Privacy policy
Last updated: 2025-07-22
gsPsychology AB (“we”, “us”, or “our”) is committed to protecting your personal data and handling it in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.
1. Who We Are
gsPsychology AB is a Sweden-based company offering psychological education and digital programs for mental health. We are also registered as a healthcare provider in Sweden and comply with national healthcare regulations when delivering clinical services. This Privacy Policy applies to all data collected via our website, services, and digital platforms.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
Identification details: Name, personal identification number (if scheduling a clinical consultation), and contact details (email, phone).
Technical data: IP address, browser type, device type, and anonymized usage patterns collected via Google Analytics.
Transaction data: Purchase history and payment confirmations (note: we do not store credit card information).
Health-related information: Only when explicitly submitted in clinical contexts or consultations (e.g., symptom description via intake forms in our private practice).
3. Why We Collect It
Depending on your interaction with us, we process your data for the following lawful purposes:
| Purpose | Legal Basis |
|---|---|
| To provide clinical care (if applicable) | Legal obligation as a healthcare provider (Patientdatalagen) |
| To deliver purchased digital products | Contractual necessity |
| To improve our website and services | Legitimate interest |
| To fulfill legal and tax obligations | Legal obligation |
| To send information or newsletters (if you opt in) | Consent |
4. How We Store and Protect Your Data
We only store the personal data necessary for the stated purpose and retain it only as long as required by law or until you withdraw your consent. Data is securely stored using encrypted systems and limited to authorized personnel.
Clinical data is handled in journal systems in accordance with Swedish healthcare laws.
Marketing and site usage data is stored and processed within the EU or in compliance with GDPR through approved safeguards (e.g., SCCs for third countries).
5. Cookies and Tracking
We use Google Analytics to understand how visitors interact with our website and to improve usability and performance.
We also use Google Ads to display targeted advertising to users based on their interests, prior website visits, or demographic information. Google Ads may use cookies and tracking technologies to personalize ads and measure ad performance.
These services may collect data such as:
IP address
Device and browser type
Pages visited
Referring websites
Interactions with ads
Data processed by Google may be transferred to and stored on servers outside the EU/EEA, including the United States. In such cases, we ensure compliance through Standard Contractual Clauses (SCCs) or other legally recognized safeguards.
We do not use Google services to collect personally identifiable information, nor do we allow Google to share your data with third parties for purposes beyond those stated.
You can manage your preferences or opt out of personalized ads by adjusting your Google Ad Settings or via your browser’s cookie controls. You may also opt out of tracking using tools like the Google Analytics Opt-out Browser Add-on.
6. Sharing of Personal Data
We do not sell your personal data. However, we may share data with third parties when necessary:
Service providers who help us operate the Site (e.g., payment processors, email platforms)
Healthcare professionals (if you are under clinical care)
Legal or governmental authorities if required by law
Auditors or advisors in connection with regulatory or business requirements
- Some of the anonymized data collected through Google services may be processed by Google as a data processor on our behalf.
All third-party processors are contractually bound to uphold GDPR standards.
7. Your Rights
You have the right to:
Access your personal data
Request correction or deletion of data
Restrict or object to processing
Withdraw consent at any time (without affecting lawfulness of prior processing)
Request data portability
File a complaint with the Swedish Authority for Privacy Protection (IMY)
To exercise your rights, please contact us at: [email protected]
8. Clinical vs Non-Clinical Services
If you engage with our healthcare services (e.g., book a therapy session), gsPsychology AB acts as a legally responsible data controller under the Swedish Patient Data Act (Patientdatalagen). If you purchase a self-help program, that use is governed by this Privacy Policy and does not establish a therapeutic relationship.
9. International Visitors
If you access our Site from outside the EU/EEA, be aware that your information may be transferred to and stored in jurisdictions that may not offer the same level of data protection. We take all necessary steps to ensure such transfers comply with applicable laws, including the use of Standard Contractual Clauses.
Some of the third-party tools we use, such as Google Analytics, may involve the processing of data in countries outside the EU/EEA. We ensure that such transfers are protected by valid legal safeguards such as the European Commission’s Standard Contractual Clauses (SCCs).
10. Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with a revised “Last Updated” date.