PsychElli logoPsychElli - Elisabeth Gadner

Privacy Policy

How your personal data is collected, used and protected.

Last Updated: 6 June 2026

Data Controller

Elisabeth Gadner, Psychologist (MSc./cand.psych., authorised in Denmark)
PsychElli — Practice location: Therapy 4 Life (psychology centre)
Gasværksvej 10B st. tv., 1656 København V, Denmark
CVR: 46243331
Email: contact@psychelli.com

How Your Data Is Used

As an authorised psychologist I am required to collect and keep certain personal information about you to provide professional services and maintain a patient record, in accordance with Lov om autorisation af sundhedspersoner og om sundhedsfaglig virksomhed (the Authorization Act for Healthcare Professionals, effective 1 January 2026), Bekendtgørelse nr. 713 af 12. juni 2024 om autoriserede sundhedspersoners patientjournaler (the Journal-Keeping Regulation), and the EU General Data Protection Regulation (GDPR).

Types of Data Collected

General personal information:

Name, address, email, telephone number, occasionally CPR-number where required for billing, insurance or statutory reporting.

Sensitive (health-related) information:

Clinical notes, session records, and any information about your mental health, life circumstances or family situation that you choose to share in sessions.

Booking and website data:

Appointment metadata via the booking system; technical data (IP address, browser type) via the website.

Purpose and Legal Basis

I process your data to:

  • Provide the therapy, coaching or consulting service you have requested
  • Maintain a clinical record as required by law
  • Communicate with you about appointments, billing and follow-up
  • Issue invoices and meet bookkeeping obligations
  • Issue reports or correspond with third parties (e.g. insurance, employers) only with your explicit consent

Legal bases under GDPR:

  • General personal data: necessary for the contract of services (Art. 6(1)(b)) and to comply with legal obligations (Art. 6(1)(c))
  • Health-related data (special category): explicit consent (Art. 9(2)(a)) AND the provision of health care (Art. 9(2)(h)), in combination with the Authorization Act and BEK 713/2024
  • Sharing data with third parties (e.g. insurers): only with your prior explicit consent (Art. 6(1)(a) and 9(2)(a))

Confidentiality

As an authorised psychologist I am bound by a statutory duty of confidentiality under Lov om autorisation af sundhedspersoner § 21, Sundhedsloven §§ 40–43, and Straffeloven § 152 (with §§ 152 c–f). Information from sessions is not shared with anyone without your explicit written consent, with the limited exceptions below.

Statutory exceptions to confidentiality:

  • Imminent danger to you or to others
  • Suspected abuse or neglect of a child (mandatory reporting under Lov om social service § 153)
  • Court order or other circumstances expressly required by Danish law

Processors I Use

The following service providers process some of your data on my behalf under Data Processing Agreements (GDPR Art. 28). I have selected providers that meet appropriate security and confidentiality standards.

Google LLC / Google Ireland Ltd. (United States / Ireland) — Google Workspace, used for email correspondence and Google Meet online sessions. Personal data may be transferred to the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses, in accordance with GDPR Chapter V. A signed Data Processing Addendum with Google applies.
Calendly, Inc. (United States) — appointment booking. Personal data is transferred to the US under the EU-US Data Privacy Framework or Standard Contractual Clauses.
MobilePay A/S (Denmark) — payment.
Vercel, Inc. (United States) — website hosting. Personal data may be processed in the United States under Standard Contractual Clauses in accordance with GDPR Chapter V.
Dinero (Visma Dinero ApS, Denmark) — accounting and invoicing for coaching and business clients only. Therapy clients are billed separately via MobilePay or bank transfer and are not processed through Dinero.

Personal data is not shared with anyone outside this list without your consent, unless required by Danish law.

Retention

Clinical records (patient journals):

Minimum 10 years from the most recent entry, in accordance with the Journal-Keeping Regulation (BEK 713/2024) and the Authorization Act. Records are kept electronically with appropriate security.

Bookkeeping records (invoices, payment data):

5 years from the end of the relevant financial year, as required by Bogføringsloven.

Enquiry data (contact form, no client relationship established):

Deleted within 12 months of last contact.

Cookie and website data:

See the Cookies section below.

Where a complaint or insurance matter requires longer retention, data is kept until the matter is fully concluded.

Your Rights

Under GDPR you have the right to:

  • Access your personal data (Art. 15)
  • Have inaccurate data corrected (Art. 16)
  • Request deletion (Art. 17) — with the limitation that clinical records cannot be deleted before the statutory 10-year retention period ends; corrections and additions to a record are made instead
  • Restrict processing (Art. 18) or object to processing (Art. 21)
  • Data portability (Art. 20)
  • Withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7(3))

To exercise these rights: contact me at contact@psychelli.com. I respond within one month (extendable by two months in complex cases, per GDPR Art. 12(3)).

Security

I maintain appropriate technical and organisational measures to protect personal data, including encrypted communication and storage, restricted access, and confidential disposal of materials, in accordance with GDPR Art. 32. If a personal data breach is likely to result in a risk to your rights, I will notify Datatilsynet within 72 hours (GDPR Art. 33) and, where the risk is high, notify you directly (GDPR Art. 34).

Cookies

This site sets only strictly necessary cookies required for the website to function. No analytics, advertising or third-party tracking cookies are used.

Complaints

You may lodge a data protection complaint with:

Datatilsynet Email: dt@datatilsynet.dk | Website: datatilsynet.dk

If you are resident in another EU country, you may also lodge a complaint with the supervisory authority in your country of residence (GDPR Art. 77).

Contact

Questions about how your data is handled? Contact me at contact@psychelli.com or via the contact form.