggressive marketing, or automated decisions.
Legal basis of processing:
performance of pre-contractual or contractual measures (Art. 6(1)(b) GDPR), for communications necessary for the functioning of the Platform;
consent of the Data Subject (Art. 6(1)(a) GDPR), where required by law for specific communications.
Data retention period:
data are retained for the time necessary for the purposes for which they were collected and, in any case, until consent is withdrawn or deletion is requested by the Data Subject, without prejudice to any legal obligations.
Place of processing:
data are processed by ActiveCampaign LLC, a company based in the United States. The transfer of data takes place in compliance with Articles 44 et seq. GDPR, through the adoption of appropriate safeguards, such as Standard Contractual Clauses.
Privacy Policy https://www.activecampaign.com/legal/privacy-policy
Wise
The Platform uses Wise as a support tool for the organizational management of initial free assessment calls and subsequent paid sessions between User and professional. Through this tool, personal data necessary for managing bookings and payments may be processed, such as User identification and contact data, information relating to the booked session, and financial data necessary for executing transactions. Wise is not used to process the contents of sessions, nor to manage health or clinical data, which remain the exclusive responsibility of the professional, as an independent Data Controller.
Legal basis of processing:
performance of pre-contractual and contractual measures (Art. 6(1)(b) GDPR), for managing bookings and payments;
compliance with legal obligations in administrative and accounting matters (Art. 6(1)(c) GDPR), where applicable.
Data retention period:
data are retained for the time necessary to manage bookings and payments and, subsequently, for the periods provided for by applicable law in administrative and tax matters.
Place of processing: data are processed in accordance with the service provider’s policies. Any transfers of data to countries outside the European Economic Area take place in compliance with Articles 44 et seq. GDPR, through the adoption of appropriate safeguards.
Privacy Policy https://wise.com/gb/legal/global-privacy-policy-en?lid=c93vtpwp39ej
TOOLS USED
For managing requests sent by Users through the Platform, the Data Controller uses a combination of technological tools that enable the collection, organization, and management of communications. In particular, the data entered in contact forms may be collected through form systems integrated into the website, subsequently stored in internal management tools and finally used within a Customer Relationship Management (CRM) system, solely for the purpose of following up on requests and managing communications with the User. Data processing takes place in compliance with the purposes indicated in this notice and through providers appointed, where necessary, as Data Processors pursuant to Art. 28 GDPR.
CONTACT FORM
By completing the contact Form with their Data, the Data Subject consents to their use to respond to information requests, or any other purpose indicated by the form header. Personal Data collected through the contact Form: Email, First and Last Name, phone number
This website uses:
Elementor (Elementor Ltd)
The site uses Elementor, a visual page builder that also enables the creation and management of contact forms. Forms created with Elementor can be integrated directly into site pages and are used to collect Personal Data voluntarily provided by the User (e.g., name, email address, personalized messages). Data may also be transmitted to connected external systems (e.g., CRM, email platforms).
Legal basis of processing:
The data subject’s consent (Art. 6(1)(a) GDPR) expressed through the voluntary completion of forms;
Performance of a contract or pre-contractual measures, where the form is functional to the purchase or request of a service (Art. 6(1)(b) GDPR).
Data retention period: Data acquired through Elementor forms are retained for the time necessary to fulfil the User’s request, or according to the timeframes defined by specific purposes (e.g., contact, subscription, booking).
Place of processing: Processing takes place on servers and facilities managed by Elementor Ltd, based in Israel – a country deemed adequate under the GDPR (European Commission adequacy decision). Provider Privacy Policy (link https://elementor.com/about/privacy/
WhatsApp Business
The site may use WhatsApp Business, an instant messaging service provided by WhatsApp Ireland Limited, for direct communications with Users. Through this channel it is possible to provide assistance, respond to requests, send confirmations or communications related to purchased Services. The data provided by the Data Subject (e.g., phone number, name, email) pass through WhatsApp’s infrastructure according to the terms established by the provider.
Legal basis of processing:
Performance of a contract or pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR);
User consent, where required, for promotional or informational purposes (Art. 6(1)(a) GDPR).
Data retention period: Data exchanged via WhatsApp are retained for the time strictly necessary to manage communications and provide the requested service. Messages may also be retained according to WhatsApp policies for security or legal purposes.
Place of processing: Data are processed through servers located in Ireland, but may be subject to international transfers, including outside the European Economic Area, as provided for by the Terms of Service and the Standard Contractual Clauses adopted by WhatsApp.
Link to the provider’s Privacy Policy:
https://www.whatsapp.com/legal?eea=0#privacy-policy
Data processing for businesses:
https://www.whatsapp.com/legal/business-data-processing-terms/
WhatsApp Business Terms of Service:
https://www.whatsapp.com/legal/business-terms/
MANAGEMENT OF EMAIL ADDRESSES
These services enable managing a database of email contacts, phone contacts, or contacts of any other type, used to communicate with the Data Subject. These services may also enable collecting Data relating to the date and time messages are viewed by the Data Subject, as well as the Data Subject’s interaction with them, such as information on clicks on links included in messages.
Newsletter
By registering for the newsletter, the Data Subject’s email address is automatically added to a contact list to which email messages containing information, including of a commercial and promotional nature, relating to this website may be transmitted. The Data Subject’s email address may also be added to this list as a result of registration on this Site or after making a purchase. The Data Subject may choose at any time to unsubscribe from the newsletter by clicking a specific button found within the emails. After clicking the unsubscribe button, the Data Subject’s Data will be immediately deleted from the “email marketing” software. Personal Data collected: email and Name. This website uses the newsletter service provided by:
ActiveCampaign (Active Campaign LLC)
The Data Controller uses the ActiveCampaign service (ActiveCampaign LLC) for managing newsletters and promotional, informational, or commercial communications via email, as well as managing subscriptions and statistical analyses on interaction with newsletters (for example: open rate, clicks on links, etc.).
Data processed: Name, email address.
Legal basis: Data subject’s consent, freely given at the time of subscription to the newsletter, pursuant to Art. 6(1)(a) of Regulation (EU) 2016/679 (GDPR).
Unsubscribe method: The data subject may withdraw consent at any time and unsubscribe from the newsletter by clicking the appropriate link at the bottom of each email. Withdrawal of consent entails immediate deletion of data from the system.
Place of processing: United States. ActiveCampaign LLC processes the data as data processor pursuant to contract under Art. 28 GDPR.
Privacy policy ( https://www.activecampaign.com/legal/privacy-policy)
REGISTRATION ON THE WEBSITE
By registering or authenticating on the Platform, the Data Subject allows the website to identify him/her and access dedicated services, such as management of his/her profile and use of features reserved for registered users.
The Data Subject registers by completing the relevant registration form and providing his/her personal data. Data processing for website registration is based on the performance of pre-contractual or contractual measures pursuant to Art. 6(1)(b) GDPR, and is necessary to allow the User to access and use the services offered by the Platform.
The personal data collected during registration are: first name, last name and email address (used as username), as well as access credentials.
The Data Subject may modify or delete his/her account at any time by accessing profile settings or by contacting the Data Controller at the contact details indicated in this notice.
Registration and authentication services may also take place with the support of third-party services. In such case, the processing of personal data takes place in compliance with the conditions set out in this Privacy Policy and the notices provided by the respective providers.
Such services are not used for profiling purposes or automated decision-making by the Data Controller.
STATISTICS
Statistical services enable the Data Controller to monitor and analyze, in aggregated form, traffic and Platform usage data, in order to understand its operation, improve performance and optimize the Users’ experience. Such services enable collecting information relating to Users’ interaction with the website (for example pages visited, browsing times, traffic source), without being used for individual profiling purposes or automated decision-making. Processing through statistical tools takes place in compliance with applicable law and, where required, subject to the Data Subject’s consent expressed through the cookie management banner. This website uses the following statistical analysis services:
Google Analytics 4
This site uses Google Analytics 4 (GA4), an analytics service provided by Google LLC, to collect anonymous statistical information on website usage, in order to improve the services offered. Google uses the Personal Data collected to:
Track and examine the use of this website.
Compile reports on website activities.
Share data with other Google services for analysis and optimization.
Google may also use Personal Data to personalize ads in its advertising network and may transfer such information to third parties where required by law or where such third parties process the data on Google’s behalf. In Google Analytics 4, IP addresses are used only at the time of collection and then deleted before storage.
Legal basis of processing: processing through Google Analytics 4 is based on:
Data Subject’s consent (Art. 6(1)(a) GDPR) if data are collected via non-anonymized tracking cookies.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) if data are collected in an anonymous and aggregated way without identifying the user.
Personal Data collected: Usage Data (information on user interactions with the site) and Cookies (if enabled).
Data retention period: Data collected via Google Analytics are retained for a maximum period of 14 months, unless otherwise set by the Data Controller.
The Data Subject can disable tracking via:
The cookie management banner on the site.
The browser add-on for deactivating Google Analytics, available at the following link: https://tools.google.com/dlpage/gaoptout?hl=it
Place of processing: USA – Ireland Privacy Policy (link to be activated https://policies.google.com/privacy?hl=it)
Meta Pixel conversion tracking (Meta Platforms, Inc.)
This site uses the Facebook Pixel, a conversion tracking service provided by Meta Platforms, Inc., which allows measuring the effectiveness of advertising campaigns carried out via Facebook and Instagram. The Facebook Pixel monitors conversions that can be attributed to ads published on Facebook, allowing the Data Controller to:
Measure the performance of advertising campaigns.
Create custom audiences based on user interactions.
Retarget users who have visited the website.
Personal Data collected: Cookies and Tracking Tools and usage data (user interactions with the site and ads).
Legal basis of processing: use of the Facebook Pixel for marketing and tracking purposes is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) The Facebook Pixel is activated only upon user consent via the cookie banner.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If tracking is limited to anonymous statistical analysis.
Data retention period: Data collected by the Facebook Pixel are retained for a maximum period of 180 days, unless otherwise set by Meta.
The Data Subject may withdraw consent and disable the Facebook Pixel via:
The cookie management banner on the site.
Facebook account settings, in the “Ad preferences” section.
Facebook opt-out tool: https://www.facebook.com/settings/?tab=ads.
Place of processing: Ireland – Privacy Policy (link to be activated https://www.facebook.com/about/privacy/)
Microsoft Clarity
The site uses Microsoft Clarity, a free behavioral analytics tool that allows monitoring how users interact with web pages (e.g., clicks, mouse movements, scroll, time spent). The service can also record anonymous sessions to identify issues in browsing or optimize user experience, through heat maps and aggregated statistics.
Legal basis of processing:
Data Subject’s consent (Art. 6(1)(a) GDPR), expressed through the cookie banner at first visit;
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) to improve website usability and optimize content offered, provided that it is in aggregated form and not attributable to the user’s identity.
Data retention period: Data collected via Clarity are retained according to the service’s default settings and in compliance with retention policies defined by Microsoft.
Place of processing: Data are processed by Microsoft Corporation, with possible transfer to servers located in the United States. Microsoft adheres to the Data Privacy Framework and adopts Standard Contractual Clauses to ensure data protection pursuant to the GDPR. Privacy Policy (Link https://privacy.microsoft.com/privacystatement)
TAG MANAGEMENT
The use of tag management systems enables installing and managing snippets of code (called Tags) within the HTML pages of a website. This technology makes it possible to load tracking and analysis tools without manually modifying the website’s source code, and to manage multiple services simultaneously with a single snippet. Use of these services may involve the transfer of the Data Subject’s Data to third-party tools that use these tags.
Google Tag Manager (Google LLC or Google Ireland Limited)
The site uses Google Tag Manager, a service provided by Google LLC that allows integrating and managing third-party tags, such as analysis tools, remarketing and conversion tracking. Google Tag Manager itself does not collect personal data, but it may activate other tracking tools that do. If such tools involve the collection of personal data, processing will be subject to the relevant privacy policies and user consent.
Google Tag Manager does not directly collect personal data, but it may manage tags that collect:
Cookies and Tracking Tools (if activated).
Website usage data (user interactions with the site).
Legal basis of processing:
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If Tag Manager is used only for technical tag management without activating non-essential tracking.
Data Subject’s consent (Art. 6(1)(a) GDPR) If Google Tag Manager is used to activate tracking tools and personalized advertising (e.g., Google Analytics, Facebook Pixel).
Data retention period: Google Tag Manager does not store users’ personal data. However, third-party services activated through it may collect and store data according to their respective policies.
If Google Tag Manager is used to activate tracking tools, the Data Subject may withdraw consent via:
The cookie management banner on the site.
Browser settings to block third-party cookies.
Place of processing: USA – Ireland – Privacy Policy (link to be activated https://policies.google.com/privacy)
INTERACTION WITH SOCIAL NETWORKS
These services allow interactions with social networks directly from this website’s pages. Interactions and information acquired from this website are in any case subject to the Data Subject’s privacy settings relating to each social network. Where a social network interaction service is installed, it is possible that, even if Users do not use the service, it collects traffic data relating to the pages where it is installed.
Facebook (Meta Platforms, Inc.)
Facebook buttons are services for interacting with the Facebook social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data.
Legal basis of processing: Integration of these services may involve processing of Personal Data, which is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) If the site uses tracking cookies for marketing or personalization purposes.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only to enable interaction with social networks without further tracking.
The Data Subject may withdraw consent and limit social network tracking via:
The cookie management banner on the site.
Privacy settings of the user’s social network account.
Browser settings, which allow blocking third-party cookies.
Place of processing: Ireland – Privacy Policy (link to be activated https://www.facebook.com/privacy/explanation)
Instagram (Meta Platforms, Inc.)
Instagram buttons are services for interacting with the Instagram social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data.
Legal basis of processing: Integration of these services may involve processing of Personal Data, which is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) If the site uses tracking cookies for marketing or personalization purposes.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only to enable interaction with social networks without further tracking.
The Data Subject may withdraw consent and limit social network tracking via:
The cookie management banner on the site.
Privacy settings of the user’s social network account.
Browser settings, which allow blocking third-party cookies.
Place of processing: Ireland – Privacy Policy (link to be activated https://help.instagram.com/519522125107875)
LinkedIn (LinkedIn Ireland Unlimited Company)
LinkedIn buttons are services for interacting with the LinkedIn social network, provided by LinkedIn Corporation. Personal Data collected: Cookies and Usage Data.
Legal basis of processing: Integration of these services may involve processing of Personal Data, which is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) If the site uses tracking cookies for marketing or personalization purposes.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only to enable interaction with social networks without further tracking.
The Data Subject may withdraw consent and limit social network tracking via:
The cookie management banner on the site.
Privacy settings of the user’s social network account.
Browser settings, which allow blocking third-party cookies.Place of processing: Ireland – Privacy Policy (link to be activated https://www.linkedin.com/legal/privacy-policy?_l=it_IT)
Youtube (Google Ireland Limited)
Youtube buttons are services for interacting with the video content viewing service managed by Google. Personal Data collected: Cookies and Usage Data.
Legal basis of processing: Integration of these services may involve processing of Personal Data, which is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) If the site uses tracking cookies for marketing or personalization purposes.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only to enable interaction with social networks without further tracking.
The Data Subject may withdraw consent and limit social network tracking via:
The cookie management banner on the site.
Privacy settings of the user’s social network account.
Browser settings, which allow blocking third-party cookies. Place of Processing: Ireland – Privacy Policy (link to be activated https://policies.google.com/privacy?hl=it)
TikTok
TikTok buttons and widgets are services for interacting with the TikTok platform, provided by TikTok Technology Limited.
Integration of these tools may involve the automatic collection of Personal Data for analysis or marketing purposes by the platform.
Personal Data collected: Cookies and Usage Data.
Legal basis of processing:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR), in case of use of profiling, marketing, or personalization cookies.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR), only in case of basic loading of social content without additional tracking.
The Data Subject may withdraw consent or limit its use through:
The cookie management banner on the site.
Privacy settings of the TikTok account.
Browser settings to block third-party cookies.
Place of processing: Ireland -Privacy Policy (link to be activated https://www.tiktok.com/legal/page/us/privacy-policy/en)
REMARKETING AND RETARGETING
These services allow this website to communicate, optimize and serve advertisements based on the Data Subject’s past use of this website. This activity is carried out through tracking of Usage Data and the use of Cookies or Tracking Tools.
Facebook Remarketing (Meta Platforms, Inc.)
The site uses the Facebook Remarketing service, provided by Meta Platforms, Inc., which connects user activity on the website with Facebook and Instagram’s advertising network. The site uses Facebook Pixel to:
Show personalized advertisements to users who have visited the site.
Create audience groups to target specific ads.
Analyze conversions and measure the effectiveness of advertising campaigns.
Personal Data collected:
Cookies and Tracking Tools.
Usage data (user interactions with the site and advertising ads).
Legal basis of processing:
Use of Facebook Remarketing is based on:
Explicit consent of the Data Subject (Art. 6(1)(a) GDPR) The Facebook Pixel is activated only upon user consent via the cookie banner.
Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only in anonymous form for statistical analysis.
The information collected by the Facebook Pixel is anonymous for the site owner, but Facebook may link it to the user’s profile. Facebook may use these data for its own advertising purposes, including on third-party sites, in accordance with its Privacy Policy (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0). The Data Controller has no direct control over Facebook’s use of the data.
Data retention period: Data collected by the Facebook Pixel are retained for a maximum of 180 days, unless otherwise set by Meta.
The Data Subject may withdraw consent and disable Remarketing via:
The cookie management banner on the site.
Facebook account settings, in the “Ad preferences” section.
Facebook opt-out tool: Manage ad preferences (https://www.facebook.com/settings/?tab=ads).
Place of processing: Ireland – Privacy Policy (link to be activated https://www.facebook.com/about/privacy/)
CONTENT ON EXTERNAL PLATFORMS
These services allow displaying content hosted on external platforms directly from this website’s pages and interacting with it.
Where a service of this kind is installed, it is possible that, even if Users do not use the service, it collects traffic Data relating to the pages where it is installed.
This website uses
Google Maps
Google Maps is a map visualization service managed by Google that allows this website to integrate such content within its pages. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to be activated https://policies.google.com/privacy?hl=it)
PAYMENT MANAGEMENT
Payment management services allow the Platform to manage economic transactions connected to initial assessment calls and any paid sessions between User and professional. The data necessary for executing payments (such as identification data, contact data, and transaction information) are processed directly by the payment service provider, without the Data Controller having access to the complete data relating to the payment instruments used by the User. Some of these services may also allow the automatic sending of service communications, such as confirmation emails, receipts, or notifications relating to payments made. This website uses the following payment management service:
Wise
The Platform uses Wise for managing economic transactions and administrative aspects connected to payments. The processing of personal data through Wise takes place exclusively for purposes of payment management and related administrative fulfilments. Wise is not used to process the contents of sessions, nor to manage health or clinical data, which remain the exclusive responsibility of the professional, as an independent Data Controller.
Legal basis of processing:
performance of contractual measures (Art. 6(1)(b) GDPR);
compliance with legal obligations in administrative and accounting matters (Art. 6(1)(c) GDPR), where applicable.
Place of processing:
as provided for in the provider’s Privacy Policy. Privacy Policy
https://wise.com/gb/legal/global-privacy-policy-en
Users resident in the United Kingdom
For Users resident in the United Kingdom, the processing of personal data takes place in compliance with the UK GDPR and the Data Protection Act 2018. The rights granted to Data Subjects under the UK GDPR are substantially equivalent to those provided for by Regulation (EU) 2016/679 (GDPR). The competent supervisory authority is the Information Commissioner’s Office (ICO), based in the United Kingdom.
Users resident in Switzerland
For Users resident in Switzerland, the processing of personal data takes place in compliance with the Federal Act on Data Protection (nFADP) and applicable Swiss regulations.
Data Subjects may exercise the rights provided for by Swiss data protection law, including the right of access, rectification and deletion of their data, within the limits and in the manner provided for by law.
The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Users are therefore requested to consult this page often, taking as reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, the Data Subject must cease using this website and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that time. The Data Controller is not responsible for updating all links displayed in this Privacy Policy; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referenced by that link.
Privacy Policy updated in December 2025