Privacy Policy
Last updated: May 31, 2026
This Privacy Policy explains how The Library Within (hereinafter referred to as “we,” “us,” or “our”) process your personal data and your rights under the GDPR and applicable Dutch law.
1. Who We Are
- Controller: The Library Within, a private counselling and coaching practice owned by Adina Ciocoiu.
- Registration: Registered at the Chamber of Commerce (KVK) in the Netherlands under number 91508428 (KOR).
- Contact: For privacy-related questions, contact us at adina@thelibrarywithin.com
- Data Protection Officer (DPO): We have not appointed a Data Protection Officer because we are not legally required to do so; privacy questions can be sent to the contact details above.
2. Types of Data We Collect
Because our services may involve health-related or counselling-related information, we apply additional safeguards to this data. We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
| Category | Examples | Legal Basis (GDPR) | Retention Period |
|---|---|---|---|
| Personal Data | Name, email, phone, address | Contractual necessity, consent | Until deletion request or 2 years after last contact |
| Special Category Data | Special category data, including counselling notes and health information, is processed only where necessary for providing our services and on an applicable GDPR lawful basis, including Article 9(2)(h) or another valid basis under Dutch law where relevant | Article 9(2)(h) (healthcare) | 10 years (Dutch healthcare law) |
| Payment Data | Bank details, invoices | Legal obligation (tax compliance) | 7 years |
| Usage Data | IP address, browser type | Legitimate interest (security) | 1 year |
| Cookies | Essential cookies only | Legitimate interest (functionality) | Session duration |
Note: We currently use only essential cookies and no non-essential tracking technologies. If this changes, we will ask for your consent before placing any non-essential cookies.
3. How We Use Your Data
We use your data only for specified, explicit, and legitimate purposes, and we do not process it further in a way that is incompatible with those purposes
- Providing Counselling Services: To deliver sessions, manage appointments, and maintain records (legal basis: contractual necessity, legal obligation).
- Communication: To send appointment reminders, updates, or responses to your inquiries (legal basis: contractual necessity, consent).
- Payment Processing: To handle invoices and payments (legal basis: legal obligation).
- Security and Improvement: To ensure the security of our systems and improve our services (legal basis: legitimate interest).
4. Confidentiality of Counselling Sessions
- Counselling sessions and notes are treated as confidential and are handled under our service agreement and applicable professional confidentiality obligations.
- We will only disclose your information if you have given consent, where disclosure is required by law, where it is necessary to protect vital interests, or where another lawful basis applies.
5. Data Sharing and Third Parties
Where any service provider processes personal data on our behalf, we use a data processing agreement and require appropriate confidentiality and security measures.
| Recipient | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| Payment and accounting providers we use to process invoices and payments | Process payments | Name, email, payment details | GDPR-compliant contracts (SCCs) |
| Email and communication providers we use to send and receive messages securely. | Secure communication | Name, email | Encrypted transmission |
| Legal Authorities | Compliance with law | As required by legal request | Only when legally obligated |
MailPoet newsletter & emails
If you subscribe to our newsletter, create an account, or use our services, we may send you service-related or subscription-related emails. We will only send you emails which you have signed up to receive, or which pertain to the services we provided to you.
To send you emails, we use the name and email address you provide us. Our site also logs the IP address you used when you signed up for the service to prevent abuse of the system.
This website can send emails through the MailPoet Sending Service. This service allows us to track opens and clicks on our emails. We use this information to improve the content of our newsletters.
No identifiable information is otherwise tracked outside this website except for the email address.
Their privacy policy can be found here https://automattic.com/privacy/
Forminator Forms
When you submit a form, we may collect the information you enter, your IP address, and technical metadata for spam prevention, security, and response handling. When visitors or users submit a form we retain the data for 30 days.
Their privacy policy can be found here https://forminator.gg/policies/privacy
ALTCHA
We use ALTCHA for spam protection. ALTCHA is operated entirely on our own servers. No data is transferred to ALTCHA or other third parties for verification purposes. ALTCHA does not use tracking cookies, fingerprinting techniques, or external services. The processing is based on our legitimate interest in securing our website, preventing abuse, and ensuring the availability of our services.
Their privacy policy can be found here: https://altcha.org/privacy-policy/
Note: We use Standard Contractual Clauses (SCCs) for any data transfers outside the EU/EEA.
6. Data Security
- Encryption: All electronic records are encrypted.
- Access Control: Only authorized personnel (e.g., your counsellor) can access your data.
- Data Breaches: In the event of a breach, we will notify you and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) within 72 hours if the breach poses a risk to your rights.
7. Your GDPR Rights
You have the following rights under GDPR. To exercise them, contact us at adina@thelibrarywithin.com. We will respond within 30 days (extendable to 60 days for complex requests).
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Request correction of inaccurate or incomplete data. |
| Right to Erasure | Request deletion of your data, unless we have a legal obligation to retain it. |
| Right to Restrict Processing | Request that we limit how we process your data. |
| Right to Object | Object to processing based on legitimate interests (e.g., direct marketing). |
| Right to Data Portability | Request your data in a structured, machine-readable format (applies to automated data only). |
| Right to Withdraw Consent | Withdraw consent for processing (e.g., newsletters). Note: This does not affect past processing. |
Verification: We may ask for a copy of your ID to verify your identity before processing requests.
8. International Data Transfers
- Your data is primarily processed within the EU/EEA.
- If we transfer personal data outside the EEA, we rely on an adequate transfer mechanism such as Standard Contractual Clauses and, where relevant, supplementary safeguards
9. Children’s Privacy
Our services are not intended for children, and we do not knowingly collect personal data from minors without appropriate consent where required.
10. Automated Decision-Making
- We do not use automated decision-making or profiling based on your personal data.
11. Links to Other Websites
- Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to review their policies.
12. Changes to This Policy
- We may update this policy periodically. We will notify you of significant changes via email or a notice on our website.
- The “Last updated” date at the top will reflect the most recent version.
13. Contact Us
For questions or requests regarding your data or this policy:
- Email: adina@thelibrarywithin.com
14. Supervisory Authority
If a situation has come up and it cannot be solved between ourselves, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
- Website: https://autoriteitpersoonsgegevens.nl
- Address: Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ Den Haag, Netherland