Privacy Policy

Last updated: May 7, 2026

Effective date: May 7, 2026

1. WHO IS RESPONSIBLE FOR YOUR DATA

The controller is Salman Kasi, a sole trader based in Helsinki, Finland (salmankasi.com). Contact: salmankassi@gmail.com.

2. WHAT THIS COVERS

How I handle personal data when you use my website, book or attend IFS informed sessions or webinars, contact me, or speak with me on messaging platforms.

3. THE DATA I COLLECT

Contact details you give me (name, email, anything in a booking or message).

Booking details from the scheduling tool.

Session content, meaning whatever you choose to share with me, which can include sensitive information about your mental and emotional health, relationships, and history.

Messages we exchange (email and platform conversations such as Reddit).

Payment information, handled by my payment provider.

Website server logs (such as IP address and basic technical data).

4. SENSITIVE DATA ABOUT YOUR HEALTH (SPECIAL CATEGORIES)

Because this is IFS informed therapeutic work, what you share in sessions can be a special category of personal data under Article 9 of the GDPR, in particular data concerning your health.

I process it only with your explicit consent, which you can withdraw at any time, and only to provide the service you asked for. I keep it to a minimum, store it securely, limit access to myself, and never use it for anything beyond supporting our work. You are never required to share more than you want to.

5. WHY I AM ALLOWED TO USE YOUR DATA

To deliver bookings and sessions you request: performance of a contract.

For session content and health information: your explicit consent (Article 9).

For accounting and tax records: legal obligation under Finnish law.

To run and secure the website and to reach out about relevant services: legitimate interest.

6. HOW LONG I KEEP IT

Server logs: 90 days.

Booking records: 2 years after last contact.

Messages: up to 2 years after the last message.

Records needed for accounting: 6 years after last contact, as required by Finnish bookkeeping law.

Notes containing health information: only as long as needed for our work, then deleted, unless accounting law requires a basic transaction record.

7. WHO ELSE PROCESSES YOUR DATA

[Calendly] for scheduling (United States, Standard Contractual Clauses or Data Privacy Framework).

[Webshare] in connection with platform messaging (United States, Standard Contractual Clauses).

[Payment processor] for payments.

[Hosting provider] for the website.

[Email provider] for email.

Where data leaves the EU or EEA, it is protected by safeguards such as Standard Contractual Clauses or the EU US Data Privacy Framework.

8. YOUR RIGHTS

Under the GDPR you can access your data, correct it, have it erased, restrict or object to processing, ask for portability, and withdraw consent at any time. To use any right, email salmankassi@gmail.com.

9. COMPLAINTS

If you are in the EU, you may complain to the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu).

10. CHANGES

I may update this policy. The latest version is always on this page.