Privacy Policy

Paul Shin Therapy, Ireland
Effective date: 02 February 2026

Your privacy matters. This Privacy Policy explains how Paul Shin Therapy ("we", "us", "our") collects and uses personal data when you visit our website and when you contact us about therapy services.

This policy is intended to meet the requirements of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Who we are

Data Controller: Paul Shin Therapy
Contact email: info@paulshintherapy.ie

2. What data we collect

Depending on how you use the site, we may collect:

  • Contact details such as your name, email address, phone number, and the content of messages you send
  • Appointment details if you book a consultation or session through the site (date, time, and relevant booking information)
  • Payment information if you choose to pay online (payments are processed by third party providers; we typically do not store full card details)
  • Website usage data such as IP address, device type, browser type, pages visited, and approximate location based on IP

3. Special category data

If you contact us about therapy, you may choose to share information about your health or wellbeing. This is considered special category data under GDPR. We only use this information to respond to you, arrange services, and provide therapy when applicable, with appropriate safeguards.

4. How we collect data

  • When you fill in a contact form
  • When you email, call, or message us
  • When you book an appointment through our booking system (if used)
  • Automatically through cookies and similar technologies (see section 9)

5. Why we use your data and our legal bases

We use personal data for the purposes below, under these GDPR legal bases:

  • To respond to enquiries and communicate with you about services
    Legal basis: legitimate interests, and steps prior to entering a contract
  • To provide therapy services, manage appointments, and keep essential records
    Legal basis: performance of a contract
  • To handle payments and issue invoices/receipts
    Legal basis: performance of a contract, legal obligation
  • To maintain website security, prevent abuse, and troubleshoot
    Legal basis: legitimate interests
  • To improve our website using analytics (where enabled)
    Legal basis: consent (for non-essential cookies), legitimate interests (for essential operational logs)

For special category data (for example health-related information), we rely on GDPR Article 9 grounds such as explicit consent where appropriate and/or necessity for the provision of health-related services, with safeguards.

6. Who we share data with

We do not sell your personal data. We may share data only when necessary with:

  • Website and hosting providers (for example your website platform and infrastructure providers)
  • Email and productivity providers used to communicate with you
  • Scheduling/booking providers if you book through an online calendar system
  • Payment processors if you pay online
  • Professional advisers (for example accountant or legal advisers) where required

These providers act as processors and are required to protect your information. Some providers may process data outside the EEA. Where this happens, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (where applicable).

7. How long we keep your data

We keep personal data only as long as needed for the purpose it was collected, including legal, tax, insurance, and professional requirements. Retention periods can vary depending on the nature of the data and our obligations.

If you are a therapy client, you may receive additional privacy information as part of your therapy contract and consent paperwork, including more specific retention and record-keeping details.

8. Your rights under GDPR

You have rights in relation to your personal data, including:

  • The right to access your personal data
  • The right to rectify inaccurate or incomplete data
  • The right to erase data in certain circumstances
  • The right to restrict processing in certain circumstances
  • The right to data portability (where applicable)
  • The right to object to processing based on legitimate interests
  • The right to withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at info@paulshintherapy.ie. We may need to verify your identity before responding.

You also have the right to lodge a complaint with the Irish regulator: the Data Protection Commission (DPC).

9. Cookies and analytics

Our website may use cookies and similar technologies to ensure it works properly and to understand how it is used. Cookies are small text files placed on your device.

  • Essential cookies help the site function and cannot usually be switched off
  • Optional cookies (for example analytics) are used only if enabled and, where required, with your consent

You can control cookies through your browser settings and, where available, through any cookie banner on the site. Disabling cookies may affect some site features.

10. Security

We take reasonable technical and organisational measures to protect personal data. No method of transmission or storage is 100% secure, but we work to reduce risk and limit access to those who need it.

11. Children

This website is intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data through this website, please contact us so we can delete it where appropriate.

12. Changes to this policy

We may update this policy from time to time. The latest version will be published on this page with an updated effective date.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, contact:
Paul Shin Therapy
Email: info@paulshintherapy.ie