Privacy Policy

1. Introduction

1.1. This Privacy Policy (hereinafter: "Policy" or "Privacy Policy") regulates the rules for using the Therapy Companion mobile and web application (hereinafter: "Application") in the part that concerns processing of personal data of users of the Application (Therapists) and Clients and the application of regulations on the protection of privacy and personal data, all in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in connection with processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, hereinafter: "GDPR"), which has been in full force since May 25, 2018, in the Republic of Croatia and all member states of the European Union, as well as the Act on the Implementation of the General Data Protection Regulation ("Official Gazette" No. 42/18, hereinafter: "the Act").

1.2. The Application and Site and the links to the Application are the property of Amigdala centar d.o.o., headquartered in Zagreb, Južna obala II. 6, entered in the court register of the Commercial Court in Zagreb under number (MBS) 081325488, PIN: 82265957045 (hereinafter "Amigdala" or "Company"). No copying, use or any use of any part of the Application is permitted without the prior express written permission of Amigdala. This Privacy Policy, as well as the provisions of the General Terms and Conditions and the Policy on the use of cookies published on the Site, apply to all content found on the Application.

2. Definition

Certain terms, according to this Privacy Policy, have the following meaning:

"Therapist"
– a natural person who performs the activity of psychotherapy as the activity of psychotherapy is defined by the relevant regulations in the territory of the country where the Application is available and in use;
"Client"
– a natural person that uses the services of Therapists (or another User);
"User"
– a Therapist or any other person that uses the Aplication;
"Application"
– the Therapy Companion application developed by Amigdala, which serves to organize work and/or take notes on work;
"personal data"
– all data relating to an individual whose identity has been determined or can be determined ("the respondent"); an identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, online identifier or with the help of one or more factors inherent to physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
"sensitive data"
– data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the purpose of unique identification of an individual, data related to health or data about an individual's sex life or sexual orientation;
"processing"
– any procedure or set of procedures performed on personal data or on sets of personal data, either by automated or non-automated means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, inspection, use, disclosure by transmission, by disseminating or otherwise making available, matching or combining, restricting, erasing or destroying;
"pseudonymization"
– processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an individual whose identity has been established or can be established;
"data controller"
– a natural or legal person, who alone or together with others determines the purposes and means of personal data processing;
"data processor"
– natural or legal person who processes personal data on behalf of the data controller;
"consent"
– any voluntary, special, informed and unequivocal expression of the wishes of the subject by which he gives his consent to the processing of personal data relating to him by a statement or a clear affirmative action;
"GDPR"
– Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (Official Journal of the European Union L 119 , 4/5/2016);
"Law"
– Law on the Implementation of the General Data Protection Regulation ("Official Gazette" No. 42/18);
"local regulation"
– regulation governing the processing and protection of personal data in the country where the Application is available and in use.

3. General about the operation of the Application

3.1. The Application is a computer program for psychotherapy that shall be used by Users to organize work and/or keep notes on work with their Clients. Also, through the Application, Amigdala can collect data on the User's Clients on a voluntary basis (express consent) for scientific, research and statistical purposes.

3.2. The User shall be given the opportunity to register on the Application, and in order to use the Application, the User shall enter his personal data during registration, which are defined in the further provisions of this Policy. Through the Application, the User shall organize work and/or keep notes on work with their Clients. The user can enter notes about the work in the Application in written form or in the form of audio and/or video recordings.

3.3. Work notes may include conversations with the Client related to the causes, symptoms, perception and circumstances of the Client's problems, the Client's personal life and relationships with other persons, as well as the process, goals and other components of psychotherapy.

4. Collection of personal data

4.1. Amigdala is the data controller and processes the User's personal data in accordance with the services for which the User has registered on the Application (further: "User's personal data").

4.2. Amigldala can be the data controller and collect sensitive data of the User's Clients that the User has entered into the Application, and for the processing of which the Client has given express consent to Amigdala and the User (further: "sensitive data of the Client").

4.3. Amigdala is the data processor in relation to the personal data of the User's Clients that the User entered into the Application based on a special contract between the User and the Client (further: "Client's personal data"), and the User is the data controller of the Client's data. The User is solely responsible for any of his or the Client's personal data that he enters into the Application (which Amigdala does not require). If the User does not want certain personal data of the User or Client to be stored and processed, the User may not, or should not, enter such personal data into the Application. For the Client's personal data, the User is obliged to implement and use organizational and technical protection measures that are possible, such as pseudonymization, entering a limited number of personal data and similar.

4.4. User's personal data collected by Amigdala for the purpose of functioning of the Application, creation of accounts and billing for the use of the Application are:

4.5. In the event that the User of the Application does not provide personal data from the provisions of Article 4.4. of this Policy, which are determined as mandatory for the User to be able to use the Application, the User shall not be able to use the Application.

4.6. Amigdala may also collect other personal data of the Application User on the basis of express consent in which the purpose of collection shall be stated.

5. Legality (legal basis) and purpose of personal data processing

5.1. Amigdala processes the User's personal data, which is necessary for the usual contractual relationship between the User and Amigdala, based on legitimate interest and to comply with Amigdala's legal obligations, and for: concluding a contract between the User and Amigdala; basic functioning of the Application; for (technical) maintenance, analytics and improvement of the Application; for managing the Application User base; for creating an account and charging for the use of the Application.

5.2. If Amigdala processes Client’s sensitive data, Amigdala processes Client's sensitive data based on the Client's consent, and for scientific, research and/or statistical purposes.

5.3. The Application User processes the Client's personal data and the Client's sensitive data based on the Client's consent, and for the successful implementation of the psychotherapy process, which the Application User and the Client shall regulate in a separate contract. User bears full responsibility for the purpose and legal basis for the processing personal data of the Client.

6. Period of storage of personal data

6.1. Amigdala does not store the User's personal data longer than is necessary for the purpose for which Amigdala collected the User's personal data. The assessment of the length of storage of the User's personal data is based on the type of personal data or the service for which Amigdala collected the User's personal data and on the period during which the User can reasonably expect the User's personal data to be kept. Amigdala stores the User's personal data, which are necessary for business cooperation and the fulfillment of the contract between Amigdala and the User, for a maximum of 11 years from the termination of cooperation, and for those User's personal data for which the User has possibly given consent, until the moment of withdrawal of consent.

6.2. Amigdala stores the sensitive data of the User's Client until the moment of withdrawal of consent, unless the sensitive data is anonymized and it is no longer possible to identify the User's Client, or Amigdala can prove that it is unable to identify the User's Client.

7. Rights of the User in relation to the User's personal data

7.1. In relation to the User's personal data processed by Amigdala, the User has the following rights:

  1. a) That Amigdala provides the User with access to the User's personal data (e.g., the User has the right to know which personal data Amigdala uses; can request access to the User's personal data; has the right to know the purpose of processing; which categories of the User's personal data Amigdala keeps; bodies or categories of bodies with whom Amigdala shares (if shared) the User's personal data; storage period);
  2. b) That Amigdala provides a copy of the User's personal data that it keeps;
  3. c) For the User to request the correction of their incorrect personal data;
  4. d) For the User to request the deletion of their personal data (however, if Amigdala needs the User's personal data in order to perform a certain contractual obligation towards the User, Amigdala may cease to be able to perform such contractual obligations. Also, if the User's personal data is necessary for Amigdala to be able to fulfill certain legal obligations (e.g., tax obligations), the User's request may not be fulfilled);
  5. e) For Amigdala to limit access to the User's personal data (Amigdala and/or third parties) in certain processes or completely (if the User wants to dispute the accuracy of the data or Amigdala no longer needs the personal data for the purpose of processing, but the User needs them for the establishment, execution, or defense of legal claims or the User has objected to the processing on a basis that Amigdala considers legitimate, the User has the right to request the restriction of the processing of personal data);
  6. f) File a complaint about the way Amigdala uses the User's personal data;
  7. g) Request the transfer of personal data to another controller (transferability of rights).

7.2. If Amigdala processes Client’s sensitive data, the Client of the User has identical rights described in the provisions of Article 7.1. of this Policy in relation to the Client's sensitive data, unless the sensitive data is anonymized and it is no longer possible to identify the User's Client, or Amigdala can prove that it is unable to identify the User's Client.

8. Security of personal data, organizational and technical measures to protect personal data

8.1. Amigdala keeps the User's personal data in a secure environment. User's personal data is protected from unauthorized access, disclosure, use, modification or destruction by any organization or individual with whom Amigdala cooperates.

8.2. Amigdala uses the following organizational measures to protect personal data:

  1. definition and implementation of a clear data protection policy that shall be mandatory for all Application Users;
  2. implementation of training of workers and Users on the importance of data protection and best practices;
  3. ensures that all external service providers who have access to the personal data of the User and possibly the Client observe identical personal data protection standards;
  4. signing a confidentiality and data protection agreement for all employees and external collaborators involved in the implementation of the Application;
  5. conducting audits and risk assessments to identify potential security issues and ensure continued compliance with laws and regulations;
  6. integration of data protection into every aspect of Application development from the initial stage of development;

8.3. Amigdala uses the following technical measures to protect personal data:

Encryption ("At rest" data: data is encrypted on disk using MySQL TDE which encrypts database files on disk; "In transit" data: all traffic between client and server is encrypted using SSL/TLS (https). MySQL is configured to use SSL connections and HTTPS for all Internet traffic).

9. Sharing of personal data with third parties

9.1. Amigdala sometimes shares the User's personal data with Amigdala's trusted partners, using secure IT systems.

9.2. The purposes for which Amigdala shares data with trusted partners are, for example, the needs of marketing, finance, advertising, payment processing, and similar. Such service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with Amigdala's guidelines and exclusively for the purpose strictly determined by Amigdala. Also, Amigdala obliges its partners to adequately protect the User's personal data and to consider them a business secret.

9.3. If Amigdala processes Client’s sensitive data, Amigdala shares the Client's sensitive data with third parties only on the basis of consent. Exceptionally, consent is not required if sensitive data is anonymized and may no longer be linked to the Client, or Amigdala can prove that it is unable to identify the User's Client.

9.4. Amigdala shares the User's personal data and/or the Client's sensitive data with the competent authorities when it is obliged to do so according to the relevant regulations.

10. Breach of personal data

In the event of any breach of the User's and/or Client's personal data, Amigdala shall without undue delay notify the persons whose personal data are at risk (unless otherwise prescribed by the relevant regulations) and try to reduce the threat or violation of the rights and damage of the persons whose personal data are at risk or Amigdala shall notify the competent authority of the violation without undue delay, unless otherwise prescribed by the relevant regulations.

11. Modification of the Privacy Policy

In case of changes to the Privacy Policy, Amigdala shall publish the change on the Application.

We are using cookies to improve your experience!

By clicking "Allow all", you agree to the use of all cookies. Visit our Cookies Policy to learn more.