Privacy Policy

Effective Date: April 10, 2025

Grace Suh Therapy (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

1. Information We Collect

We collect the following types of personal data:

  • Personal Identification Information: Name, email address, phone number, and any other details you provide through our contact forms or registration.
  • Sensitive Data: Health information such as mental health status, therapy-related details, and personal history, which you may provide to us voluntarily during therapy sessions or consultations.
  • Usage Data: Information about how you use our website, including IP addresses, browser type, and pages visited.
  • Cookies: We use cookies to enhance your experience and analyze website usage. For more information, see our Cookie Policy.

2. How We Use Your Information

We may use your personal data for the following purposes:

  • To provide you with therapy services, including consultations and follow-ups.
  • To communicate with you regarding your appointments, inquiries, or feedback.
  • To send you marketing communications (only if you have explicitly consented).
  • To process your payments or donations (if applicable).
  • To improve our website and services by analyzing usage data.
  • To comply with legal obligations, such as record-keeping for therapy-related services.

3. Legal Basis for Processing Your Personal Data

We process your personal data based on the following legal grounds:

  • Consent: Where you have provided explicit consent (e.g., signing up for newsletters or agreeing to therapy services).
  • Contractual Necessity: To fulfill a contract (e.g., providing therapy or services you’ve requested).
  • Legal Obligation: To comply with legal or regulatory requirements, such as medical record-keeping obligations.
  • Legitimate Interests: To improve our services, communicate with clients, or prevent fraud, where our legitimate interests do not override your rights and freedoms.

4. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. However, we may share your data with:

  • Service Providers: Third-party companies that provide services on our behalf, such as payment processors or IT support.
  • Legal Obligations: If required by law, we may disclose your data to comply with a legal obligation, enforce our terms, or protect our rights.
  • Therapists or Partners: If necessary, we may share your data with other licensed professionals involved in your care, in a manner consistent with confidentiality requirements.

5. Data Security

We take the protection of your personal data seriously. We have implemented appropriate technical and organizational measures to safeguard your information from unauthorized access, alteration, or disclosure. These measures include:

  • Secure website encryption (SSL/TLS) for all data transmissions.
  • Regular security assessments of our systems.
  • Employee training on data protection best practices.

6. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. For example, we are required to keep certain medical records for a specified period after the end of your treatment, as mandated by healthcare regulations.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request corrections to any inaccurate or incomplete personal data we hold.
  • Right to Erasure: You can request that we delete your personal data, provided there is no legitimate reason for us to retain it.
  • Right to Restrict Processing: You can request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can request that we transfer your personal data to another service provider in a structured, commonly used format.
  • Right to Object: You can object to the processing of your personal data, including for direct marketing purposes.
  • Right to Withdraw Consent: If we process your data based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details below. We will respond to your request in accordance with the applicable laws.

8. Cookies

We use cookies to improve your experience on our website. Cookies are small files stored on your device that help us analyze website traffic and personalize content. You can manage your cookie preferences in your browser settings. For more information, please refer to our Cookie Policy.

9. International Transfers

If you are located outside the European Economic Area (EEA), please be aware that your personal data may be transferred to, stored, or processed in countries that do not have the same data protection laws as your home country. By using our services, you consent to these transfers.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make changes, we will post the updated policy on our website and update the “Effective Date” at the top of the page.

11. Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact us at:

Email: [email protected]
Phone: [Insert Phone Number]
Mailing Address: [Insert Mailing Address]

We are committed to protecting your privacy and will respond to your inquiries as quickly as possible.