Privacy policy

1. Data Controller

The controller of personal data is Adam Kaminski, operating as a self-employed individual (sole trader), based in the United Kingdom.

For matters related to personal data protection, you can get in touch via the contact form.

2. Scope of the policy

This privacy policy applies to the processing of personal data in connection with the use of the website www.integrativespace.com, in particular:

  • use of the contact form,
  • email contact initiated via the website,
  • operation of the website.

The policy does not apply to other services or websites that may be accessed via links provided on the site.

3. Purposes and legal bases for the processing of personal data

Personal data are processed solely for clearly defined purposes related to the operation of the website and the provision of therapeutic services.

3.1 Initial contact

Data provided via the contact form or sent by email are processed for the purpose of:

  • responding to the message,
  • conducting correspondence prior to a potential commencement of working together.

Legal basis:
Article 6(1)(f) GDPR (legitimate interest consisting in enabling contact).

3.2 Provision of the therapeutic process

Where a therapeutic relationship is established, personal data, including special category data, are processed for the purpose of:

  • conducting sessions,
  • documenting the therapeutic process,
  • ensuring continuity and safety of the work.

Legal basis:
Article 6(1)(b) GDPR (performance of a contract) and Article 9(2)(h) GDPR (processing of special category data in the context of the provision of healthcare / psychological support).

3.3 Legal and accounting obligations

Personal data may be processed for the purpose of:

  • complying with obligations arising from legal provisions,
  • maintaining accounting and financial records.

Legal basis:
Article 6(1)(c) GDPR (legal obligation).

3.4 Website functionality and security

Technical data related to the use of the website (e.g. statistical data, information necessary for the operation of the contact form or security features) are processed for the purpose of:

  • ensuring the proper functioning of the website,
  • poimproving its stability and security.

Legal basis:
Article 6(1)(f) GDPR (legitimate interest consisting in maintaining and securing the website).

3.5 No marketing purposes

Personal data are not used for marketing, profiling, or advertising purposes.

4. Special category data (health data)

In the course of contact and any subsequent therapeutic collaboration, special category data within the meaning of Article 9 GDPR may be processed, in particular data concerning mental health.

Such data may be provided voluntarily by the person making contact – already at the stage of the contact form or email correspondence – or during therapeutic sessions.

Special category data are processed solely in connection with the provision of therapeutic work and only to the extent necessary to ensure appropriate quality and safety.

The processing of these data is carried out with respect for heightened standards of confidentiality and security, and access to them is restricted exclusively to the data controller.

5. Confidentiality, supervision, and its limits

The content of correspondence and meetings is covered by the principle of confidentiality. This means that information shared in the course of contact or therapeutic work is not disclosed to third parties.

Confidentiality, however, has its limits. These may include situations where there is a real risk to life or health, or where disclosure of information is required under applicable law.

Therapeutic work is subject to regular supervision. Supervision takes place in an anonymised form and serves to ensure the quality, ethics, and safety of the process.

6. Recipients of personal data

Personal data may be disclosed solely to entities that ensure an appropriate level of data protection and only to the extent necessary to achieve the specified purposes. Recipients of the data may include, in particular:

  • the website hosting provider (servers located within the European Union),
  • the email service provider,
  • providers of tools used to conduct online sessions,
  • providers of tools used to protect the contact form against misuse,
  • entities authorised to receive data under applicable law.

The data are not shared with other entities and are not used for marketing purposes.

7. Transfers of data outside the EU / EEA

As a rule, personal data are processed within the territory of the European Union or the European Economic Area.

However, in connection with the use of tools employed to conduct online sessions, personal data may be transferred outside the EU / EEA, in particular to third countries such as the United States.

In such cases, data transfers are carried out on the basis of mechanisms provided for under the GDPR, in particular Standard Contractual Clauses (SCCs), and with the application of additional measures aimed at protecting the data, such as limiting the scope of the information processed or the use of encryption.

The controller makes efforts to ensure that the tools used allow data to be processed, to the greatest possible extent, within the EU / EEA.

8. Data retention period

Personal data are retained only for as long as is necessary to fulfil the purposes for which they were collected, taking into account applicable legal requirements.

8.1 Initial contact

Data provided via the contact form or in email correspondence, where no therapeutic collaboration is initiated, are retained for no longer than 6 months and are then deleted.

8.2 Therapeutic collaboration

Where therapeutic work is commenced, personal data, including therapeutic records, are retained for a period of up to 7 years from the end of the collaboration, unless applicable law requires a longer retention period.

8.3 Correspondence related to an ongoing collaboration

Email correspondence related to ongoing collaboration is retained for the duration of the collaboration and for the period necessary for organisational and accounting purposes, and is then deleted or archived to a limited extent.

8.4 Accounting records

Data contained in accounting records are retained for the period required under tax and accounting law.

9. Rights of the data subject

A person whose personal data are processed has the following rights:

  • the right of access to their data and to obtain a copy of them,
  • the right to rectification (correction) of data,
  • the right to erasure of data (“the right to be forgotten”), where this is not prevented by legal obligations,
  • the right to restrict the processing of data,
  • the right to object to the processing of data,
  • the right to data portability – to the extent provided for by law.

Where data are processed on the basis of consent, that consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to its withdrawal.

To exercise the above rights, the data subject may contact the data controller using the contact details provided in this policy.

The data subject also has the right to lodge a complaint with the competent data protection supervisory authority.

10. Data security

The controller applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or unauthorised disclosure.
In particular, these measures include, among others:

  • the use of secure connections and up-to-date software,
  • securing access to devices and data storage media,
  • encryption of data stored in digital form,
  • restricting access to data exclusively to the controller.

Security measures are regularly reviewed and adjusted to current requirements and to the nature of the data being processed.

11. Cookies and technical data

The website uses only cookies and technical data that are necessary for its proper functioning and security. In particular, the following may be used:

  • technical cookies related to the operation of the website and the contact form,
  • cookies related to protecting the website against misuse (e.g. form protection),
  • anonymised statistical data concerning use of the website.

The website uses analytical tools that do not use cookies and do not enable user identification.

Users can manage cookie settings via their browser settings and the tools made available on the website.

12. Changes to the privacy policy

The privacy policy may be updated in connection with changes in legal regulations or the way the website operates.

The current version of the privacy policy is always available on the website.

The policy is effective from 1 February 2026.