Privacy policy
Last updated: 2025-06-21
gsPsychology AB (“we”, “us”, or “our”) is committed to protecting your personal data and handling it in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.
1. Who We Are
gsPsychology AB is a Sweden-based company offering psychological education and digital programs for mental health. We are also registered as a healthcare provider in Sweden and comply with national healthcare regulations when delivering clinical services. This Privacy Policy applies to all data collected via our website, services, and digital platforms.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
-
Identification details: Name, personal identification number (if scheduling a clinical consultation), and contact details (email, phone).
-
Technical data: IP address, browser type, device type, and anonymized usage patterns collected via Matomo.
-
Transaction data: Purchase history and payment confirmations (note: we do not store credit card information).
-
Health-related information: Only when explicitly submitted in clinical contexts or consultations (e.g., symptom description via intake forms in our private practice).
3. Why We Collect It
Depending on your interaction with us, we process your data for the following lawful purposes:
| Purpose | Legal Basis |
|---|---|
| To provide clinical care (if applicable) | Legal obligation as a healthcare provider (Patientdatalagen) |
| To deliver purchased digital products | Contractual necessity |
| To improve our website and services | Legitimate interest |
| To fulfill legal and tax obligations | Legal obligation |
| To send information or newsletters (if you opt in) | Consent |
4. How We Store and Protect Your Data
We only store the personal data necessary for the stated purpose and retain it only as long as required by law or until you withdraw your consent. Data is securely stored using encrypted systems and limited to authorized personnel.
-
Clinical data is handled in journal systems in accordance with Swedish healthcare laws.
-
Marketing and site usage data is stored and processed within the EU or in compliance with GDPR through approved safeguards (e.g., SCCs for third countries).
5. Cookies and Tracking
We use Matomo Analytics to understand how visitors interact with our website and to improve usability, performance, and service development. Matomo is fully GDPR-compliant and operated by a trusted third-party provider.
Matomo collects anonymized usage data, such as page views, device type, and session duration. While no personally identifiable information is collected by default, Matomo may store analytics data on secure servers operated by its own infrastructure within the EU.
No tracking data is shared with advertising networks or other third parties, and we do not use cookies for marketing profiling. You may manage your cookie preferences through your browser settings or via our cookie banner (if available).
6. Sharing of Personal Data
We do not sell your personal data. However, we may share data with third parties when necessary:
-
Service providers who help us operate the Site (e.g., payment processors, email platforms)
-
Healthcare professionals (if you are under clinical care)
-
Legal or governmental authorities if required by law
-
Auditors or advisors in connection with regulatory or business requirements
All third-party processors are contractually bound to uphold GDPR standards.
7. Your Rights
You have the right to:
-
Access your personal data
-
Request correction or deletion of data
-
Restrict or object to processing
-
Withdraw consent at any time (without affecting lawfulness of prior processing)
-
Request data portability
-
File a complaint with the Swedish Authority for Privacy Protection (IMY)
To exercise your rights, please contact us at: [email protected]
8. Clinical vs Non-Clinical Services
If you engage with our healthcare services (e.g., book a therapy session), gsPsychology AB acts as a legally responsible data controller under the Swedish Patient Data Act (Patientdatalagen). If you purchase a self-help program, that use is governed by this Privacy Policy and does not establish a therapeutic relationship.
9. International Visitors
If you access our Site from outside the EU/EEA, be aware that your information may be transferred to and stored in jurisdictions that may not offer the same level of data protection. We take all necessary steps to ensure such transfers comply with applicable laws, including the use of Standard Contractual Clauses.
10. Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with a revised “Last Updated” date.