Privacy Policy
Last updated: May 17, 2026
1. Data controller
2. Data we collect and for what purpose
Through this website’s contact form, we collect the following personal data:
| Data | Purpose | Legal basis |
| Full name | Identification and personalised communication |
Art. 6(1)(a) GDPR
|
| To respond to your enquiry and manage the relationship |
Art. 6(1)(a) GDPR
|
|
| Phone | To schedule appointments and enable direct contact |
Art. 6(1)(a) GDPR
|
| Type of therapy | To assess the most appropriate care for your case |
Art. 9(2)(a) GDPR
|
| Availability | To organise and coordinate the appointment schedule |
Art. 6(1)(f) GDPR
|
| Free-text message | To understand the reason for the consultation and provide an appropriate response |
Art. 9(2)(a) GDPR
|
The type of therapy and the content of the message may constitute health data, considered a special category of data under Article 9 of the GDPR, and are processed with the enhanced protection measures required for this category.
3. Legal basis for processing
The processing of your personal data is based on the following legal grounds:
- Data subject’s consent (Art. 6(1)(a) GDPR): for processing the contact details provided through the form in order to respond to your enquiry.
- Explicit consent for health data (Art. 9(2)(a) GDPR): for processing the type of therapy and the content of the message, which may constitute special-category data.
- Controller’s legitimate interest (Art. 6(1)(f) GDPR): for internal schedule management and appointment coordination.
Consent is given by voluntarily ticking the checkbox provided for this purpose in the form, which is not pre-ticked. The user may withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
4. Mandatory nature of the data
All fields in the contact form are necessary to properly handle your request. By completing and submitting the form, the user guarantees that the data provided are truthful, accurate, and up to date, and is responsible for notifying any changes to them.
If you do not provide all the requested data, it cannot be guaranteed that the response or service provided will fully meet the user’s needs.
5. Data retention period
Your data will be kept for the time necessary to respond to your enquiry and, if a therapeutic relationship begins, for the duration of that relationship and for the legally required period after it ends.
In accordance with applicable healthcare legislation, clinical documentation will be kept for at least five years from the patient’s discharge, and this period may be extended in accordance with the regulations of the relevant autonomous community. Once these periods have elapsed, the data will be deleted using appropriate security measures to ensure anonymisation or complete destruction.
6. Recipients and data disclosure
Your data will not be disclosed to third parties, except where required by law. To provide the service, certain technology providers act as data processors with limited access to the strictly necessary data, with whom the confidentiality and data processing agreements required by current regulations have been signed:
- Dreamhost
- Google Meet
- Icewarp
- Zoom
7. Your rights
At any time, you may exercise the following rights regarding your personal data:
- Withdraw consent: At any time, without retroactive effect.
- Access: Know what data we process about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request the deletion of your data.
- Objection: Object to certain processing activities.
- Restriction: Restrict processing in certain cases.
- Portability: Receive your data in a structured format
To exercise any of these rights, you may contact: torras@cop.es. We will respond to your request within a maximum of one month from receipt.
If you consider that the processing of your data does not comply with current regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) via www.aepd.es.
8. Security measures
In accordance with Article 32 of the GDPR, this website uses an encrypted connection via the HTTPS/SSL protocol, and appropriate technical and organisational policies have been implemented to protect users’ rights and freedoms. Access to the data is restricted to the controller and subject to the duty of professional secrecy established in the Code of Ethics of the Official College of Psychologists.