top of page
Palomo RTT (3)_edited.png

Privacy Policy

Privacy Policy for Palomo Therapy & Coaching

Last updated: 27.1.2026

Welcome to Palomo Therapy & Coaching. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, how we store it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws.

 

This policy applies when you visit www.palomotherapy.com, contact us, or engage in therapy services with us.
 

If you have any questions, you may contact us at info@palomotherapy.com.

1. Data Controller

Palomo Therapy, Coaching & Sales

Aini Palomo

Email: aini@palomotherapy.com

As the Data Controller, we determine how and why your personal data is processed.

2. Information We Collect

Information you provide directly

We collect personal information that you voluntarily provide, including:
 

  • Contact details (name, email address, phone number)

  • Booking information (preferred appointment times, session notes)

  • Intake forms and working documents

  • Messages sent via email or contact forms

  • Payment information (processed securely by third‑party providers; we do not store full payment details)

Information collected automatically

When you visit the site, we may collect:

  • IP address and device information

  • Browser type and settings

  • Pages visited and time spent on the Site

  • Cookies and similar technologies (see Section 9)

This information helps us maintain website performance and security.

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

  • To provide therapy and coaching services

  • To manage bookings and communication

  • To maintain therapeutic records

  • To improve our website and services

  • To comply with legal and ethical obligations

 

Under GDPR, our legal bases include:

  • Contract (providing therapy services)

  • Explicit consent (for processing sensitive data)

  • Legitimate interest (website functionality and security)

  • Legal obligation (record‑keeping requirements)

We do not sell or rent your personal information.

4. Use of Google Workspace and Google Cloud

We use Google Workspace and Google Cloud to collaborate with you and manage therapeutic documentation, including Google Docs, Google Meet, and Gmail.

To protect your privacy:

  • All data stored in Google Cloud is protected with strong password security.

  • Any Google Docs containing personal information are restricted so that only you (the client) and the therapist can access them.

  • Documents are named in a way that does not reveal your identity, even in the unlikely event of a data breach.

  • The intake form is shared with you for one week and then removed from shared access so it cannot be linked back to you.
     

Google acts as a data processor under GDPR, and we rely on their GDPR‑compliant safeguards.

5. Confidentiality and Working Agreement

Before beginning therapy, we agree on a Working Agreement, which includes clear confidentiality terms.

 

This means:
 

  • The therapist is professionally and ethically bound to keep everything discussed in the sessions strictly confidential.

  • Your personal information and case details will never be shared or discussed in a way that could identify you.

  • You, as the client, are free to talk about your own therapy process with anyone you choose.

  • Information is only disclosed if required by law or if there is a serious and immediate risk of harm, in accordance with professional ethical guidelines.

6. Data Retention

We retain your personal data and therapeutic notes for 12 months after last contact unless the client requests longer retention. This period allows for continuity of care and administrative purposes. After 12 months, all data is permanently deleted unless a longer retention period is required by law.
 

After this period, all data is permanently deleted, unless legal or ethical requirements mandate a longer retention period.

7. International Data Transfers

Some of our service providers (such as Google) may process data outside the EU.

When this occurs, we rely on GDPR‑compliant safeguards, such as:

  • the EU–US Data Privacy Framework, or

  • Standard Contractual Clauses (SCCs) approved by the European Commission
     

These mechanisms ensure your data remains protected to EU standards.

8. Data Security

We take appropriate technical and organizational measures to protect your personal data, including:
 

  • secure cloud storage

  • restricted access to documents

  • anonymized file naming

  • encrypted communication tools where applicable
     

While no online system can guarantee absolute security, we follow best practices to safeguard your information.

9. Cookies and Tracking Technologies

Our website may use cookies to:
 

  • improve website performance

  • analyze traffic and usage patterns

  • remember your preferences
     

You can manage or disable cookies through your browser settings.

10. Your GDPR Rights

As an EU resident, you have the right to:
 

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion (“right to be forgotten”)

  • Withdraw consent at any time

  • Restrict or object to certain processing

  • Receive a copy of your data in a portable format

  • Lodge a complaint with your local Data Protection Authority
     

To exercise these rights, contact us at info@palomotherapy.com.

11. Children’s Privacy

Our services may be provided to children and young people only with the explicit consent of a parent or legal guardian.
 

  • When working with a minor, I collect and process personal data solely for the purpose of providing the agreed therapeutic service, and always with parental or guardian involvement as required by law.

  • Parents or legal guardians have the right to access, correct, or request deletion of the minor’s personal data, in accordance with GDPR.

  • I do not knowingly provide services to minors without verified parental or guardian consent.

  • If you believe a minor has provided personal data without appropriate consent, please contact us so I can take the necessary steps to delete it.

12. Updates to This Policy

We may update this Privacy Policy from time to time.


The updated version will be posted on this page with a revised “Last updated” date.

13. Contact Us

If you have questions or concerns about this Privacy Policy, you can reach us at:
 

Email: info@palomotherapy.com

Website: www.palomotherapy.com

bottom of page