Legal information
Privacy & Cookie
Policy
Transparency matters to me. Here you'll find everything about how and why I process your data. Last updated: 2026-05-24.
1. Data controller
The data controller is Piotr Nowak, M.Sc., operating the psychotherapy practice brainLab.center, based at Centrum Medyczne Nasmedica, ul. Poselska 68, 63-000 Środa Wielkopolska, Poland.
For data-related enquiries, use the contact form or write to the practice address above.
2. What data we collect and why
2.1 Contact form
When you submit the contact form, we collect your first name, e-mail address (required) and optionally a phone number and your message.
- Purpose: responding to your enquiry.
- Legal basis: Art. 6(1)(f) GDPR — legitimate interest of the controller (handling correspondence).
- Retention: until the matter is resolved, and no longer than 3 years from last contact.
2.2 Screening test results (optional)
The screening tests (PHQ-9, GAD-7, AUDIT) on the Tools page are fully anonymous — scores are calculated locally in your browser and never transmitted. You may voluntarily provide your name and e-mail to receive your result by e-mail or to be contacted about a consultation. In that case we collect: first name, e-mail, test name, score and interpretation.
- Purpose: sending the result by e-mail and/or follow-up contact.
- Legal basis: Art. 6(1)(a) GDPR — your consent; Art. 9(2)(a) GDPR — explicit consent for processing health data (questionnaire results constitute sensitive data under GDPR).
- Retention: until consent is withdrawn, and no longer than 12 months.
2.3 Newsletter
If you tick the newsletter checkbox when submitting test results, we collect your e-mail address.
- Purpose: sending educational content on psychology and CBT.
- Legal basis: Art. 6(1)(a) GDPR — your consent.
- Retention: until consent is withdrawn.
- You may withdraw consent at any time by writing to us or clicking the unsubscribe link in any e-mail.
2.4 Appointment booking (ZnanyLekarz / DocPlanner)
Bookings are made via the external ZnanyLekarz (DocPlanner Group) widget. Data provided during booking (name, e-mail, phone) are processed directly by DocPlanner Group as a separate data controller, under their own privacy policy at docplanner.com.
3. Data processors
| Processor | Role | Country | Transfer basis |
|---|---|---|---|
| Cloudflare, Inc. | Website hosting (Cloudflare Pages) + network traffic proxying | USA | Standard Contractual Clauses (SCC), DPA with Cloudflare |
| Resend, Inc. | Transactional email delivery (test results, contact form) + newsletter contact list storage | USA | Standard Contractual Clauses (SCC), DPA with Resend |
| Google LLC (Google Maps) | Map embed on the Contact page | USA | Standard Contractual Clauses (SCC) |
| Google LLC (Google Workspace) | Practice mailbox (kontakt@brainlab.center) — receives messages from the contact form and test results; internal document storage | USA | Standard Contractual Clauses (SCC), Google Workspace DPA |
| DocPlanner Group | ZnanyLekarz booking widget — separate controller | PL/EU | DocPlanner's own privacy policy |
Data transferred to the USA is protected by appropriate safeguards (Standard Contractual Clauses approved by the European Commission under Art. 46 GDPR).
4. Cookies
4.1 First-party cookies
brainLab.center is a static website — the server sets no first-party cookies
(no logins, sessions, or analytics). The only value stored locally by this site is your
cookie consent choice, saved to browser localStorage
(key: cookie-consent). This is not a cookie, is never sent to any server,
and is cleared when you clear your browser data.
4.2 Third-party cookies
The following services may set their own cookies when loaded:
| Service | Where used | Purpose | Privacy policy |
|---|---|---|---|
| Google Maps | Contact page | Displaying the practice location map | policies.google.com |
| DocPlanner / ZnanyLekarz | Booking widget (Contact page, homepage) | Online appointment calendar | docplanner.com |
Third-party services are blocked until you give consent. Choosing "Essential only" replaces the map with a static address and the booking widget remains a plain link to the ZnanyLekarz profile.
4.3 Managing cookies
You can change your choice at any time — clear local site data in your browser settings
(DevTools → Application → Local Storage → brainlab.center → delete the cookie-consent
key) and the banner will reappear. You can also manage cookies directly in your browser settings.
5. Your rights
Under GDPR you have the following rights:
- Access (Art. 15) — you may request information about what data we hold.
- Rectification (Art. 16) — you may ask us to correct inaccurate data.
- Erasure (Art. 17) — the "right to be forgotten".
- Restriction of processing (Art. 18) — you may suspend processing.
- Data portability (Art. 20) — you will receive your data in a structured format.
- Objection (Art. 21) — to processing based on legitimate interest.
- Withdrawal of consent (Art. 7(3)) — at any time, without affecting prior processing.
To exercise any right, contact us via the contact form or by post. We will respond within 30 days.
6. Right to lodge a complaint
If you believe our processing of your data violates GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), Poland's supervisory authority:
ul. Stawki 2, 00-193 Warsaw, Polandwww.uodo.gov.pl
7. Changes to this policy
This policy may be updated — material changes will be communicated on this page. The date of the last update is shown in the page header.