Privacy Policy

Psychopedagogical Society (TPP)

Effective from: 01.01.2026

I. General Provisions

This Privacy Policy explains the rules for collecting and processing personal data of Users and Clients of the Psychopedagogical Society (TPP). The document is based on the GDPR and Polish law.

⚠️ Important: Services provided by TPP are of psychosocial counselling, education, and support nature. They do not constitute health services within the meaning of the Act on Medical Activity; therefore, collected data is not "medical records" but client support documentation.

II. Data Controller

The Data Controller is Towarzystwo Psychopedagogiczne based in Bolesławiec (59‑700), ul. Warszawska 1/3, Poland.

Contact: rodo@psychopedagog.org.

III. Scope and Purpose

We process data necessary to provide counselling and training services:

  • ID Data: Name, surname, tax ID (for invoices), contact details.
  • Technical Data: While using our online systems, we process IP addresses for security purposes, fraud prevention, and protection against DoS/DDoS attacks (legitimate interest of the Data Controller under Art. 6 (1)(f) of the GDPR).
  • Payments: For online payments, data such as email address and customer identifier at the payment provider (Stripe) may be automatically synchronized with our system to ensure consistency of the client record.
  • Sensitive Data (Art. 9 GDPR): Information about life situation, family, mood, and support needs – processed solely based on your explicit consent (service contract) to fulfill the service.

Purpose: Service execution (support, opinions, training), accounting, and defense against claims.

IV. Processing of Minors' Data

The system supports minors. Data of persons under 18 years of age is processed solely based on the consent of a parent or legal guardian who acts on behalf of the minor as a party to the contract.

V. Retention Period

We do not apply medical record retention periods (20 years) as we are not a medical entity.

  • Session Notes / Opinions: Stored for 2 years after the end of cooperation (limitation period for civil claims).
  • Financial Documents: 5 years from the end of the tax year.

After this time, data is permanently deleted or anonymized.

VI. Data Recipients and Processors

Access to data is granted to authorized associates (Counsellors), accountants, and IT providers, including in particular:

  • wFirma: Accounting system.
  • Google / Microsoft: Office infrastructure and file storage.
  • Brevo (Sendinblue): Transactional email and notification delivery.
  • SMS-Gate.app: SMS notification delivery.
  • Stripe: Online payment processing and card payments.
  • SumUp: Payment terminal services and in-person payments.

VII. Client Portal

Access to the Client Portal is via one-time authorization links sent to the email address (so-called passwordless login), which eliminates the need to store traditional passwords and increases the security of your data.

VIII. User Rights

You have the right to: access, rectify, delete ("right to be forgotten" – unless it conflicts with tax duties or defense of claims), and restrict processing. Complaints can be lodged with the President of UODO (Poland).

IX. Cookies and Security

The website uses cookies for statistical and functional purposes. We use SSL encryption and GDPR-compliant data protection procedures.