When you use monicamonea.ro (“the website”, “I”, or “me”), you accept and agree to the Terms of Use and to this Privacy Policy. If you do not agree to the policies described in these two documents, you may not use the website.

When you use the website you might provide us with certain personal information -- that is, information by which you can be uniquely identified, private information shared with your therapist, and scheduling and payment information for therapy sessions.

• When you visit the website, its servers log your IP address, which contains information about your location, and which pages you visit.
• When you create an account, you provide your email address and optionally your name. We save this data in order to communicate with you.
• When you use the website to coordinate with your therapist on appointment times or other administrative issues, we save the data from these interactions.
• When you use the website to chat with your therapist, we save the data from these interactions.
• When you pay for your online sessions, you provide your name, address, credit card, and other information to my payment processing provider.
• We can review your payment history by requesting a report from my payment processing provider. This includes dates and amounts of payments, but does not include your credit card information or address.
• When you provide feedback about a provider or about your experience on the website, we store that information, and in the case of therapist reviews we display the information publicly.

Additionally, for providers using this site, we request and store your name, date of birth, bank account information for payments, email address, and the information about yourself that you share on your profile. We will also request and store proof of the degrees and other qualifications you claim to have.

• The website site administrator has access to the information for all users. However, the administrator only accesses information on a need-to-know basis. One reason for needing to know would be a dispute about services or payments.
• Providers have access to the personal information only of the clients they work with.
• Your provider has access to the personal information you share with them during sessions, and over online chat. The video sessions are not recorded, but your provider may take notes. Your provider agrees to treat the information you provide them, whether recorded as notes or not, as confidential according to the standards of the GDPR law.
• If you have questions about the details of your provider's privacy practices, please ask your provider. If you believe your provider is not following appropriate privacy standards, please let us know.

• The website is hosted on the DigitalOcean, which adheres to strict security practices.
• We timeout your session after a period of inactivity so that, for instance, data shown on your screen will not be visible to someone else in your environment.
• My payment provider is https://netopia-payments.com/. Netopia Payments adheres to the GDPR standards help ensure the secure handling of payment information.
• We perform periodic reviews of these security measures to make sure they are working, and to consider if they need modification.

A cookie is a small piece of data that a website saves on your computer/device, which can be used for various purposes, such as saving a session identifier or login information to make it easier for you to log in, or to make it easier for a website to track you from one visit to another.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some features of the website.

To receive a copy of your data, send a request to monica.t.monea@gmail.com.

To request that some of your data be modified or corrected, send a request to monica.t.monea@gmail.com. I reserve the right to deny such modifications or corrections if I determine they are false.

To request that some or all of your data be deleted, send a request to monica.t.monea@gmail.com. Be aware that some data may be retained as allowed or required by law. I reserve the right to deny information requests that are unduly burdensome as allowed by law.

The following information is shared for the purpose of complying with the California Consumer Privacy Act of 2018 ("CCPA") and the California Privacy Rights Act ("CPRA") of 2023.

The PHI and other data mentioned above may correspond to certain categories under the CCPA and CPRA.

Identifiers
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Protected classification characteristics under California or federal law
• Internet or other similar network activity
• Geolocation data
• Sensitive Personal Information
• Professional or employment-related information

In adherence to the California Privacy Protection Act (CalOPPA, https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/):

• Users can visit the website anonymously.
• The Privacy Policy link includes the word “Privacy”, and can easily be found on the homepage of the website.
• Users will be notified of any privacy policy changes on the Privacy Policy page.
• Users are able to change their personal information by emailing us at monica.t.monea@gmail.com

This section is relevant to you if you are from the European Economic Area (the EEA), United Kingdom, and Switzerland (together “European Area Countries”).

Under the privacy laws of the EEA, I am considered to be the controller of your data.

• I have a legitimate interest (as defined by the GDPR and UK General Data Protection Regulation Notice) to manage the website including providing information about therapy services offered, and collecting payment for sessions. I also have a legitimate interest in monitoring the platform and in keeping users and the platform secure and safe from fraud.
• There may be cases when I am legally obligated to share information with legal or law enforcement authorities to protect you or another person from immediate danger. The preference will always be to get your consent before sharing data in such cases.

Some of the information the website collects may be considered “sensitive personal information” in the UK and EEA.

Insofar as these data may be considered sensitive personal information, the lawful bases for collecting and storing this data are:

• It is used for the purpose of your well-being.
• My right to provide the services of the website.
• The substantial public interest in the topic of the website.
• The consent of the client or provider. If consent is the legal basis, you have the right to rescind your consent at any time.

Residents of European Area Countries have the following rights:

• You may request a copy of the data I have about you, known as a “subject access request”. I will get the data to you within 30 days. You can request the data in an electronic format that, among other uses, could be used to move, copy, or transfer your data to a different organization, known as the “right to data portability”.
• You may request that I modify data I have about you that you think is inaccurate, known as the “right to rectification”. I will make the changes unless I determine that they are incorrect.
• You may request that I delete your data, known as the “right to erasure”. Keep in mind that in some cases I have a legal obligation to keep your data in a backup database.
• You may object to the use of your data where I rely upon consent as the legal basis for storing it, known as the “right to object”. Keep in mind that (a) the deletion of certain data may mean I can no longer provide you services, and (b) in some cases I have a legal obligation to keep your data in a backup database.
• I do not do profiling or automated decision-making. This means that by default your “Rights concerning automated decision-making and profiling” are protected.
• I do not transfer your data to third parties, aside from your therapist(s) and my payment service provider. This means that by default your “right to restrict processing” is protected.

To exercise any of the rights listed, email us at monica.t.monea@gmail.com. GDPR gives you the right to file a complaint with the appropriate authority in your country if you have concerns about my use of your data.

When this policy changes, you are notified through the website. I encourage you to periodically review this page for the latest information.

This website, monicamonea.ro, is owned and operated by Monica T. Monea, MA, a therapist in Arad, Romania.

This document was last updated on January 27, 2024.