Last updated: January 2026. This policy explains how MindNet collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR).
MindNet ApS ("MindNet", "we", "us", "our") is the data controller responsible for the personal data collected through this website and through our therapy services.
We collect personal data only when you actively provide it to us, or when it is technically necessary to deliver our services. We do not collect data we do not need.
When you contact us or enquire
When you register for a therapy group
When you visit our website
When you apply for a position
We use your personal data only for the purposes for which it was collected:
We do not use your data for marketing, profiling, or automated decision-making, and we do not sell your data to any third party.
Under the GDPR, we must have a legal basis for processing your personal data. Depending on the context, we rely on one or more of the following:
| Processing activity | Legal basis (GDPR Article 6) |
|---|---|
| Responding to enquiries | Legitimate interests (Art. 6(1)(f)) |
| Group therapy administration & clinical records | Contract performance (Art. 6(1)(b)) + explicit consent for health data (Art. 9(2)(a)) |
| Invoicing & accounting | Legal obligation (Art. 6(1)(c)) |
| Job applications | Consent (Art. 6(1)(a)) |
| Website analytics | Consent (Art. 6(1)(a)) |
Information about your mental health, psychological wellbeing, or therapeutic needs is classified as special category data under GDPR Article 9. We process this data only with your explicit consent, which you provide when you register for a group or engage in a clinical relationship with us.
This data is treated with the highest standard of confidentiality. It is accessible only to the psychologist or therapist working directly with your group, and is never shared with third parties except where we are legally required to do so (for example, where there is a serious and immediate risk of harm).
All our therapists are bound by professional confidentiality obligations under Danish law and the ethical guidelines of their professional bodies.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data type | Retention period |
|---|---|
| Clinical records (therapy participation) | 5 years after last contact (Danish professional standard) |
| Accounting and invoicing records | 5 years (Danish Bookkeeping Act) |
| General enquiry correspondence | 2 years from last contact |
| Job applications (unsuccessful) | 6 months after the process concludes |
| Website analytics data | 26 months (Umami default) |
| Language preference cookie | 365 days |
As a data subject, you have the following rights. To exercise any of them, contact us at info@mindnet.dk. We will respond within 30 days.
Right of access
You can request a copy of all personal data we hold about you.
Right to rectification
You can ask us to correct inaccurate or incomplete data.
Right to erasure
You can ask us to delete your data where we no longer have a lawful basis to hold it.
Right to restriction
You can ask us to limit how we process your data in certain circumstances.
Right to portability
You can request your data in a structured, machine-readable format where technically feasible.
Right to object
You can object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent
Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS), access controls, and regular security reviews.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Danish Data Protection Agency (Datatilsynet) within 72 hours, and you directly where required.
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The date at the top of this page indicates when it was last revised. Where changes are significant, we will notify you by email if we hold your contact details.
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
If you are not satisfied with our response, you have the right to lodge a complaint with the Danish Data Protection Agency:
We are happy to answer any questions you have about how we use your personal data. Just get in touch.
info@mindnet.dk