Privacy Policy

1. Introduction
This Privacy Policy outlines the rules regarding the collection and processing of Personal Data in connection with the use of the Website for the purpose of providing electronic services by ICTK. Depending on whether you are a User, an unregistered User, or a Specialist, please refer to the relevant section for more information.

2. Definitions Used in the Privacy Policy

In the Privacy Policy, we also use the names of specific Services and Account functionalities (e.g., Profile), which are described in detail in the Website’s Terms and Conditions.

3. Personal Data Administrator and Contact Methods
ICTK is the administrator of your personal data regarding the use of Services.

If you have any questions regarding the processing of your Personal Data and the rights you are entitled to in this regard, please contact us in the following ways:

4. Personal Data, Purposes, and Legal Bases for Processing in Relation to Different Categories of Individuals
Since the Service provides various services and functionalities for Unregistered Users, Users, and Specialists, depending on who you are, we will process your personal data for different purposes, to different extents, and on different legal bases specified in GDPR regulations. We aim to ensure that the information you receive is as clear as possible, which is why our Privacy Policy includes sections dedicated to different categories of people visiting our Service.

If you are an unregistered user or a user

Account Creation and Authentication

PurposeData ScopeLegal Basis
Account creationEmail address, password, IP addressNecessity for the performance of a contract for the provision of account services (Article 6(1)(b) of GDPR)
Authentication via Facebook, Google, or AppleEmail address, password, IP address, first and last nameNecessity for the performance of a contract for the provision of account services (Article 6(1)(b) of GDPR)

Provision of Services Not Requiring Registration or Account Creation

Provision of Services not Requiring Registration:

Data related to activities in the Services: data on viewed content, sessions, device used, operating system, browser, location, ID number. If you contact us via social media platforms like Facebook, we may additionally process your data to the extent you provide it on that platform, such as your profile picture, first and last name, and data included in messages sent to us on Messenger. 

Necessity for the execution of a contract for the provision of electronic services (Article 6(1)(b) of GDPR) 

Provision of Services Requiring Registration and Account Creation

PURPOSE: Provision of Services Requiring Registration in our Websites

The full range of services requiring registration and account creation is specified in our Terms and Conditions


DATA SCOPE: Data available in the User’s account, such as first and last name, email address, phone number, information related to psychotherapy, notes made by specialists summarizing sessions, notes created during sessions and meetings by specialists, information included in homework that the participant may be asked to complete during therapeutic sessions. 

LEGAL BASIS: Necessity for the performance of a contract for the provision of electronic services (Article 6(1)(b) of GDPR), consent of the data subject (Article 9(2)(a) of GDPR) for data related to therapy. 

It is permitted for minors to use services requiring account creation, with the explicit consent of their guardian or legal representative. In such a case, the guardian or legal representative must register the account, enter the minor’s data, and provide consent for the minor to use the services and for the associated processing of personal data.

Billing for Paid Services, Performing Tax and Accounting Obligations, Debt Collection, and Claim

PurposeData ScopeLegal Basis
Billing for paid service contractsFirst and last name, address, email, phone number, data related to the purchased service.Legitimate interest (Article 6(1)(f) of GDPR) – proper determination of fees for the use of services.
Performing tax and accounting obligations related to contract execution, including the delivery of invoices and e-invoicesFirst and last name, address, email, phone number, information related to the purchased service, such as amount and date of financial transaction.Compliance with legal obligations (Article 6(1)(c) of GDPR) – primarily resulting from applicable accounting and tax regulations.
Debt collection actionsFirst and last name, address, email, phone number, information regarding overdue payments for services rendered.Legitimate interest (Article 6(1)(f) of GDPR) – recovery of payments for properly rendered paid services.
Pursuing or defending claims arising from improper performance of contractsFirst and last name, address, email, phone number, information regarding overdue payments for services rendered, data related to the purchased service, including amount, date.Legitimate interest (Article 6(1)(f) of GDPR) – pursuing and defending against claims from users who have used paid services.

Marketing of Our Services

PurposeData ScopeLegal Basis
Direct marketing of our own Services and productsData provided when creating an account, supplemented in the profile, information about services, such as participation in training (does not apply to matters discussed in therapy or related to its course), data provided in separate forms used to obtain consents, newsletters, as well as information about activity in our Services, collected based on Cookies (login and registration dates, visits to specific pages and subpages of the Services).Legitimate interest (Article 6(1)(f) of the GDPR) – marketing of our own services and products.
RemarketingInformation related to your activity on the Platforms – for remarketing activities, we use services of external providers, such as pixels, to collect information about your activity on the Platforms. This allows us to display our marketing messages to you on platforms other than our own. Details can be found in our Cookies Policy.Legitimate interest (Article 6(1)(f) of the GDPR) – marketing of our own services and products.

Other Purposes

PurposeData ScopeLegal Basis
Statistics on the use of Platforms, security of PlatformsInformation about the subpages visited on our Platforms, time spent on our Platforms, search terms, IP address, location, device ID, information about the web browser and operating system used when visiting our Platforms.Legitimate interest (Article 6(1)(f) of the GDPR) – ensuring safe and easy use of electronically provided services, improving the quality of the service.
Pursuing or defending against claimsName, email address, information related to the use of the Platforms, and other information necessary for pursuing or defending against claims, including the validity of the claim and the extent of the damage caused.Legitimate interest (Article 6(1)(f) of the GDPR) – establishing, pursuing, or defending against claims.
Handling complaints or claims related to our ServicesName, email address, and other data provided by the User in the Account, data related to the use of our Services that caused the complaint or claim, data contained in the documents attached to the complaint or claim.Legitimate interest (Article 6(1)(f) of the GDPR) – improving electronically provided services, building positive relationships with users of Platforms and Services.
Assessing satisfaction with our ServicesName, email address, phone number, information about the Services you use, information contained in responses to surveys and forms.Legitimate interest (Article 6(1)(f) of the GDPR) – improving the Services provided and assessing user satisfaction with our Platforms and Services.
Managing social media profilesPersonal data obtained via social media, such as name, username, avatar (image), content of comments and messages sent to us. More details regarding the processing of personal data related to managing social media profiles can be found in the information clause.Legitimate interest (Article 6(1)(f) of the GDPR) – building relationships with Users and Specialists, including direct marketing of products, Platforms and Services.

If you are a Specialist

If you cooperate with us based on a contract for provision of psychological or psychotherapeutic services, this section is for you.

Account Creation and Authentication

PurposeData ScopeLegal Basis
Account CreationEmail address, password, IP address.Necessity for the performance of the account service agreement (Article 6(1)(b) of the GDPR).
Authentication via Facebook, Google, or AppleEmail address, password, IP address, first and last name.Necessity for the performance of the account service agreement (Article 6(1)(b) of the GDPR).

Services Related to Account Ownership

PurposeData ScopeLegal Basis
Use of Service Features (e.g., My Calendar, My Patients, Payments and Settlements – all Services related to account ownership by a Specialist are specified in the Terms and Conditions)First and last name, business name, NIP number, REGON number, bank account number, phone number, email address, mailing address, education and career history, photo (image), specialization or area of expertise, and any other data you provide during Profile creation.Necessity for the performance of the account service agreement (Article 6(1)(b) of the GDPR).

Other Purposes

PurposeData ScopeLegal Basis
Fulfilling tax and accounting obligations related to contract execution, including the delivery of invoices and e-invoicesFirst and last name, address, email, phone number, information about the purchased service, such as amount and date.Compliance with legal obligations (Article 6(1)(c) of the GDPR) – primarily arising from applicable accounting and tax regulations.
Debt collection activitiesFirst and last name, address, email, phone number, information about overdue payments for the completed service.Legitimate interest (Article 6(1)(f) of the GDPR) – collecting payments for properly delivered paid services.
Pursuing or defending claims arising from improper contract performanceFirst and last name, address, email, phone number, information about overdue payments for the completed Service, data about the purchased Service, such as amount and date.Legitimate interest (Article 6(1)(f) of the GDPR) – pursuing and defending against claims from Users who have used paid Services.
Direct marketing of our own Services and productsEmail address, phone number, and first and last name.Legitimate interest (Article 6(1)(f) of the GDPR) – marketing of our own Services and products.
Statistics on the use of individual functionalities of the Platforms, facilitating usage, IT securityInformation about visited pages and subpages within the Platforms, time spent on specific pages and subpages of the Platforms, search history within the Platforms, IP address, device ID, information about the browser used to visit the Platforms, information about the operating system.Legitimate interest (Article 6(1)(f) of the GDPR) – ensuring safe and easy use of electronically provided services, improving the quality of service.

5. Information Applicable to All Visitors of the Service

Recipients of Your Personal Data

We will share your personal data with the following categories of recipients:

Service Providers

These are entities that help us provide services or assist us in running our business. The purpose of sharing personal data is to provide the services. Most of these entities act as so-called data processors (under Article 28 of the GDPR), but some of them may act as independent data administrators. The entities to which we may transfer personal data include the following categories:

State Authorities

When authorized state authorities request it, we will share your personal data. Authorized state authorities include, in particular: organizational units of the prosecution, the police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

Transfer of Personal Data Outside the EEA

We use providers based primarily in Poland and other EEA countries. However, some of our providers may be located outside the EEA. In connection with the transfer of your data outside the European Economic Area, we ensure that our providers offer guarantees of a high level of personal data protection. These guarantees include, in particular, the commitment to apply standard contractual clauses approved by the European Commission. You have the right to request a copy of the standard contractual clauses, which outline appropriate security measures. To make such a request, follow the instructions provided in section 3 of this Privacy Policy.

Information on Automated Decision-Making, Including Profiling

Personal data is not subject to profiling which results in decisions based solely on automated processing. We may direct personalized ads to visitors of our services, but these actions will not have any legal consequences for them. This means that within the Platform and through tracking technologies, data may be profiled to better personalize the offers ICTK directs to its recipients. This should not affect the legal situation of the data subject, particularly concerning contracts entered or planned. The goal is to better tailor the content and ads that visitors to our services receive, which results from statistical data or activity on our services.

Personal Data Storage Periods

ICTK will process personal data for as long as necessary to achieve the purposes outlined in this Policy and until ICTK fulfills its legal obligations. The table below outlines the processing periods for specific purposes:

Purpose of ProcessingPersonal Data Processing Period
Data processed as part of Service provisionFor the entire duration of the Service agreement or Account ownership. If the agreement ends or the Account is deleted, we will store your personal data for 6 years from that point.
Data collected as part of an unconfirmed accountFor 30 days from the date you receive the activation link for creating an Account, as outlined in the Terms and Conditions. After this period, personal data will be anonymized.
Data collected via cookiesAccording to the lifecycle of individual cookies. More details can be found in the Cookie Policy.
Data collected in connection with marketing activitiesUntil an objection is expressed.
Inquiries, complaints, and requestsFor Unregistered Users, for the period necessary to resolve the inquiry/complaint/request, but no longer than 3 years from the receipt of the message. If the message constitutes or may constitute evidence in court or other state proceedings, it may be stored until the proceedings are definitively concluded.
Data processed based on legitimate interestUntil we consider an objection to the processing of personal data for these purposes as effective. This does not apply to ICTK’s marketing purposes.

Rights Related to the Processing of Your Personal Data

If you wish to exercise your rights, you can submit a request through the contact form. Additionally, if you have an Account, you can manage your privacy settings within your Account.

Timeframe for Fulfilling Requests

If you exercise your rights and make a request, we will fulfill the request (or deny it if necessary) promptly, but no later than one month from the date the request was received. If the request is complex or if we receive multiple requests, and we cannot fulfill it within a month, we will complete it within two additional months and inform you of the extended timeframe.

Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your personal data, which you provided while using our Services and functionalities. Withdrawal of consent takes effect from the moment of withdrawal and does not affect any processing carried out prior to the withdrawal.

Legal Basis: Article 7(3) GDPR

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data. Below are the circumstances under which you can request that we delete your personal data:

However, please note that some of your personal data may still be retained to the extent necessary for:

Legal Basis: Article 17 GDPR

Right to Access Data and Obtain a Copy

You have the right to confirm whether we are processing your personal data, and if so, you have the right to:

Legal Basis: Article 15 GDPR

Right to Rectification

You have the right to correct and complete your personal data. You can do this yourself through your account settings. For other personal data, you can submit a request to us indicating what needs to be corrected or completed if the personal data is incomplete.

Legal Basis: Article 16 GDPR

Right to Data Portability

Under your right to data portability, you have the right to:

Your personal data will be provided in a commonly used, machine-readable format, allowing it to be transferred to another data controller.

Legal Basis: Article 20 GDPR

Complaints, Questions, and Requests

If you have any complaints, questions, or requests regarding the processing of your personal data and the exercise of your rights, please contact us. You can also file a complaint with the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl) if you believe your GDPR-granted rights have been violated.

External Links

Our website may contain links and references to external sites. We make every effort to ensure these links lead to sites that guarantee a high standard of personal data security. However, we are not responsible for how the operators of these sites use personal data, how they secure its processing, or for the content on those websites. Please review the terms of use and privacy policies available on these external sites, as using them means you accept and will adhere to the rules set by the site owner.

Personal Data Processing Security

We ensure appropriate technical, physical, electronic, and administrative safeguards to protect personal data from unauthorized access. We adhere to generally accepted industry standards to protect the personal data transmitted to us, both during transmission and after it is received. Unfortunately, transmitting information via the internet (including email) is not completely secure. Although we do our best to protect personal data, we cannot guarantee the security of personal data transmitted to us; any transmission is at your own risk. Once we receive your personal data, we will apply appropriate procedures and security measures to prevent unauthorized access to that data.

Cookies 

As part of the operation of our Platform, we use Cookies. You can find more information on this subject in the Cookie Policy.

Changes to the Privacy Policy

We may modify and supplement this Privacy Policy. Information about any changes and additions to the Privacy Policy will appear on the main page of the Services. If you have an account, we will inform you by sending the relevant information to the email address you provided.

Cookie Policy

1. Application of the Cookie Policy
This Cookie Policy applies in regard to all ICTK Prosta Spółka Akcyjna Platforms.

2. Contents of the Cookie Policy
This document contains the following information regarding Cookies:

Other information regarding the processing of personal data is outlined in the Privacy Policy.

3. What are Cookies?
A cookie is a small text file that a website stores on a user’s computer or mobile device when the user browses it. First-party cookies belong to the visited website and only that website can read them.

Types of Cookies Used 

Cookies can be categorized based on their lifecycle and their origin. 

Lifecycle Criteria:

Origin Criteria:

4. Purposes of Using Cookies

No.Type / Category of CookiesIs Consent Required?Purpose
1.Essential CookiesThese files are always active.Cookies essential for the proper functioning of the Platforms, including ensuring IT security. These files are always active and cannot be disabled.
2.Analytical CookiesConsent required.Cookies that allow us to monitor performance and improve the alignment of the Platforms with visitors’ preferences.
3.Functional CookiesConsent required.Cookies that allow the remembering of settings or preferences, such as language or font.
4.Marketing CookiesConsent required.Cookies that allow better targeting of ads to the needs and interests of visitors or measuring ad effectiveness. This information can be collected by us or our partners.
5.Information from Other platformsConsent required.Cookies that allow monitoring of a visitor’s activity on other services to better tailor our ads and offers to their needs and interests.
6.Social Media and PluginsConsent required.Cookies that enable sharing our content, e.g., on Facebook, or using the “Like” button on the Services. These cookies also allow registering an account using Facebook.

5. Information Collected via Cookies

6. Consents and Cookie Management

Consents and management of Cookie preferences can be easily adjusted through the Cookie Management Center. To change your preferences, select the “Cookie Management Center” tab in the footer of the page and update your consents.

Please note that modifying Cookie preferences may make it difficult to use some of the services offered by our Platforms. For cookies used by our partners, please also review their cookie policies.

List of Cookies used:

WordPress

ICTK App

Shared