GDPR Privacy policy

Notice of Privacy Practices GDPR

Practice Information

Solstice Counseling
Lisa Gianandrea
lisa@solstice-counseling.com

I am Lisa Gianandrea, a qualified counselor registered with the Nederlandse Federatie Gezondheidszorg (NFG) providing private counseling services in The Netherlands. I am the Data Controller of any personal information you provide.

This notice describes how health information may be used and disclosed and how you can get access to this information.

1. My Pledge Regarding Health Information:

I understand that health information about you and your health care is personal. I am committed to protecting health information about you. I create a record of the care and services you receive from me. I need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by this practice. This notice will tell you about the ways in which I may use and disclose health information about you. I also describe your rights to the health information I keep about you, and describe certain obligations I have regarding the use and disclosure of your health information. I am required by law to:

  • Make sure that protected health information (“PHI”) that identifies you is kept private.

  • Give you this notice of my legal duties and privacy practices with respect to health information.

  • Follow the terms of the notice that is currently in effect.

  • I can change the terms of this Notice, and such changes will apply to all information I have about you. The new Notice will be available upon request, in my office, and on my website.

2. What Information I Collect

To provide counselling, I may collect:

  • Your name, address, contact number, and email

  • Date of birth

  • Relevant medical and mental health history

  • Session notes and assessment details

  • Emergency contact information

3. Why I Collect This Information

Your data is collected to:

  1. Provide safe and effective counseling services

    • Maintain accurate records in line with ethical and legal requirements

    • Contact you about appointments or relevant information

    • Contact doctor or emergency contact only in emergency situations or as required by law


      As a health care provider, I will not use or disclose, or sell your PHI for marketing purposes.

4. Lawful Basis for Processing

Under GDPR, I rely on:

  • Legitimate interests for collecting session notes and records

  • Consent for contacting you or sharing data with other services (e.g. referrals)

  • Legal obligation if I am required to break confidentiality (e.g. safeguarding risk)

5. How Your Data Is Stored

Digital data is stored on password-protected and encrypted devices

I do not share your information unless required by law or with your consent

Data will be stored for 7 years and then destroyed

6. You Have the Following Rights With Respect to Your PHI:

You have the right to:

  1. Access a copy of your data

    1. Request corrections

    2. Ask for deletion (where appropriate)

    3. Complain to the complaints officer if concerned

    4. Withdraw consent (I may not be able to continue the therapeutic relationship if consent is withdrawn)