1 - Purpose
2 - Time of collection of personal data
3 - Personal data collected
We define personal data as any information about an identified or identifiable living individual, excluding anonymous or non-personal information.
To operate this platform, we collect and store different types of personal data regarding the site’s users, therapy practitioners, and employees. The personal data collected includes: name, identity documents, gender, date of birth, address, e-mail, phone number, nationality, IP address, information about the browser and operating system used to access the platform, links and buttons clicked during the platform using, session data, medical information collected by the practitioners and any other information necessary for Therapy Panda business purposes.
Therapy Panda utilises cookies to offer the best service for you. Cookies are pieces of data from a website or platform that are stored within a web browser, smartphone or any other device with internet access. They can be retrieved at a later time after the user has returned to our page, and remember your setting choices for using the website.
Therapy Panda uses three different types of cookies, which are:
Necessary cookies are essential for the website to function and cannot be switched off. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Preference cookies enable the website to provide enhanced functionality and personalisation. If you do not allow these cookies, then some or all of these services may not function properly.
Statistics cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
You can always change your cookies’ settings on the website, deactivating the preferences and statistics cookies. It is important to be aware however that switching them off may affect the site’s functions and performance.
5 - Therapy Panda’s Liability
It is the company’s responsibility to protect and store your data in a safe place. Although, it is not Therapy Panda’s responsibility to ensure the accuracy of the information which the users and practitioners provide us when using the platform. Furthermore, Therapy Panda is not responsible for keeping your information updated, when it is the users’ and practitioners’ liability for the accuracy of the provided information.
6 - Therapy Practitioner’s Liability
All medical registers, including the medical information you may share with a practitioner, are stored by the practitioner or practitioners you have had sessions with. Every practitioner has the legal obligation to store and use this data according to current legislation and industry Code of Ethics. Our platform also provides a system where the practitioners can make notes and store documents on their dashboard, the use of this system is optional and, if used, the information will be stored and encrypted within the platform.
7 - Data collection purpose
Respecting the principle of the purpose limitation provided by the UK GDPR, all personal data is collected for specified, explicit, and legitimate purposes.
These purposes are:
a) to identify and verify the user on our platform;
b) to provide the services we offer, completing the activities you requested, such as registering on the platform;
d) to answer the requests and doubts that the users and practitioners may have and ) provide you with support;
e) to keep your personal information updated;
f) to contact you when necessary;
g) for billing and transaction processing purposes;
h) to match users with practitioners and facilitate the practitioner’s services;
i) to supervise, administer, and monitor the platform, making sure we can measure and improve the quality and effectiveness of our services;
j) to assure Therapy Panda's legal rights and obligations;
k) to attend to any requirement from legal, governmental, or political authority;
l) to defend Therapy Panda and Therapy Panda's rights, including when requested in court;
m) to improve the use and browsing experience of our platform, which can include the data sharing with our business partners;
n) to carry out statistics, studies, research, and surveys relevant to our activities, to maintain the relationship with our users and practitioners;
o) to promote our services and products, and inform you about our news, features, content, and other relevant events. (This content will only be sent to you if you choose to receive it).
8 - Data sharing
For the best operation of our platform, Therapy Panda may share your personal information with our contractors, members, and service providers. For example, Amazon Web Service (AWS) is used for cloud storage and, in order for the platform to operate, data must be sent to the company for data hosting. Similarly, the Vectera system is used to facilitate encrypted audio and video meetings. In all cases, we make sure that all the provider companies have a high level of data security and follow current legislation.
Your personal information may be also disclosed in other situations, such as:
a) when required by legal, governmental, or political authority where we will not disclose more personal information than necessary;
b) in cases to comply with valid legal processes such as search warrants, subpoenas, or court orders;
c) to protect the rights and property of Therapy Panda, including in judicial and administrative proceedings;
d) during emergency and atypical situations to protect the safety of a person or groups;
e) to providers of customer support, communications and marketing services.
9 - Data security
To keep your personal data safe, we use Amazon Web Services (AWS) to store all the collected information, knowing they follow the legislation and keep their security policy updated.
We also use encryption technology throughout the platform, and provide a two-factor authentication system for the practitioner’s access. We have implemented Privacy by Design in every step of the platform’s development and through its continued operation.
We know that every online service platform is not 100% risk-free, but we maintain a constant review and implementation of safeguards, that are designed to protect your personal data from any leak, unauthorised access, use, modification, or disclosure.
Valuing the principle of transparency, we will contact all users and practitioners that could have been or have been affected by any suspicious activity caused by a data breach.
10 - Individuals rights and choices (GDPR UK)
Right to access your Personal Information
You have the right to ask us for a copy of the personal information that we hold about you. Usually, we will respond to your request by sending you a copy of your information within a month of the request. If you want to make any changes to your personal data, such as review, verify or correct the information, you can contact us via email at firstname.lastname@example.org as the requirement must be done in writing.
To be able to respond to your request, we may request some specific information in order to confirm your identity.
It is important to mention that the right to access your personal information is not absolute. There are specific situations in which the law allows us to refuse to provide some or all the personal information required. In other cases, the personal information may have been destroyed, erased, or anonymised, according to our retention and deletion obligations (section 11). If your request cannot be attended to, our team will make sure to try to inform you of the reasons that made it impossible.
Right to update your personal information
For the best use of our platform and services, we must have accurate and up-to-date information. Make sure that you inform us and update the information in case of changes. You have the right to update your personal information at any time.
For therapy practitioners, an update may have to be reviewed prior to being authorised as part of our due diligence process. When appropriate, the information will be rectified and updated.
Right to delete your personal information
You have the right to ask for us to remove your personal data that we hold when there is no more reason to keep processing them. This right is also known as the "right to be forgotten”. In rare situations, we may refuse to erase this data especially if we understand that the processing is still necessary.
Right to Restrict Processing
As an alternative to asking to erase your information, you have the right to ask to limit your personal data processing by Therapy Panda. If you have a particular reason, you can ask us to restrict the processing of any of your information. We remind you however that this is not an absolute right, and it will depend on the circumstances and our legal obligation.
Right to Data Portability
You may be entitled to obtain and reuse your personal data in different services. It means you can copy, move or transfer the information we hold to another organisation. In these instances, you can ask to obtain your data in a format that makes the data portability easier, transmitting your personal data from one service to another without any hindrance.
Right to object
You have the right to object to your personal information being processed for direct marketing. Also, depending on the situation, you might object to your personal data being continually processed, in case the company relies upon consent as the legal basis for processing it.
When the legal basis for the processing is for legitimate interests, you also have the right to object, but you must give us specific reasons for that. In this case, we will consider the reasons you sent to analyse if it is possible to stop the data processing. If, after this analysis, we consider that there are compelling legitimate grounds to continue processing your personal data, we may maintain it, but we will send you the reasons for this decision.
It is important to understand that these are not always absolute rights and must be considered in the wider scope of the legislation.
11 - Opting-Out of Marketing Communication
At any time, you can opt out of receiving our marketing emails. At the end of every marketing email we send, there is an unsubscribe link that you can use to opt out. It is also possible to opt out by visiting the Notifications section of your dashboard or by emailing our team at email@example.com
11 - Retention and Deletion
Therapy Panda stores your personal data for the same legitimate business purposes under which the data was originally collected. We will retain your data only for as long as we believe is necessary to accomplish these purposes.
If you have stopped having frequent therapy sessions with a particular therapy practitioner, the practitioner you have had sessions with can change the status of your account to ‘Inactive’ within their dashboard. This provides an additional safeguard to your data from a breach on the practitioner’s account as all records for ‘Inactive’ clients are protected through a 2-Factor Authentication system. This action thus provides an additional layer of protection to your data whilst also allowing you to work with the same practitioner in the future, if you wished to have future sessions with them.
After it is deemed apparent that data storage is no longer required, we will proceed with either deleting or anonymising your data so that it cannot be associated with or be tracked back to you.
12 - International data transfers
14 - Contacting Therapy Panda