Privacy Policy

Last updated: 20 April 2026

1. Data Controller

Marita Galafate Domínguez · Av. Alcalde Álvaro Domecq 18, 2ºA, 11405 Jerez de la Frontera, Cádiz, Spain · maritagpsicologa@gmail.com · +34 697 911 679.

2. Data We Collect

• Booking data: first name, surname, email address, phone number, and optionally the reason for consultation.
• Contact data: name, email, and the content of your message.
• Browsing data: IP address, browser type, and pages visited (technical cookies).

3. Purpose of Processing

• Managing session bookings and related communications (confirmations, cancellations, rescheduling).
• Responding to enquiries and requests for information.
• Improving website performance.
• Complying with legal obligations.

4. Legal Basis

• Performance of a service contract (Art. 6.1.b GDPR) for appointment management.
• Consent of the data subject (Art. 6.1.a GDPR) for communications.
• Legitimate interest (Art. 6.1.f GDPR) for service improvement.

5. Data Retention

Booking data is retained for the duration required to provide the service and for the legally required period thereafter. Contact data is deleted once the request has been handled, unless a contractual relationship exists.

6. Recipients and Data Processors

Your data is not shared with third parties except as required by law. We use the following services under data processing agreements:

• Google Firebase: booking data storage (EU servers).
• Resend Inc.: transactional email delivery.
• Vercel Inc.: website hosting.
• Google Calendar: schedule management (accessible only by the psychologist).

7. Your Rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and data portability by emailing maritagpsicologa@gmail.com. You may also lodge a complaint with the Spanish Data Protection Agency (aepd.es).

8. Therapeutic Confidentiality

Health data and session content are subject to professional secrecy and receive special protection under Art. 9 GDPR. They will not be shared with third parties except as required by law or in situations of vital risk.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS) and at rest.