Privacy Policy
Last updated: 01.03.2026
1. Who I Am
This website is operated by Kim Vassallo. As the person responsible for deciding how and why your personal data is processed, I act as the data controller within the meaning of the General Data Protection Regulation (GDPR).
Contact: hello@kimvassallo.com
2. Your Privacy
Your privacy matters to me. Any personal information you share is handled with care, respect, and strict confidentiality - particularly given the sensitive nature of therapy-related enquiries.
In line with the GDPR, I only collect and process personal data when there is a clear, lawful reason to do so, and I keep data collection to the absolute minimum necessary.
3. What Data I Collect and Why
I collect personal data only in the following situations:
a) Contact form or email enquiry
If you contact me via the website contact form or by email, I may collect:
• Your name
• Your email address
• Any information you voluntarily include in your message
b) Booking an introductory call
If you book an introductory call, I will process your name and email address solely for the purpose of scheduling that session.
Special category data: I am aware that information shared in the context of therapy may constitute special category data under GDPR Article 9 (data concerning health or mental health). I take extra care with any such information and process it only to the extent strictly necessary to respond to your enquiry.
4. Legal Basis for Processing
Under the GDPR, I must have a lawful basis for processing your personal data. Depending on the situation, I rely on one or more of the following:
• Pre-contractual steps (Article 6(1)(b)) — when you make an enquiry or book a call, processing your contact details is necessary to respond to you and take steps prior to entering into an agreement.
• Legitimate interests (Article 6(1)(f)) — I have a legitimate interest in being able to communicate with people who contact me through this website, provided this does not override your rights.
• Consent (Article 6(1)(a)) — where you voluntarily submit personal information through the contact form, your submission constitutes consent. You may withdraw this consent at any time by contacting me.
5. How Your Data Is Used
Your data is used exclusively for the following purposes:
• To respond to your enquiry
• To communicate with you about scheduling or next steps
• To arrange an introductory call
I do not use your data for marketing purposes, profiling, or any automated decision-making. I do not sell or rent your data to any third party.
6. Third-Party Services and Data Transfers
If you book an introductory call, you will be redirected to a scheduling tool provided by Google (such as Google Calendar or Google Meet). By using this service, your name and email address may be processed by Google.
Important: Google may store and process data on servers located outside the European Economic Area (EEA). Where this occurs, Google relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as safeguards for international data transfers under GDPR Chapter V.
I encourage you to review Google's Privacy Policy for full details: https://policies.google.com/privacy
Where possible, I aim to use tools based in the EU or covered by appropriate transfer safeguards.
7. How Long I Keep Your Data
I store your personal data only for as long as necessary to fulfil the purpose for which it was collected — for example, to respond to your enquiry or schedule an introductory call.
Specifically:
• If no therapeutic relationship is established, your contact data will be deleted or effectively anonymised once our communication has concluded and there is no longer a reason to retain it.
• If a therapeutic relationship is established, data will be retained in accordance with applicable professional and legal obligations (including Dutch healthcare regulations, where relevant).
• I review retained data periodically and delete it when it is no longer needed.
8. Data Security
I take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure, or misuse. These measures are proportionate to the sensitivity of the data and the risks involved.
Please note that no method of transmission over the internet is entirely secure. While I do my best to protect your data, I cannot guarantee absolute security of information transmitted to this website.
9. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights:
• Right of access (Art. 15) — you can request a copy of the personal data I hold about you.
• Right to rectification (Art. 16) — you can ask me to correct inaccurate or incomplete data.
• Right to erasure (Art. 17) — you can request that I delete your data, subject to any legal obligations I may have to retain it.
• Right to restriction of processing (Art. 18) — you can ask me to limit how I use your data in certain circumstances.
• Right to data portability (Art. 20) — where processing is based on consent or a contract and carried out by automated means, you may request your data in a portable format.
• Right to object (Art. 21) — you can object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact me at: hello@kimvassallo.com. I will respond within one month of receiving your request, as required by the GDPR.
Right to lodge a complaint: You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data is not being handled lawfully. You can reach them at: www.autoriteitpersoonsgegevens.nl
10. Changes to This Policy
This privacy policy may be updated periodically to reflect changes in the law or in how I operate. The most recent version will always be available on this page, with the date of the last update shown at the top. Where changes are significant, I will take reasonable steps to bring them to your attention.
Questions about this policy? Contact me at hello@kimvassallo.com