Irene Lähde Stress & Sleep Wellbeing
Free consultation

Legal

Privacy Policy

How your personal data is handled when you use this website, get in touch, or work with the practice.

Our approach, in short

At Irene Lähde – Stress, Sleep & Wellbeing (“we”, “our”, or “the practice”) we take your privacy seriously and handle any sensitive information with care. This policy explains how we collect, use, share and protect your personal data, in line with the General Data Protection Regulation (GDPR / AVG) and Dutch privacy law.

This website is a static site hosted in the European Union. It sets no tracking or advertising cookies, uses no United States services, and loads its fonts from its own server rather than a third-party font network. We do not buy or build profiles about you, and we do no automated profiling. Any personal data you choose to send us stays within the EU.

Who we are (data controller)

The practice is the “data controller” for your personal data – meaning we decide why and how it is processed. We are a Dutch wellbeing practice based in The Hague, serving clients there and online.

We operate as a service-area practice (The Hague and online), so no public street address is listed. The treatment location is shared privately with booked clients.

The personal data we collect

When you use this website

We only receive data that you actively choose to give us:

  • Contact form. When you send us a message, we receive your name, email address, your optional phone number, the topic you select, and the contents of your message. We use this only to reply to you. The form asks you to confirm (a tick box) that you consent to us using these details to respond.
  • Newsletter. If you subscribe, we store your email address in our own EU-based mailing system. We use a double opt-in: you are only added after you click the confirmation link we email you, and you can unsubscribe from any message at any time.
  • Visitor statistics. We use privacy-friendly, cookieless analytics that count visits in aggregate. They do not use cookies, do not identify you, and do not track you across other websites.

When you become a client of the practice

The website itself does not collect health information. If you go on to work with us, then – as part of the therapeutic relationship and during sessions – we may record information needed to provide your care, such as relevant health background, sleep and stress patterns, your goals, and session notes. This is special-category (health) data and we treat it with the highest level of confidentiality.

Why we process your data, and our legal basis

  • Health and treatment data – to provide your care. Our legal basis is your explicit consent and, where our services constitute healthcare under Dutch law, the healthcare exception in Article 9(2)(h) GDPR. In an emergency we may also rely on protecting vital interests.
  • Replying to your enquiry – on the basis of your consent and our legitimate interest in answering people who contact us.
  • Delivering services you book – to perform our agreement with you (scheduling, preparation, follow-up, record-keeping).
  • Newsletter – only with your consent, which you can withdraw at any time.
  • Legal obligations – e.g. keeping the tax and healthcare records the law requires.

Who can access your data

We keep access to a minimum. Your data may be handled by:

  • Our EU hosting and IT providers, who run the server and the tools we use (website, contact-form handling, mailing system) under confidentiality terms, and only as needed to keep the service working.
  • Other healthcare providers – only with your explicit consent.
  • Authorities – only where we are legally required to disclose information, or to protect someone’s vital interests.

We never sell your personal data, and we do not share it for advertising.

Where your data is processed

All of our systems – website hosting, contact-form handling and our mailing system – run on infrastructure located within the European Union. We do not use US-based services, and we do not transfer your data outside the EU.

How long we keep it

  • Health records: 20 years after your last treatment, as required by Dutch healthcare law (WGBO).
  • Financial records: 7 years, as required by Dutch tax law.
  • Enquiry messages: kept only as long as needed to deal with your enquiry and any follow-up, then deleted.
  • Newsletter: until you unsubscribe or withdraw your consent.
  • Visitor statistics: held only in aggregate, with no data that identifies you.

We do not record sessions.

How we keep it secure

We use appropriate technical and organisational measures: encrypted connections (TLS) for data in transit, access limited on a need-to-know basis, a professionally maintained EU server with security monitoring and regular updates, and confidentiality protocols for any health information. If a data breach ever affects your rights, we follow the required procedures, including notifying the authorities and you where the law requires it.

Your rights under the GDPR

You have the right to:

  • Access – ask for a copy of the personal data we hold about you.
  • Rectification – have inaccurate or incomplete data corrected.
  • Erasure – ask us to delete your data (subject to the legal retention periods above).
  • Restriction – ask us to limit how we use your data in certain situations.
  • Portability – receive your data in a structured, machine-readable format.
  • Object – object to certain processing.
  • Withdraw consent – at any time, where we rely on your consent.

To exercise any of these, email us at info@irenelahde.com. We may need to verify your identity first. We aim to respond to general enquiries within 5 business days, and to formal rights requests within 30 days.

Cookies and tracking

This site sets no advertising or tracking cookies, and our analytics are cookieless. See our Cookie Policy for the full detail.

Marketing emails

We only send marketing emails (such as our newsletter) with your consent. Every email includes an unsubscribe link, and you can opt out at any time – or just email us.

Children

Our services are intended for adults (18+). We do not knowingly collect data from children under 16 without parental consent.

Automated decisions and profiling

We do not use automated decision-making or profiling that has a significant effect on you.

Links to other websites

Our website may link to other sites. We are not responsible for their privacy practices, so please review their own policies before sharing information with them.

Changes to this policy

We may update this policy to reflect changes in the law, our services, or our privacy practices. We will note significant changes here and update the date below.

Complaints

If you are unhappy with how we handle your data, please contact us first at info@irenelahde.com so we can put it right. You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl, phone 0900 2001 201).

Professional confidentiality

Beyond our legal obligations, we maintain professional confidentiality. Any information you share in the course of therapy is treated with the highest level of discretion.

Contact us

For any privacy question, or to exercise your rights, email info@irenelahde.com or call +31 6 29250864. You can also use our contact page.

A Dutch version is available on request. Nederlandse versie op aanvraag beschikbaar.

Last updated: 2 June 2026.