Privacy Policy

Thank you for your interest in my Privacy Policy. This policy applies to my website, www.progressivetherapist.com, operated by Eugene Belilovsky, the operating agent of The Progressive Therapist, LLC (the “data controller”). When I refer to “we,” “us,” or “our,” this includes myself and the third parties I use to provide the website and its services.

If you have any questions, please reach out to me at [email protected], call +1-914-296-0858, or use my Contact Form.

Background

This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to help make sure you understand the information provided. However, to achieve this objective I would like to explain the following three concepts.

  1. What is Personal Information?
    Personal Information refers to any information that can identify an individual. This includes any data that, when combined, can lead to the identification of a specific person.

  2. What is Processing?
    “Processing” includes any action performed on data, such as collection, storage, or usage.

  3. What law applies?
    I act as the data controller under the New York Privacy Act (NYPA) and the EU’s General Data Protection Regulation (GDPR).

General Principles

a) Purpose and legal basis of processing

I process Personal Information based on specific purposes and legal grounds under NYPA and GDPR. These purposes include:

  • Providing the website and its content
  • Responding to inquiries and communicating with clients
  • Offering services, resources, and courses
  • Implementing security measures

I process information only when I have at least one lawful basis, such as:

  • Your consent
  • Fulfilling my services and contractual obligations
  • Meeting legal requirements
  • Protecting legitimate interests

b) Security

My website uses SSL/TLS encryption to safeguard data during transmission. While I strive to maintain the highest security standards, no system is entirely foolproof. In case of a data breach, I will notify affected individuals as quickly as possible.

c) Retention and Storage

I retain your data only as long as necessary to fulfill the purposes outlined in this Privacy Policy. Client data may be stored in SimplePractice (for therapy clients) and LearnDash (for course users), based on legitimate interests.

d) Minors

I generally do not work with minors unless verifiable parental or guardian consent is obtained. I do not knowingly collect or share data from minors without consent.

e) Automated decision-making

Automated decision-making or profiling does not occur on this website.

f) Do Not Sell

I do not sell your Personal Information.

g) Special Category Data

Unless it is specifically required and consent is obtained, for a particular service, I do not process special category data. In terms of working with clients, there are some questions that I ask during intake, that maybe are considered to be special category data.  These questions are just so that I have a better understanding of a client’s background and for assisting in my work with a client. A client is not required to answer these questions. 

h) International Transfer

In the course of my website operation, we process data. To my knowledge, we usually do not transfer Personal Information to countries outside the USA. However, if we do, I will plan to make sure that processing of your Personal Information is governed by Processing Agreements that include Standard Contractual Clauses for a high level of data protection.

i) Sharing and Disclosure

I will not disclose or otherwise distribute your Personal Information to third parties except when it is:

  • Necessary for my services
  • Authorized by you
  • Required by law

Data Collection and Processing

a) Data that is collected automatically

     i) Log files

Each time you visit my website, a number of general data and information is transmitted, even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website’s server. This data and information that are collected are technically necessary for the display of my website to you and they serve the stability, security and danger or threat prevention in the event of attacks on my website.  Some examples are:

  • IP address
  • date and time of an access to the website
  • type and version of browser used
  • operating system used and its interface
  • the website from which an accessing system arrives at my website (so-called referrer)
  • sub-websites that are accessed via an accessing system on my website,
  • Internet service provider of the accessing system.

This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest. When analyzing these general data and information, I do not draw any conclusions about you as a data subject.

   

     ii) Hosting

To provide my website, we use the services of Krystal Hosting, who process the above-mentioned data and all data to be processed in connection with the operation of this website on my behalf. The legal basis for the data processing is my legitimate interest in providing my website. 

     iii) Cookies

We use so-called cookies on our website. Cookies are pieces of information that are transmitted from my web server or third-party web servers to your web browser and stored there for later retrieval. Cookies are generally categorized in different types and can broadly be considered as essential or non-essential. In accordance with the EU’s Privacy and Electronic Communications Directive (“PECD”), I need to obtain consent for the use of non-essential Cookies. Doing so, you should be prompted to make a selection on our use of cookies when you first visit my website by means of a Cookie Consent Management Tool operated by CookieYes. For further information on the Cookies we use, please refer to my Cookie Policy .

     iv) When you watch my videos

On this website, videos may be embedded from YouTube, a service provided by Google LLC. When you open a page with an embedded video, your browser connects to Google’s servers to display the video content. According to Google, in “extended data protection mode,” your data (such as the pages you visited and your IP address) is only transmitted to YouTube’s servers if you choose to watch the video. By clicking to play a video, you consent to this transmission of data to Google.

b) Data from third party sources

I may occasionally receive data from third-party sources (such as social media networks) to improve services. However, this is rare, and I aim to always do this in an ethical way.

c) Data that is collected directly

     i) Contacting me

If you contact me, your transmitted Personal Information will be automatically stored for the purpose of processing the request or replying to you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or the initiation of a contractual service.

     ii) Social Media

I’m present on social media on the basis of my legitimate interest (currently YouTube, Facebook, LinkedIn, and Instagram). If you contact me via social media, I and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is my legitimate interest, your consent, or, in some cases, the initiation of a contractual service, if any.

     iii) Online appointment booking via Acuity Scheduling

I use the service of Acuity Scheduling for the simplified booking of the free consultation appointments. By using this service, data is transferred to Acuity Scheduling. The processing of the data entered via Acuity Scheduling is thus exclusively based on a legitimate interest of simplified appointment arrangement. The data entered by you remains with us until you request us to delete it or the purpose for storing the data no longer applies.

     iv) Course(s)

My course(s) are provided using the services of LearnDash. In accordance with LearnDash’s Privacy Policy your data may be stored at LearnDash, in their databases and applications on a secure server with up-to-date security standards. The legal basis for the use of the LearnDash service is the establishment and implementation of the user contract for the use of my course(s).

If you buy the online course(s), it is also possible for you to register for an account. For this purpose, you can choose a password together with your e-mail address/username, both of which will enable you to log in more easily in order to access the course(s) and making it easier in case there will be more courses or other services in the future that you would like to purchase. We store the data you enter to set up a customer account through which your orders are recorded, executed, and processed. We will hold your data for further orders as long as you have your account with us. The legal basis for the data processing is our contract and the fulfillment of our legal obligations.

     v) Payment Data

If you pay through my website for the course(s), your payment data will be processed via my payment service provider Stripe. Payment data  for purchasing of the course(s) will solely be processed through Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.  I do not process payments or take payment data for counseling sessions through my website.

     vi) Mailing list

If you join my mailing list, we process your name and e-mail address in order to potentially send various updates, newsletters, course launches etc.. I may send you newsletters and communications on a regular or occasional basis. Unsubscribing is possible at any time and can be done either by sending a message to me at [email protected], or via a link provided for this purpose in the email that you receive. The relevant e-mails are sent using the services of Mailchimp by Intuit Inc. The legal basis for the processing of your Personal Information is your consent.

     vii) Administration, financial accounting, office organization, contact management

I process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and my legitimate interest.

     viii) Testimonials

If you choose to give a testimonial, within your testimonial you may be able to share certain details, knowledge, insights etc. Content and data are publicly viewable. You have choices about the information on your testimonial. You are not required to provide a testimonial, and it is your choice whether to include sensitive information and to make it public. Please do not post or add personal data to your testimonial that you would not want to be publicly available/viewable. The legal basis for the storage is my legitimate interest and your consent.

Cooperation with Processors

I may use third-party providers like Google Fonts, Font Awesome, and WooCommerce to integrate content and services on the website. These providers must know your IP address to deliver content.

Marketing

With your consent, I may send you promotional communications. However, I aim to run my business ethically and will not take any action you wouldn’t appreciate.

Your Rights and Privileges

      a) Privacy Rights

Under the NYPA, you can exercise the following rights:

  • Right to Notice
  • Right to Opt-In Consent
  • Right to Access, Correct Data
  • Right to Delete

Under the GDPR, you can exercise the following rights:

  • Right to information
  • Right to rectification
  • Right to object to processing
  • Right to deletion
  • Right to data portability
  • Right of objection
  • Right to withdraw consent
  • Right to complain to a supervisory authority
  • Right not to be subject to a decision based solely on automated processing

If you have any questions or if you want to enforce your right, please contact me at [email protected]

     b) Updating your Information

If you believe your information is incorrect, please contact me to correct it.

     c) Withdrawing your Consent 

You can withdraw your consent anytime by contacting me.

     d) Access Request

For Data Subject Access Requests, please reach out to me. I will aim to respond within 30 days.

     e)  Complaints

If you believe your data rights have been violated, you have the right to file a complaint with a supervisory authority.

     f)  COPPA (Children Online Privacy Protection Act)

When it comes to the collection of PII from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. I do not plan to specifically market to children under the age of 13 years old. I also do not plan to allow users under the age of 13 to use my services unless verifiable parental or legal guardian consent is obtained through direct contact. I also do not knowingly collect any data from users under the age of 13, unless verifiable parental or legal guardian consent is obtained through direct contact.

     g) CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CANSPAM, I agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email me at [email protected], and once I have received your request, I will remove you from ALL correspondence.

     h) Do-Not-Track Features

My website currently does not respond to Do-Not-Track signals due to the lack of a standardized technology. I will update this policy if standards change.

Changes

I may update this policy from time to time. If significant changes are made, I will revise this policy accordingly.

Questions?

If you have any questions, please contact me at [email protected]

Effective Date:  Last updated on Saturday October 19th, 2024.

Scroll to Top