This policy applies to all personal data collected by copewell through its website and services.
We understand that your personal data is sensitive, and we are committed to handling it with transparency and care. This Privacy Policy outlines the types of data we collect, how we process and use it, the reasons we require certain data, the measures we take to keep your data secure, and the rights you have regarding your personal data.
We distinguish between different groups of people whose data we process, including:
- Clients – individuals who contact us or use our psychological counseling services.
- Website visitors – individuals who browse our website without using our services.
This document outlines our policies and procedures regarding the collection, use, storage, and disclosure of your personal data. It also explains your rights regarding access to and correction of your personal records.
Definitions
| Term | Definition |
|---|---|
| Client | Individuals who contact copewell or use its psychological counseling services. |
| Website Visitor | Any individual who interacts with the copewell website without registering for psychological services. |
| Personal Data | Any information that relates to an identified or identifiable individual, such as a name, contact details, date of birth, or health information. |
| Health Data | A subset of personal data relating to physical or mental health, including information about therapy, treatment, and psychological assessments. |
| Third-party Processors | External parties engaged by copewell to process personal data on its behalf (e.g., cloud service providers, invoicing platforms), under contractual agreements that ensure GDPR compliance. |
| GDPR | The General Data Protection Regulation, a European Union regulation governing the processing of personal data. |
| Anonymized Data | Data that has been processed to remove all identifying information. |
| File | Any structured collection of personal data that is accessible according to specific criteria. |
| Consent | Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data. |
1. General Provisions
1.1 GDPR Compliance
copewell processes personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant healthcare laws applicable in the Netherlands. We are committed to safeguarding your privacy and ensuring that all data processing adheres to legal and ethical standards.
1.2 Changes to the Privacy Policy
This privacy policy is subject to periodic updates. Any changes will include a revision date, and we recommend reviewing this document regularly.
1.3 Rights
Under the General Data Protection Regulation (GDPR) and AVG, you have extensive rights regarding your personal data. These rights are designed to give you control and transparency over how your data is processed. Below is a full overview:
- Right of Access: You may request to view the personal data we hold about you. This includes receiving a copy of your file. If your file contains data about another individual, we will remove that information before fulfilling your request.
- Right to Rectification: If the data we hold about you is factually incorrect or incomplete, you have the right to request correction or completion.
- Right to Erasure ("Right to be Forgotten"): You may request partial or full deletion of your file. However, we may deny such requests when data retention is legally required or necessary to protect others' interests (e.g. continuity of care). In such cases, we will provide a clear explanation.
- Right to Restriction of Processing: You may request that we limit how your data is processed. In this case, we will store your data but, in principle, will not further process it unless legally required.
- Right to Object: You may object to the processing of your personal data when we invoke our legitimate interest as a processing ground. We will assess your objection and inform you of our response.
- Right to withdraw consent: You can revoke your consent to a specific processing activity at a time. However, withdrawing consent does not affect the lawfulness of processing based on the consent before it was withdrawn.
- Right to complain: You may file a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. However, we encourage you to contact us first so we can try to resolve the matter directly.
You can exercise these rights by emailing info@cope-well.com. We will respond to all requests within 4 weeks. If a request cannot be fulfilled due to legal or operational reasons, we will explain why.
1.4 Complaints
If you disagree with how copewell handles your personal data, you can contact us at info@cope-well.com. We will do our best to resolve your concerns. If we cannot reach a satisfactory resolution, you have the right to file a complaint with the Dutch Data Protection Authority.
1.5 Third-Party Processors
In providing our services, copewell may engage third-party service providers (processors) who handle personal data on our behalf, such as email providers, cloud storage providers, or invoicing partners. We have agreements with these processors to ensure that they handle personal data securely and in compliance with the GDPR.
1.6 How Do We Protect Your Personal Data?
At copewell, we are committed to keeping your personal data safe. We take appropriate technical and organizational measures to protect your data. These measures are regularly reviewed and updated to reflect technological advancements and best practices in data security.
Key elements of our data protection approach include:
- Access Controls: Only authorized professionals and administrative staff involved in your care or support have access to your data, and only to the extent necessary for their responsibilities.
- Confidentiality Agreements: All professionals, employees, and third-party processors working with copewell are bound by confidentiality obligations.
- Secure Communication: We use secure systems for emails, scheduling, and video consultations. Sensitive information is only shared through encrypted or password-protected channels when necessary.
- Data Storage: All personal and health data is stored within the European Union (EU) in accordance with GDPR standards. Data is hosted on secure servers with appropriate physical and digital safeguards.
- Anonymization Where Possible: In supervision, intervision, or evaluation settings, personal data is anonymized unless direct identification is necessary for the context (and permitted by law or consent).
- Data Retention Policies: We store your data only as long as necessary for care provision, legal retention periods, or contractual obligations. After these periods, data is securely deleted or anonymized.
- Incident Management: In the unlikely event of a data breach, we follow GDPR-mandated procedures, including informing the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and affected individuals if required.
2. Clients
2.1 What does copewell do for clients?
copewell is a private mental health practice that provides psychological services to adults (age 18 and above). These services include but are not limited to, therapy sessions, treatment planning, record-keeping, billing, and collection of unpaid accounts.
If you seek psychological support from copewell, you may contact us directly or be referred by an organization (such as an employer or healthcare provider). To provide this service, we collect and process specific personal data, categorized into contact details and health data. This data is essential for arranging appropriate care, maintaining communication, and handling administrative and financial aspects of the treatment process.
2.2 The data we need
When you register as a client, we collect data to find a suitable therapist for you. This therapist may be employed by copewell or an independent professional we collaborate with. We process the following personal data:
- Contact details – including your name, address, telephone number, email address, and language preference. We also collect the contact details of third parties, such as other healthcare providers (e.g., GP / Family Doctor) or an emergency contact (e.g., a close relative or guardian in case of urgent situations). Your emergency contact will only be used in cases where it is necessary to ensure your well-being, such as a health crisis or if there are serious concerns about your or others' safety. We will not share your personal health details with them unless legally required or with your explicit consent.
- Health data – including date of birth, gender, a description of your request for assistance, and details about the type of treatment required.
In addition to collecting personal health data directly from you, there may be certain circumstances where copewell collects relevant data from other sources (e.g., a spouse, family member, or former mental health provider). This will only be done with your explicit consent, except where legally required.
We may also be required by law to collect or disclose personal data without your consent in emergency situations, particularly where there is a risk of serious harm to yourself or others. In such cases, we will take all reasonable steps to inform you of this decision, unless doing so would increase the risk of harm.
2.3 What do we do with your health data?
Health data helps us assess whether we have professionals with the right expertise and availability to support you. Once an appointment is scheduled, we share the relevant health data you provided with the assigned therapist to help them prepare for your first session.
The assigned copewell therapist is responsible for maintaining your medical file, which contains relevant details about your treatment.
In specific cases, such as intervision or supervision, parts of your treatment plan may be shared with other professionals. However, this is done strictly for the purpose of improving your treatment and always in an anonymized manner, meaning that identifiable details are removed.
There are exceptions where confidentiality may need to be breached, including:
- If you provide explicit consent to share certain data with a third party (e.g., another healthcare provider).
- If a legal obligation requires disclosure, such as a court order.
- If there is a risk of serious harm to yourself or others, and disclosure is necessary to prevent immediate danger.
Where possible, copewell will make reasonable efforts to discuss the disclosure with you beforehand, unless doing so would increase the risk of harm.
In the event of unexpected unavailability of your therapist (e.g., due to illness), a psychological assistant at copewell may access limited personal data to inform you about the status of your treatment and discuss alternative care options.
We take all necessary precautions to ensure that your health data is handled with strict confidentiality and in compliance with GDPR regulations and professional ethical guidelines.
2.4 What do we do with your contact data?
We use your contact details to:
- Schedule calls or appointments using our online calendar system.
- Communicate with you about appointments, treatment plans, and administrative matters.
- Process invoices and payments—copewell may use a third-party billing provider to send invoices and handle payments.
- Request feedback on your experience to help us improve our services. You may receive an email survey after your intake and treatment. You can opt out of these requests at any time.
- Send newsletters or updates about relevant services, but you can unsubscribe at any time.
2.5 Where does copewell store your data, and for how long?
We store all personal data within the European Union (EU) in compliance with GDPR regulations.
We are legally required to maintain a client file containing the necessary data for providing appropriate care. This file may include, but is not limited to session notes, psychological assessments, billing details, and contact records.
Retention periods:
- If we cannot find a suitable therapist, your registration details will be deleted after four (4) weeks from the last contact.
- If you begin treatment, your personal data is retained for the duration of your care and for up to 20 years after your last appointment, in accordance with legal retention requirements for medical records.
- Financial records are stored for as long as legally required under tax regulations.
During the retention period, you have the right to access your file, request a copy, or request corrections. You may also request partial or full deletion of your file, but copewell reserves the right to deny such requests if retaining the data is necessary to protect legal or ethical interests (e.g., ensuring continuity of care or fulfilling legal obligations).
2.6 What are the bases for using your data?
The basis is the official reasons as listed in the GDPR that we as copewell have to be allowed to use your personal data.
3. Website users
3.1 Use of Cookies
We use "cookies" to enhance your experience on our website. Cookies are small text files stored on your device that help us understand how you interact with our site. This method is widely used on the Internet to improve the functioning of Internet pages. We only use:
- Analytical cookies – These help us improve website performance by analyzing user behavior. All data collected is fully anonymized, meaning it cannot be linked to individual users. Since this data is anonymized, we do not require explicit consent under GDPR regulations.
Specifically, we use Google Analytics to collect anonymized usage statistics.
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years |
| _ga_<containerID> | Google Analytics | Maintains session state | 2 years |
This data is used to improve the website and the user experience. For example, we can see which pages load poorly and take action on this. You can learn more about how Google uses your data here. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Add-on.
3.3 Website Forms and Appointment Requests
Any data you provide through our website (such as contact forms or appointment requests) is only used for its intended purpose—for example, scheduling an appointment or responding to an inquiry. We do not share this data with third parties or use it for marketing purposes.
3.4 Self-Tests and Self-Help Tools
Our website may include self-tests or self-help resources. These tools are intended for the user's informational purposes only and do not replace professional diagnosis or treatment.
- If a self-test collects personal data, we will explicitly state this beforehand.
- Where possible, data collected from self-tests will be anonymized to ensure privacy.
- If traceable data is needed for research or service improvement, we will ask for your explicit consent in advance.
4. Contact and Concerns
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please feel free to contact us at info@cope-well.com.
If you have concerns about how your data has been handled, we encourage you to reach out to us first. We will do our best to resolve any issues. If you are unsatisfied with our response, you have the right to file a complaint with the Dutch Data Protection Authority.
This Privacy Policy has been developed in accordance with GDPR, professional regulations, and ethical standards to ensure compliance with applicable privacy laws.
copewell
legally represented by Seray Soyman, registered in the Netherlands under Chamber of Commerce (KVK) number 90250680.
Last updated: March 25, 2025