Privacy Policy
Last updated: February 16, 2026
1. Data Controller
The controller of personal data is Grupa Hej sp. z o.o. based in Warsaw (hereinafter: "the Controller"). Contact: iod@hejpsycholog.pl
2. Scope of Data Collected
We collect the following data: first and last name, email address, phone number (optional), appointment booking data. We do not collect sensitive health data — that remains exclusively between the patient and the specialist.
3. Purposes of Processing
We process data for the purposes of: providing platform services (Art. 6(1)(b) GDPR), fulfilling legal obligations (Art. 6(1)(c) GDPR), direct marketing (Art. 6(1)(f) GDPR) — with user consent.
4. Cookies
The Service uses cookies essential for operation (session, language preferences) and analytical cookies (with consent). Users can manage cookie settings in their browser or through the cookie banner.
5. Data Sharing
Data may be shared with: Przelewy24 (payment processing), Supabase (database hosting, EU servers), Vercel (application hosting). We do not sell personal data to third parties.
6. User Rights
Users have the right to: access their data, rectify data, erase data (right to be forgotten), restrict processing, data portability, object to processing, file a complaint with the supervisory authority.
7. Data Retention Period
We retain data for the period necessary to provide services. After account deletion, data is anonymized within 30 days. Billing data is retained for 5 years in accordance with tax regulations.
8. Security
We use SSL/TLS encryption, Row Level Security (RLS) at the database level, regular security audits, and the principle of data minimization.
9. Contact
Data Protection Officer: iod@hejpsycholog.pl. Supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.