Penelope Myszka, MA, Clinical Psychologist

Book Session

Privacy Policy

Last updated: May 1, 2025

This Privacy Policy explains how your personal data is collected, used, and protected when you engage with the services of Penelope Myszka, a private psychological therapy practice operating in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Polish data protection laws.

The data controller of your personal data is:

Penelope Myszka
Address: Ulica Jana Kochanowskiego 34/13, 01-864, Warsaw, Poland
NIP: 5214002795
Email: info@penelopemyszka.com

We are committed to protecting your personal information and respecting your privacy rights. This Privacy Policy outlines your rights under GDPR and how we fulfill our responsibilities as the data controller.

§1. Definitions

For the purposes of this Privacy Policy:

  • “Personal Data” means any information that relates to an identified or identifiable individual, such as name, contact information, and health-related data.
  • “Special Category Data” refers to sensitive personal data such as health or medical information, which is subject to enhanced protection under GDPR (Article 9).
  • “Processing” means any operation performed on personal data, whether automated or not, such as collection, storage, use, transfer, or deletion.
  • “Data Controller” refers to the person or organization that determines the purposes and means of processing personal data—in this case, Penelope Myszka.
  • “We”, “Us”, or “Our” refers to Penelope Myszka, operating as the data controller and service provider.
  • “Service” refers to the psychological and psychotherapy services provided by Penelope Myszka through the website or other means.
  • “Website” refers to the publicly accessible site operated by us at www.penelopemyszka.com.
  • “You”, “User”, or “Client” refers to the individual whose personal data is being collected and processed.
  • “Cookies” are small text files stored on your device to help websites operate and gather usage statistics.
  • “Third-Party Service Providers” are external companies or individuals who process data on our behalf to help provide or improve our services.

§2. What Data We Collect

We collect and process the following personal data, depending on your interaction with our services:

Personal Identification Data

  • First name and last name
  • Email address
  • Phone number
  • Home address

Medical and Intake Data (Optional)

  • Medical history and current psychological concerns
  • Information you voluntarily provide through intake forms or questionnaires

Usage Data

  • IP address, browser type, device type, and other diagnostic data collected automatically via cookies or analytics tools
  • Information on how you interact with our website (e.g., pages visited, session duration)

§3. Purpose and Legal Basis for Processing

We process your personal data only where legally permitted, in accordance with the GDPR. The purposes and legal bases include:

  • To communicate with you and respond to inquiries – Based on your consent (Article 6(1)(a) GDPR).
  • To provide psychological or psychotherapy services – Necessary for the performance of a contract (Article 6(1)(b) GDPR).
  • To process payments using Stripe – Based on legitimate interest to ensure secure and efficient payment processing and contract fulfillment (Articles 6(1)(b) and 6(1)(f) GDPR).
  • To collect and store optional intake forms containing medical data – Based on your explicit consent (Article 9(2)(a) GDPR).
  • To send important administrative or service-related communications – Based on legitimate interest (Article 6(1)(f) GDPR).
  • To comply with legal and tax obligations – Based on a legal obligation (Article 6(1)(c) GDPR).

Providing your personal data is voluntary, but necessary to provide our services.

§4. Cookies and Tracking Technologies

We use cookies to ensure our website functions correctly and to analyze general usage patterns. You can control or disable cookies in your browser settings.

§5. Use of Third-Party Services

We use trusted third-party services that may process your personal data to support our operations and service delivery. These include:

  • Stripe – for secure online payment processing
  • Acuity Scheduling – for appointment scheduling
  • Google Analytics – to analyze website performance and traffic
  • Google Meet – for secure video conferencing
  • Google Workspace – for secure communication and document storage
  • Hostinger – for secure website hosting
  • WordPress – for content management of our website

All third-party service providers are required to handle data securely and in compliance with GDPR.

§6. Data Retention

In accordance with Polish law, medical documentation, including psychological notes, must be stored for 20 years from the last entry or session, unless a different period applies by specific regulation. Other personal data (such as email correspondence or billing details) will be retained only for as long as necessary for the intended purposes or legal obligations (e.g., tax retention for 5 years).

§7. Sharing Your Personal Data

We do not sell or rent your data. Your information may only be shared:

  • With third-party service providers as listed above
  • With public authorities if legally required
  • With your explicit consent, when applicable

§8. Data Transfers Outside the EEA

If we use services based outside the European Economic Area, your data may be transferred internationally. We ensure such transfers meet GDPR adequacy requirements and apply appropriate safeguards (such as standard contractual clauses).

§9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate or incomplete data (Art. 16)
  • Request erasure of your data (“right to be forgotten”) (Art. 17)
  • Restrict processing in specific circumstances (Art. 18)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Receive your data in a portable format (Art. 20)

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe your data is being processed unlawfully.

To exercise any of these rights, please contact us at info@penelopemyszka.com.

§10. Changes to This Policy

We may update this Privacy Policy periodically. You will be informed of any significant changes via email or a notice on our website. The latest version will always include a “last updated” date at the top.

§11. Disclaimer for Online Therapy Across Borders

Our services may be accessed online by individuals located in jurisdictions outside of Poland. While we make every effort to comply with applicable data protection and professional regulations, it is your responsibility to ensure that accessing psychological services from abroad does not conflict with the laws or ethical standards of your country or region.

By using our services from outside Poland, you confirm that you do so at your own initiative and that you understand and accept the limitations that may arise from practicing across jurisdictions.

§12. Contact

If you have any questions or requests regarding this Privacy Policy, contact:

Penelope Myszka
Email: info@penelopemyszka.com
Phone: +48 889 299 841