Book a Session

Book a Session

PRIVACY POLICY (GDPR) – CRISTINA MONTORO PSYKOLOG

1. Data Controller

Cristina Montoro  – Authorized Psychologist (Denmark)
CVR: 36367547
Address: Godthåbsvej 182, st-th, 2720 Copenhagen
Phone: (+45) 71723014
Website: www.cristinamontoro.net

As a data controller, I am responsible for processing your personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and relevant Danish laws.

2. Purpose of Data Processing

Your personal data is collected and processed for the following purposes:

  • Provision of psychological assessment and treatment
  • Record keeping (clinical documentation)
  • Communication regarding appointments and therapy
  • Administrative and billing purposes
  • Compliance with legal obligations

3. Categories of Personal Data

The data processed may include:

  • General personal data (name, address, phone number, email)
  • Identification data (CPR number, where applicable)
  • Health data and other sensitive personal data relevant to therapy
  • Information provided during sessions

4. Legal Basis for Processing

The processing of your personal data is based on:

  • The provision of healthcare services
  • Your explicit consent
  • Compliance with legal obligations under Danish law

5. Source of Data

Personal data is primarily collected directly from you.
In some cases, data may also be received from:

  • General practitioners (GPs)
  • Insurance companies
  • Employers or referral partners
  • Public authorities (e.g. municipality)

This only occurs with your consent or where legally required.

6. Storage and Security of Data

Your data is stored securely and treated confidentially.

  • Physical records are stored in locked cabinets
  • Digital data is stored in secure systems with restricted access
  • Appropriate technical and organizational measures are in place to protect against unauthorized access, loss, or misuse

7. Retention of Data

Clinical records are retained for a minimum of 5 years from the date of the last entry, in accordance with Danish legal requirements.
After this period, data may be securely deleted unless further retention is required by law.

8. Disclosure of Data

Your personal data will not be disclosed to third parties without your consent, except in the following circumstances:

  • When required by law
  • When necessary to prevent serious harm to you or others
  • When required for cooperation with other healthcare professionals (with your consent)

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of data (where legally permissible)
  • Restrict or object to processing
  • Receive a copy of your data (data portability)

Requests will be handled as soon as possible.

10. Complaints

If you are dissatisfied with how your data is processed, you have the right to lodge a complaint with the Danish Data Protection Authority:
Datatilsynet: www.datatilsynet.dk

11. Contact

If you have any questions regarding this Privacy Policy or the processing of your data, please contact:
Cristina Montoro
(+45) 71723014
www.cristinamontoro.net

12. Consent

I confirm that I have read and understood this Privacy Policy and consent to the processing of my personal data as described above.