Privacy policy
Your privacy matters to us. Below we outline the principles governing what data we collect, how we process it, and how we protect it.
General rules
This privacy policy relates to the processing of personal data in connection with the use of the service available through the website at www.psychia.pl (hereinafter: "the Service") and in connection with the activities of the Controller.
Personal data is processed in accordance with this Privacy Policy and in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).
The controller of your personal data is Psychia sp. z o.o., with its registered office in Warsaw at ul. Ząbkowska 14/U3, entered in the register of entrepreneurs of the National Court Register under KRS number 0000572563.
You may contact the Controller by email at: info@psychia.pl or in writing to the registered office address indicated in paragraph 3.
The Controller has appointed a Data Protection Officer – Mikołaj Ryzop – who can be contacted at: info@psychia.pl or in writing to the registered office address indicated in paragraph 3.
Personal data is collected during:
creating and managing an account in the Service by the User,
purchasing and fulfilling a digital service for the User,
the User sending a message using the contact form available in the Service
The purposes, legal bases, and retention periods for the processing of personal data by the Controller are as follows:
Specified purpose | Data categories | Legal basis | Retention* |
Use of the Service | First name, last name, image, email address, phone number, gender, date of birth, health information (mental health conditions, ongoing therapies, medications taken) | Conclusion and performance of a contract, i.e. enabling access to the Service's features, compliance with a legal obligation, defence against potential claims (Art. 6(1)(b), (c), (f) GDPR); consent of the data subject (Art. 9(2)(a) GDPR). Consent to the processing of health data is voluntary but necessary to use the Service. Consent may be withdrawn, e.g. by deleting your account. Withdrawal of consent will prevent use of the Service. After withdrawal of consent, health data will be retained for the purpose of defending against potential claims. | Duration of the contract, i.e. until cancellation of Service use, but no longer than 3 years from the last login, and for health data, until consent is withdrawn if that occurs earlier |
Direct marketing of our products and services | First name, last name, email address, phone number, | Legitimate interest in promoting and advertising the Service and our products (Art. 6(1)(f) GDPR); consent of the data subject (Art. 6(1)(a) GDPR) | Duration of the contract, i.e. until cancellation of Service use, and for data processed on the basis of consent (email and SMS correspondence), until consent is withdrawn if that occurs earlier |
Handling enquiries (regardless of the form used) | First name, last name, image, email address, phone number, gender, date of birth, | Legitimate interest in responding to questions directed to the controller (Art. 6(1)(f) GDPR) | 3 years from the last contact |
Analysing customer behaviour and preferences | First name, last name, email address, phone number, gender, date of birth, | Legitimate interest in understanding your needs and tailoring the services offered through the Service to your preferences or those of larger groups of customers (Art. 6(1)(f) GDPR) | Duration of the contract, i.e. until cancellation of Service use |
Analytics and statistics | First name, last name, email address, phone number, gender, date of birth, | Legitimate interest in collecting data on how the Service is used so that we can improve and develop our product, better understand our customers' expectations, create statistical models, and help resolve issues experienced by our customers (Art. 6(1)(f) GDPR) | Duration of the contract, i.e. until cancellation of Service use |
Establishment, exercise, or defence of the controller's legal claims | First name, last name, image, email address, phone number, gender, date of birth | Legitimate interest in establishing, exercising, or defending the controller's legal claims (Art. 6(1)(f) GDPR) | Period determined by applicable law depending on the type of claim / legal proceedings |
Compliance with a legal obligation of the controller | First name, last name, image, email address, phone number, gender, date of birth | Compliance with a legal obligation incumbent on the controller under applicable law (Art. 6(1)(c) GDPR) | Period determined by applicable law depending on the nature of the obligation, but no longer than 5 years |
*the indicated retention periods may be extended if further processing of data is required for the purpose of defending or pursuing legal claims, for the duration of the proceedings.
Providing personal data by the User is:
voluntary but necessary to create an account, purchase a service, and perform the contract,
a contractual requirement – failure to provide data will prevent the conclusion and performance of the contract,
in the case of consent to marketing – voluntary,
providing special category data is entirely voluntary and requires your explicit consent – however, failure to provide such data may prevent the provision of certain digital services.
Consent to the processing of special category data may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
. Consent to the sending of commercial information may be withdrawn by the User at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
. The recipients of the User's personal data may include the following categories of entities:
employees of the Controller,
hosting service providers,
IT systems and software providers,
accounting and legal services firms,
marketing and advertising agencies,
payment operators (for the purpose of processing transactions),
authorities empowered by law (e.g. tax offices, courts),
providers of services related to the delivery of digital services
entities entitled to retain such data under applicable law if they submit a request to that effect, e.g. public administration or judicial authorities.
. The Controller shares personal data with the aforementioned entities in accordance with applicable law (e.g. on the basis of data processing agreements, where required under GDPR).
. With respect to personal data transferred to entities that process such data for purposes arising from applicable law independently of the Controller, those entities are independent data controllers.
The Controller ensures appropriate protection of User data through the application of appropriate organisational and technical measures.
Personal data is stored for the period necessary to fulfil the purpose for which it was collected or processed, to the extent necessary to ensure compliance with applicable legal requirements or to the extent indicated by applicable law.
The User's personal data will not be transferred to a third country or international organisation.
The User's personal data will not be subject to profiling or automated decision-making.
The User's personal data may be transferred outside the European Economic Area. In such cases, personal data will be transferred on the basis of a positive decision by the European Commission, or, in the absence of such a decision, where we ensure appropriate safeguards and where enforceable rights of data subjects are in place. In such cases, the Controller will inform the data subjects whose data is transferred. Information about transfers outside the European Economic Area of data collected through the website is provided in Part II of this Privacy Policy.
This Privacy Policy is effective from 18 November 2025.
Provisions on the processing of data contained in cookies collected through the website
The Website uses cookies stored on Users' end devices. The use of cookies means their storage and access by the Controller.
Cookies are data files, in particular text files, which are stored on the User's end device and are intended for use with websites. Cookies typically contain the name of the website from which they originate, their storage time on the end device, their content (e.g. action identifiers), and a unique number.
Cookies are used for the purpose of:
adapting the content of the Website to the User's preferences and optimising use of the Website; in particular, these files allow the User's device to be recognised and the Website to be displayed appropriately, tailored to their needs and preferences;
tailoring advertisements displayed to the User to their preferences;
creating statistics and analyses relating to the use of the Website.
The Website uses two main types of cookies: "session" (session cookies, session storage) and "persistent" (persistent cookies, local storage). Session cookies are temporary files stored on the User's end device until the session expires (e.g. when the User leaves the Website, deletes them, or shuts down the software). Persistent cookies are stored on the User's end device for the period specified in the cookie parameters or until they are deleted by the User, but no longer than 12 months from the time they were placed.
The use of cookies does not cause configuration changes to the User's end device or the software installed on that device.
The default settings of internet browsers usually allow cookies to be stored on end devices. These settings may, however, be changed by the User.
The User may define the conditions for the use of cookies through the settings of the software (internet browser) installed on their end device.
The User may also change the conditions for the use of cookies already set. Changes may consist of a partial or complete restriction on the ability to save cookies on the User's end device.
Blocking or deleting cookies may cause difficulties in using the Website, e.g. because some of its options will not be available to the User.
The Controller informs that, in accordance with the provisions of the Telecommunications Law, end user consent to the storage of information or access to information already stored on the end user's telecommunications device may also be expressed through the settings of the software installed on the device used. If a user does not wish to give such consent, they should change their internet browser settings.
Detailed information on changing browser settings regarding cookies and deleting them can be found on the official website of the specific browser. In particular, the above information can be found at the following websites:
Tools used on the Website
The Controller uses IT tools provided by third parties on the Website. The use of these tools may involve the use of cookies from those parties.
The Controller uses tools provided by Google LLC on the Website: Google Analytics, Google Ads, Google Tag Manager.
Using cookies, Google Analytics analyses traffic and the way Users navigate the Website. The Controller uses data collected by Google Analytics for remarketing/retargeting, reporting on impressions in the Google Display Network, and for analysing Users' demographic data and interests. The Controller can identify keywords, ads, ad groups, and campaigns that most effectively attract customers. The Controller can also observe activity on the Website: page scrolling, copying of elements, time a given user is active, and other events. All such data is collected anonymously, enabled by the IP anonymisation mechanism. Users can prevent their data from being used in Google Analytics. More information on how to do this can be found at: https://tools.google.com/dlpage/gaoptout.
Google Ads is used to display relevant advertisements to Users. Cookies are placed on the User's device in order to remember the pages they visit. Based on the information collected, personalised advertisements are displayed to the User on the pages they browse. The Controller may serve ads to selected audiences, e.g. all people who visited the Website within the last 7 days. The Controller places ads on the basis of aggregate criteria, e.g. to specific target groups, never to an individual User. Advertising personalisation settings in Google services can be changed at: https://adssettings.google.com/.
Google Tag Manager is a tag and code management system placed on the Website. Through Google Tag Manager, Google may collect information, e.g. about how the service and tags are used. This data is used in accordance with Google's privacy policy.
Google's privacy policy is available at: https://policies.google.com/privacy.
Google may transfer personal data to third parties. More information about Google's use of cookies can be found at: https://policies.google.com/technologies/cookies?hl=pl&gl=pl.
The Controller uses business tools provided by Meta Platforms, Inc., including Facebook Pixel, for marketing purposes.
Facebook Pixel "tracks" visits and behaviour of Users navigating the Website. This allows targeted advertisements to be directed at them (remarketing/retargeting).
The Controller receives from Meta Platforms, Inc. only statistical data, without reference to specific Users. In this way, the Controller checks the effectiveness of advertisements on Facebook and Instagram, conducts market research, and maintains its own statistics.
The Controller collects data from Facebook Pixel solely for statistical analysis purposes, and places ads only on the basis of aggregate criteria, never targeting individual users.
More information on the data processing principles on the Facebook platform can be found at: https://www.facebook.com/privacy/explanation.
