Pereiti prie turinio
mindbody.lt
LTEN
Legal
Last updated · May 3, 2026

Privacy policy

01Who controls your data

The data controller is Živilė Kazlauskaitė, gestalt psychotherapist, operating under an individual-activity certificate.

Name
Živilė Kazlauskaitė
Form
Individual activity (Lithuania)
Activity code
[CLIENT TO FILL]
Address
Paribio g., Vilnius / Gedimino g., Kaunas
Email
[email protected]
Associations
EAGT (certified), LGTA member

02What data I collect

Different contexts, different data. Here's the full list:

When you browse the site

Anonymous analytics via OpenPanel (self-hosted, GDPR-compliant): pages viewed, browser type, country code (not IP). No cookies, no cross-site tracking.

When you book a conversation

Via Google Calendar Appointment Schedules: name, email, phone (if you provide it), chosen time, intake answers (context — what brings you here).

When we work together

Session notes (kept separately from contact details), billing information, date history. Sessions are not recorded.

When you write to me

Email content, your address, your name (if you sign). Hosted in Gmail (Google Workspace, EU region).

03Why and on what basis

Contract
Booking, billing, therapeutic services (GDPR Art. 6(1)(b)).
Consent
Newsletter, marketing emails, if you agree (GDPR Art. 6(1)(a)).
Legal obligation
Bookkeeping, taxes (Lithuanian Tax Administration Law).
Legitimate interest
Anonymous analytics to improve the site (GDPR Art. 6(1)(f)).
Health data
Session notes — explicit consent at the first session (GDPR Art. 9(2)(a)+(h)).

04Who I share data with

Only those who must process it. Specifically:

  • Google Workspace — email, calendar. EU data region. DPA.
  • OpenPanel — analytics, self-hosted in Lithuania. Data does not leave the EU.
  • Cloudflare — site hosting + CDN. EU data region.
  • Bookkeeping ([CLIENT TO FILL]) — invoices with tax ID only, never session content.

Never shared with advertisers, insurance, employers, family members or other third parties without your explicit consent or a court order.

05How long I keep it

Booking data
1 year after last contact, then deleted
Session notes
5 years after last session (LGTA ethics requirement)
Invoices
10 years (Lithuanian Accounting Law)
Email
2 years if inactive
Analytics
Anonymously, indefinitely (cannot be linked to you)

06Your rights

Under GDPR you can — by writing to [email protected]:

  • Access your data — I respond within 30 days
  • Rectify inaccurate data
  • Erasure("right to be forgotten") — except session notes I'm required to keep under the ethics code
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (no effect on prior processing)
  • Complain to the State Data Protection Inspectorate (vdai.lrv.lt)

07Security

Session notes — encrypted, kept separately from contact details, paper notes locked away. Digital notes — on an encrypted disk volume. Email — Google Workspace with 2FA. In a security incident I notify within 72 hours under GDPR Art. 33.

08Changes to this policy

The policy may need updating. Material changes will be posted on this page with a new date. If the way I use already-collected data changes, I'll ask for consent separately.

See also the cookie policy — separate page, with a list of cookies set when.

This document will be reviewed by a qualified Lithuanian data-protection officer before publication. Until then some fields are marked [CLIENT TO FILL] — they must be replaced with verified information before launch. See service agreement and privacy policy for the full context.