Privacy Policy

Effective Date: 03 January 2025

This Privacy Policy applies exclusively to the Psychology Today directories provided by Sussex Directories Inc.

If you are looking for the Privacy Policy for Psychology Today articles, blog posts, explainers, quizzes, self tests and content provided by Sussex Publishers, LLC., please click here to view it.

What We Do

At Sussex Directories Inc, (“Sussex,” “Psychology Today,” “we,” “us” or “our”) we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you access or use websites, applications, and services that are owned and operated by us and that link to this Privacy Policy (collectively the “Services”).

This Privacy Policy is designed to help you, the users of our Services (“Users”, “you,” or “your”) understand how we treat your personal data. By using or accessing our Services, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you consent to the collection, use, and sharing of your information as described here. If you are using the services on behalf of another person (such as a minor), you confirm that you have the authority to accept this policy on their behalf. If you do not agree with this Privacy Policy, you may not use the Services. 

When We Ask For Your Explicit Consent

As part of our service, we may ask for your consent to agree to the terms of this Privacy Policy and our Terms. We need your explicit consent because, in order to provide the relevant tools, we may need to capture, store, and occasionally share private information about you. This allows us to deliver a secure, seamless, and personalized experience while adhering to legal requirements and best practices for data protection.

By giving your explicit consent, you are agreeing to how we handle your data, ensuring it is used only for the purposes outlined in this Privacy Policy—such as improving our services, maintaining security, and enabling the features you rely on. We never share your information without a valid reason or without taking steps to protect your privacy.

Your trust is vital to us, and we are committed to safeguarding your data with industry-standard security measures and strict privacy protocols. Below are the services that require your explicit consent before being used: 

Emails to and from Professional Members (Message Center):

When you use a contact form to send an email to a Professional Member listed on the directory, your email is handled by a HIPAA compliant Service which keeps and stores your emails securely within a message center. Certified hosting services (such as Amazon Web Services) securely process and host the data. Only the intended recipient can access the email. This feature enables private, secure, compliant communication between Users and Professional Members through email, through our website and through our native mobile app for Professional Members. While emails are stored and handled securely within our Service, email itself, especially in transit, is an insecure form of communication. Avoid including sensitive information, such as medical or insurance details, that could be intercepted or misused. By consenting, you acknowledge that your emails, sent through the contact form on our Site and any further email communications may be processed within the message center to provide these functionalities, in compliance with privacy regulations.

Professional Members Login and PT Pro (Native App):

Professional Members must provide consent when first logging into their member area or using the PT Pro app. These tools allow Professional Members to efficiently manage their profiles, including editing details, reviewing profile statistics (e.g. views, contacts), and inviting and hosting online video sessions with clients. Professional Members can also access a history of client communications within the message center and the PT Pro app, where they can directly contact clients. All personal data and communication with clients is held securely within HIPAA compliant servers. Professional Members may sign a Business Associate Agreement, which is incorporated by reference into this Privacy Policy. By providing consent, you authorize Sussex to process the necessary data to support these features while maintaining the highest standards of data protection.

Client Video (Video Conferencing Tool for Users):

The client  video conferencing tool, available to Users on the web and in an app (“Client Video”) provides a secure, and simple video conferencing tool for clients to meet Professional Members online for therapy sessions. Sussex Directories simply provides this tool as an effective means of communication, but does not offer any therapy or health services itself. The Client Video app is secure and does not capture, store or use any health information. By consenting, you agree to the use, processing and storage of necessary technical data to establish and maintain a secure video connection, ensuring your privacy and confidentiality.

More details about the information we collect, process and store during your use of any of the Services above can be found in the paragraphs below.

1. Information We Collect

Personal Data

The following sections outline the types of personal data we collect. Information of this kind refers to data that can identify or be linked to a specific individual and may include what is commonly referred to as “personally identifiable information” under applicable privacy laws and regulations. For each type of personal data, we also explain how we collect it, the commercial or business reasons for collecting it, and the categories of third parties with whom we may share this data. More detailed information about these sources and categories is provided below.

The following subsections apply to users of the publicly available areas of the site, where you are not required, nor able, to log in. “Professional Members” of the site, who have an account and are able to log in, should refer to the Professional Members section (found below on this page) for additional information

Categories and examples of Personal Data

• Personal Identifiers: Name, email address, phone number, mailing address, ZIP code.
• Online Identifiers: Public IP address, device ID, Device type, browser type, operating system.
• Internet Activity: Webpage interactions, referring source, analytics data
• Geolocation Data: IP address-based location information, phone call location
• Other Identifying Information: Personal data including any identifying information you may share in emails, messages, or other forms of communication you choose to send to us or Professional Members using our Services.

_____________________________________________________________________________

2. Sources of Personal Data

We collect personal data from the following sources:

From You

Directly from you

• When you use our interactive tools and services, such as searching for professionals.
• When you send an email to a Professional Member listed in one of the directories or when you email a friend about a Professional Member (such as your name, email address, and your friend’s name and email address).
• When you contact a Professional Member by phone.
• When you read blog posts, articles, FAQs and other site content.
• When you submit information through free-form text fields, participate in surveys, complete questionnaires, or leave reviews. 
• When you take a self-test or quiz. 
• When you subscribe to a publication or purchase from us (such as your name, address, and payment information). Payment details are handled directly by the credit card processor, and we do not store them.

Automatically via the Services

• Through the use of Cookies (as described below).
• Through tracking images in emails used to determine open rate.
• When you use our site, we may gather information sent from your device to help us deliver the services you need. This could include data such as your login status and your availability to receive notifications or updates.
• If you use our mobile apps or access our site with a location-enabled browser, we may collect details related to your location and device, as necessary

Third Parties

Service Providers

• We may work with service providers to help analyze how you use and engage with our Services or to assist in providing customer support.
• Additionally, we may utilize service providers to gather information for lead generation purposes 

Analytics Partners

• We collaborate with analytics partners to gather insights on website traffic and how our Services are used.

Professional Members

• We may receive certain information from the Professional Members listed on our platform to facilitate appointment scheduling.

Advertising Partners

• We may receive information from our service providers who assist us with marketing or promotional efforts, based on how you interact with our Services, advertisements, or communications.

_____________________________________________________________________________

3. How We Use Your Information

We use your personal data for the following purposes:

A. Providing and Managing the Services

• Facilitate contact and communications with Professional Members 
• Send communications regarding our services.
• Filter out bad actors from using and abusing our services.

B. Improving the Services

• Analyze user interactions and behavior to enhance our Services.
• Personalize content and user experience based on individual preferences.

C. Marketing and Promotional Activities

• Use contact details to send marketing materials. Provide targeted advertising on blogs, articles and other non-directory content.

D. Legal Compliance and Security

• Use personal data to comply with legal requirements (e.g., retaining data for regulatory purposes or responding to valid law enforcement requests).
• Detect and prevent fraudulent activities.
• Implement security measures to protect personal data from unauthorized access.

F. De-Identified and Aggregated Data

• Use anonymized or de-identified data to create aggregated reports for analysis, research, and improving services.

_____________________________________________________________________________

4. How We Disclose Your personal data

We may share your personal data with third parties in the following situations:

A. Service Providers

• Share personal data with third-party providers for services like:
  • Data Hosting: Host and store data securely.
  • Customer Support: Provide assistance with account and service issues.
  • Analytics: Monitor website performance and user interactions
  • Magazine Subscription: name, address and payment data to fulfillment and payment services.

Example of 3rd Party Vendors We May Use

• Data Hosting: Amazon Web Services (AWS), Cloudflare
• Customer Support: Zendesk, Hubspot
• Analytics: Google Analytics, DataDog

B. Professional Members using our Services

• Share relevant personal data with Professional Members to manage your communication with these Professional Members:
  • Contact Information: Name, email and phone number.
  • Information you include as part of the free form input box when contacting a Professional Member using the contact form on our Services

Example of 3rd Party Vendors We May Use

• Email Delivery API: Mandrill, Amazon SES
• Phone and SMS Services: Twilio

C. Legal Disclosures

• Disclose personal data in response to legal requests, such as subpoenas, court orders, or regulatory demands.
• Protect the rights, property, and safety of Sussex, its users, or the public.

Example of 3rd Party Vendors We May Use

• Security and Fraud Prevention Tools: reCAPTCHA, CloudFlare

D. Business Transfers

• Transfer personal data during mergers, acquisitions, or business restructures. You will be notified of any changes to the handling of your data.

E. Third-Party Advertisers or Services

• Share aggregated, non-personal data with advertising partners for targeted ads. (see section 5 for more info)

Example of 3rd Party Vendors We May Use

• Google Ads/Adsense
• DoubleClick

F. De-Identified Data

• Share de-identified, aggregated data with third parties for research, statistical analysis, or service improvements. This data cannot identify individual users. However, if you have provided consent to certain third-party providers, such as Google, they may use additional data they collect to link it back to your identity.

Example of 3rd Party Vendors We May Use

• Google Analytics
• DataDog
• Tableau 

G. Other Disclosures with Your Consent

• Share personal data with third parties for specific purposes, but only with your explicit consent. You will be notified of the purpose and can opt out.

In addition, we may use artificial intelligence (“AI”) tools to enhance or operate certain functions of the site, such as chat and customer service features.

_____________________________________________________________________________

5. Tracking Technologies, Advertising, and Your Options

The following sections explain how we collect your personal data and how you can manage your preferences.

Information Collected Automatically

Sussex utilizes cookies and similar technologies, such as pixel tags, web beacons, clear GIFs, mobile identifiers, and JavaScript (collectively referred to as “Cookies”), to recognize your browser and device and track your interactions with our website. These technologies help us understand user behaviors, improve our services, and tailor our advertising efforts. For example, we use Cookies to optimize your experience, customizing the content and ads you see, monitoring site performance, and preventing fraud. Cookies are small data files placed on your device (such as your computer, tablet, or smartphone) when you access our Services. Additionally, we may combine information collected via Cookies with data from third-party sources to enhance our services.

Types of Cookies We Use:

• Essential Cookies: These Cookies are necessary for the functionality of the website, enabling features such as secure login areas. Disabling these Cookies may prevent certain features from functioning properly.
• Functional Cookies: These Cookies allow us to remember your preferences, such as language settings, and provide you with a more personalized experience when using our Services.
• Performance and Analytics Cookies: These Cookies help us gather insights into how users interact with our site, such as which pages are visited most frequently, which buttons are clicked, how long users stay on certain pages, and how visitors navigate through the site. This helps us improve both the functionality and the effectiveness of our content.
• Advertising and Retargeting Cookies: These Cookies collect information about your browsing habits across different websites, allowing us and third parties to show you advertisements that are relevant to your interests. These Cookies help ensure that the ads you see are personalized based on your preferences.

Web Beacons and Tracking Technologies

We also use web beacons (sometimes called pixel tags or clear GIFs) on our website and in emails. These small graphic files allow us to gather data on user interactions,such as whether emails are opened or links are clicked. This helps us evaluate the effectiveness of our communications and improve future marketing efforts.

Mobile Device Identifiers

Mobile device identifiers are unique identifiers stored on your mobile device, which help us understand user behaviors on mobile devices, including how you interact with the Services. These identifiers collect data such as your IP address, location, device type, and interaction history. This data helps us improve mobile functionality and provide more targeted advertising based on mobile usage.

Cross-Device Tracking

We may use data obtained from multiple devices to ensure a consistent user experience and understand whether the same user is accessing our Services on different platforms. We may also work with third-party partners to analyze cross-device behaviors and present relevant advertising using de-identified data to understand broader usage patterns.

Managing Cookies and Your Preferences

You can manage, clear, reject or disable Cookies through your browser or mobile device settings. However, note that some features of the Services may not function properly if Cookies are disabled. 

For more information about how to manage Cookies or delete them from your device, visit the "help" or "options" section of your browser's menu or read more here.

To opt-out of tracking cookies or web beacons refer to our “Do Not Sell or Share My Personal Information” link in the footer on our Site. 

Do Not Track

Some internet browsers offer an option to send “Do Not Track” signals. However, because there is currently no industry-wide standard for these signals, Sussex does not process or respond to “Do Not Track” requests at this time. If you would like to learn more about DNT, you can find additional information here.

Interest-Based Advertising

Sussex, along with our third-party advertising partners, may show advertisements that are tailored to your interests based on your activity on our website or other websites you visit. This type of personalized advertising is called Interest-Based Advertising. We collect and analyze information such as your browsing habits, the pages you visit, your public IP address, device identifiers, and demographic information (from GA4 consenting users) to understand your interests and preferences.

Third-party ad networks may use Cookies, Web Beacons, and similar technologies to collect information about your online behavior and serve targeted ads to you. These ads may appear on other websites you visit after using our Services. While we strive to provide relevant advertisements, you can opt out of interest-based advertising by visiting the opt-out pages of relevant ad networks,managing your preferences through your browser settings, or refer to our “Do Not Sell or Share My Personal Information” link in the footer on our Site.

When you opt out of interest-based ads, you may still see advertisements on our site, but they will not be personalized based on your browsing activity.

Marketing Lists and Third-Party Suppliers

We occasionally obtain lists of individuals who may be interested in our products and services from third-party suppliers. to send marketing materials by email. While we strive to obtain these lists from compliant suppliers, we are not responsible for their privacy practices..

Please note that even if you have opted out of receiving our promotional communications, you may still receive marketing materials if your details come from a third-party list. To stop receiving such promotions, contact us via our Feedback Page to be removed from the list.

_____________________________________________________________________________

6. Data Security

At Sussex, we are committed to safeguarding your personal data and take the security of your data seriously. We have implemented a variety of physical, technical, organizational, and administrative measures to protect your data from unauthorized access, use, or disclosure. These measures are based on the type of personal data we collect and how we process that data. For example, we use Secure Sockets Layer (SSL) technology to encrypt personal data during transmission.

We store and process your information on servers located in the European Union and, where applicable, elsewhere, and we maintain industry-standard backup and archival systems. 

The security of your data also depends on you. If you are a Professional Member using our Services, we encourage you to protect your account by choosing a strong password, keeping your login credentials confidential, and signing off after using our services. If you use a work or school email to communicate, please be aware that your employer or institution may have legal access to your communications. Additionally, be cautious when sharing information in public areas of the website, as any content posted publicly can be accessed by others.

While we strive to protect your data and provide a secure operating environment, no method of transmission over the internet or electronic storage is entirely secure. As a result, we cannot guarantee absolute security, and you acknowledge that any transmission of personal data is done at your own risk. Except as required by law, we are not responsible for unauthorized access, loss, theft, or disclosure of your personal data. Please be mindful of these risks when sharing information on the internet.

Data Breach Notification

In the event of a data breach involving your personal data, we will take appropriate steps to notify you as required by applicable laws. This may include notifications via email or prominent notices on our website, depending on the nature of the breach and regulatory requirements. We are committed to prompt and transparent communication in these situations to ensure that you can take necessary precautions to protect your information.

_____________________________________________________________________________

7. Data Retention

We retain your personal data for as long as it is necessary to provide our services and for the business purposes for which the data was collected. When determining the retention period for different types of data, we consider factors such as the source of the data, our need for it, the purpose for which it was collected, and its sensitivity. In some instances, we may retain personal data for extended periods if required to comply with legal obligations, resolve disputes, collect outstanding fees, continue providing our Services, or if otherwise permitted by applicable laws and regulations. Additionally, we may keep information in an anonymous or aggregated form that does not identify you personally.

For example:

• Account Information: We retain your account details and login credentials for as long as your account remains active.
• Device and IP Data: We retain information related to your device and IP address for the duration necessary to ensure the proper functionality and security of our systems.
• Health Information: Any health-related data, including sensitive information such as that found in emails with Professional Members occurring through our Services, is encrypted at rest and while in transmission and stored in accordance with applicable laws and regulations, such as HIPAA, and as required by agreements with healthcare providers or Professional Members.

We aim to handle all personal data responsibly and securely, with careful consideration of privacy and legal requirements.

_____________________________________________________________________________

8. HIPAA Compliance and PHI

Certain information that Sussex collects as part of providing its Services may qualify as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

Specifically, when (i) Sussex is providing administrative, operational, or other services to a healthcare professional who is a “Covered Entity” under HIPAA; and (ii) in order to provide those services, Sussex receives identifiable information about a user on behalf of the Covered Entity, thereby acting as a “Business Associate” under HIPAA; and (iii) that information includes sensitive health information about the user, then that information may qualify as PHI and will be handled in compliance with HIPAA regulations.

On the occasions that Sussex may store or handle PHI for Professional Members or entities that are Covered Entities, our compliance obligations are outlined in the Business Associate Agreement, which is incorporated by reference in this policy.

This Privacy Policy does not apply to PHI, which is instead governed by HIPAA. HIPAA establishes specific protections for the privacy and security of PHI and outlines how PHI can be used or disclosed. To learn more about how your PHI is handled, please refer to the Notice of Privacy Practices provided by your professional.

In instances where Sussex collects health-related data that does not fall under HIPAA protections, we handle such information in accordance with applicable privacy laws, including relevant state health privacy regulations such as the California Confidentiality of Medical Information Act (CMIA).This means we take steps to secure and limit access to health information and disclose it only as allowed by law.

Sussex does not market, sell or provide healthcare services whether digitally or otherwise and is not a Covered Entity under HIPAA. Sussex is not in the business of healthcare. Sussex is a publisher and a media company. Personal data collected when we are not acting as a Business Associate is not classified as PHI and is governed by this Privacy Policy. 

_____________________________________________________________________________

9. Children’s Privacy

The Services provided by Sussex are not intended for or directed to children under the age of 13. If you are under the age of 13, please do not use the Services, or submit any personal data. By accessing, using, or submitting information to or through the Services, you confirm that you are over the age of 13. In accordance with our Terms of Use, we do not knowingly collect personal data from children under the age of 13. If we become aware that we have inadvertently received such information without verified parental consent, we will use that information only to notify the child (or their parent or legal guardian) that they are not permitted to use the Services and promptly delete the information. If you believe that a child under 13 may have provided us with personal data, please contact us at support@psychologytoday.com.

Users between 13 years of age and the age of legal majority in their jurisdiction may only use the Services with parental or guardian consent or supervision. If you are a parent or legal guardian and are using the Services on behalf of your minor child, any information you provide will be treated as personal data in accordance with this Privacy Policy.

If you are using the Services on behalf of another person, regardless of their age, you agree that Sussex may communicate with you regarding the Services or any legally required notices. You also agree to relay any such communication to the person for whom you are using the Services.

_____________________________________________________________________________

10. California Privacy Rights

The California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents specific rights regarding their personal data. If you are a California resident, this section explains your CCPA rights and how you can exercise them. For more information or questions about this section, please contact us at support@psychologytoday.com with the subject line “California Rights.”

Access to Data

As a California resident, you have the right to request details about our collection and use of your personal data. This includes:

• The categories of personal data we have collected about you.
• The sources from which we collected the personal data.
• The business or commercial purposes for which we collected or shared your personal data.
• The categories of third parties with whom we have shared your personal data.
• Specific pieces of personal data we have collected about you.

If we have shared your personal data for a business purpose, we will disclose the categories of personal data shared with each third-party recipient. If we have shared your personal data within the past 12 months, we will provide information on the categories of personal data involved and the third parties that received it.

Deletion of Data

You also have the right to request that we delete the personal data we have collected from you. The CCPA includes certain exceptions to this right, such as when we need to retain your personal data to provide our services or to complete a transaction you have requested. If your deletion request falls under an exception, we may decline the request.

Correction of Inaccurate Data

If you believe that any personal data we have collected about you is inaccurate, you can request that we correct this data. However, we may refuse your request if we reasonably determine, based on all information available, that the data in question is accurate.

Opt-Out of Processing of Sensitive Personal Information

California residents have the right to request that we limit the processing of Sensitive Personal Information (“SPI”). We may collect some types of SPI, such as health-related information, for providing our services. If you wish to restrict how we use your SPI beyond the purposes allowed under the CCPA, you may exercise your Right to Limit. This right allows you to direct us to use SPI solely for delivering services you request and certain other limited purposes set out in the CCPA. Please refer to our “Do Not Sell or Share My Personal Information” link at the footer of each page on our Site. 

Opt-Out of Sharing Personal Information for Targeted Advertising

California residents have the right to opt out of the “sale” or “sharing” of their personal data, including sharing for targeted advertising purposes, as defined under the California Consumer Privacy Act (CCPA). Although we do not “sell” personal data for direct monetary gain, some data sharing for cross-context behavioral advertising may be considered a “sale” under CCPA.

We have shared the following categories of data for purposes of cross-contextual behavioral advertising: 

• Web analytics and browsing data: i.e., user interactions, pages visited, time spent on pages, and referral sources.
• Network activity information: i.e., data like device and browser details, network information, and click patterns.
• Public IP address: i.e., which can determine your general location and optimize content delivery.

We have implemented cookies from third parties on our site. These cookies allow third parties to track your activity on our website and other websites to serve you personalized ads. 

To exercise your right to opt out, you may access the “Do Not Sell or Share My Personal Information” link at the footer of each page on our Site. Additionally, you can email us at support@psychologytoday.com with “Opt-Out Request” in the subject line. We will honor your opt-out request and will not ask you to reauthorize the sharing of your personal data for at least 12 months. To the best of our knowledge, we do not share the personal data of minors under the age of 13 without consent.

No Discrimination for Exercising CCPA Rights

We will not discriminate against you if you exercise any of your rights under the CCPA. This means we will not:

• Deny you Services.
• Charge different prices or rates for services.
• Provide a different level of service quality.

Additional Rights for California Residents

Under California Civil Code Sections 1798.83-1798.84, residents of California may request to opt out of sharing their personal data with third parties for direct marketing purposes. Although Sussex does not share personal data for direct marketing, you can submit a request by emailing us at support@psychologytoday.com.

_____________________________________________________________________________

11. Other U.S. State Rights and Disclosures

If you are a resident of Virginia, Colorado, Connecticut, Utah, Washington State (specifically regarding consumer health information), or another state with a comprehensive consumer privacy law, you may be entitled to certain rights concerning your personal data. For details on how to exercise these rights, please refer to the “Exercising Your Rights” section below. 

Additionally, please be aware that these rights are subject to specific legal conditions and exceptions, which may require or allow us to decline your request under applicable law.

If you have any questions regarding this section or whether these rights apply to you, feel free to reach out to us at support@psychologytoday.com with “State Rights” in the subject line.

Access

You may have the right to request confirmation of whether we are processing your personal data and to access that information.

Correction

You may have the right to request corrections to inaccuracies in your personal data, taking into account the nature of the data and the purposes for which it is processed.

Portability

You may have the right to request a copy of your personal data in a machine-readable format, where technically feasible.

Deletion

You may have the right to request the deletion of your personal data, subject to certain exceptions under applicable laws.

Opt-Out of Certain Processing Activities

• You may have the right to opt-out of the processing of your personal data for targeted advertising purposes. To opt-out of targeted advertising, please refer to the “Exercising Your Rights” section for instructions. Or please access the “Do Not Sell or Share My Personal Information” link at the footer of each page on our Site.
• You may also have the right to opt-out of the sale of your personal data. While we do not currently sell personal data for monetary gain, certain types of data sharing may qualify as a sale under applicable state laws. To opt out, please access the “Do Not Sell or Share My Personal Information” link at the footer of each page on our Site
• You may have the right to opt-out of profiling based on your personal data, where such profiling results in decisions that have legal or similarly significant effects on you.

Appealing a Denial

If we deny your request or take no action within the time required under applicable law, you may have the right to appeal our decision. To submit an appeal, please provide the necessary information to verify your identity and reference your original request. Additionally, include a detailed explanation of why you are appealing the decision.

Your appeal will be handled in accordance with the rights provided under the relevant state law that applies to your situation. We will respond to your appeal within 45 days of receiving your request. If we deny your appeal, you may have the right to escalate the issue to the appropriate regulatory body in your state.

To submit an appeal, you may:

• Email us at: support@psychologytoday.com with “Consumer Appeal” in the subject line.

_____________________________________________________________________________

12. Exercising Your Rights

To exercise your rights under the California Consumer Privacy Act (CCPA) or other applicable state privacy laws, you must submit a request that:

1. Provides sufficient information for us to verify your identity as the individual whose personal data we have collected, and
2. Describes your request in sufficient detail for us to accurately understand, evaluate, and respond to it.

Once both of these conditions are met, we will consider the request a "Valid Request." The personal data provided within a Valid Request will only be used to verify your identity and fulfill your request..

We will respond to your Valid Request within the timeframe required by applicable law. In most cases, we will not charge a fee for handling your request, unless the request is excessive, repetitive, or unfounded. If we determine that a fee is necessary, we will inform you of the charge and explain the reasoning before completing your request.

You may submit a Valid Request to access (including a portable copy), delete, or correct your personal data through the following methods:

• Email us at: support@psychologytoday.com with “Access/Delete/Correct Data Request” in the subject line.

You may also opt-out from the processing of sensitive personal data or from any data "selling," "sharing," or targeted advertising by using the following methods:

• Email us at: support@psychologytoday.com with “Opt out Request” in the subject line.
• Follow the instructions to opt out in the “Do Not Sell or Share My Personal Information” link in the footer on our Site

_____________________________________________________________________________

13. GDPR and EU Privacy Rights

If you are a resident of the European Union (EU) or are accessing our services from within the European Economic Area (EEA), your personal data is subject to the General Data Protection Regulation (GDPR). Under GDPR, you are entitled to specific rights regarding how your data is collected, processed, and used. These rights include the following:

Rights Under GDPR:

• Right to Access: You have the right to request access to the personal data we hold about you. Upon request, we will provide you with a copy of your data in a commonly used format.
• Right to Rectification: If you believe that any of the data we hold about you is incorrect or incomplete, you can request corrections or updates to your personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data, provided that there is no legal requirement for us to retain it.
• Right to Restrict Processing: You can request that we limit the processing of your data in certain circumstances, such as while we are verifying the accuracy of your data or handling objections to processing.
• Right to Object: You may object to the processing of your personal data for marketing or legitimate interest purposes. If you object, we will cease processing your data unless we have compelling legitimate grounds to continue.
• Right to Data Portability: You have the right to request that your personal data be transferred to another data controller in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where you have provided consent for the processing of your personal data, you may withdraw that consent at any time. This will not affect the legality of any processing carried out before your consent was withdrawn.

Legal Bases for Processing Your Data:

We collect and process your personal data only when we have a lawful basis to do so, which includes the following:

• Consent: We rely on your consent to process your data for specific purposes such as marketing or email communications.
• Contractual Obligations: We process your data to fulfill a contract with you, such as providing services you have requested.
• Legal Compliance: We process your data to comply with legal obligations, such as maintaining records for tax purposes.
• Legitimate Interests: We may process your data for our legitimate business interests, including improving our services, provided that these interests do not override your privacy rights.

International Data Transfers:

As our services are accessible from multiple countries, your personal data will be transferred to and processed both within the EU and outside it. We ensure that appropriate safeguards are in place when transferring data outside the EU/EEA , including Standard Contractual Clauses (SCCs) or other legally approved mechanisms to protect your data under GDPR.

Standard Contractual Clauses (SCCs)

For international data transfers, we comply with GDPR requirements by using Standard Contractual Clauses (SCCs) or other legally approved mechanisms to safeguard the privacy and security of your personal data. These safeguards help ensure that your data is protected to the same standard as in the European Union. If you have any questions regarding these measures, please contact us at the provided email address.

Data Protection Process:

We have implemented a data protection process to ensure our compliance with GDPR and other applicable data protection laws. If you have any questions or concerns about our GDPR compliance or wish to exercise any of your rights, please contact our data compliance team at  support@psychologytoday.com
 

Lodging a Complaint with a Data Protection Authority:

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in your country of residence or work, or where the alleged infringement occurred.

_____________________________________________________________________________

14. Australian Privacy Rights

If you are a resident of Australia, this section explains your privacy rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). These principles regulate how organizations like Sussex collect, store, use, and disclose your personal data.

Your Privacy Rights Under Australian Law:

• Right to Access: You have the right to request access to the personal data we hold about you. Upon request, we will provide access in accordance with the Privacy Act, subject to any exceptions allowed by law.
• Right to Correction: If you believe any of the personal data we hold is inaccurate, incomplete, or outdated, you have the right to request corrections or updates.
• Right to Anonymity or Pseudonymity: You have the option to interact with us anonymously or through a pseudonym, provided it is lawful and practicable. However, in some cases, we may not be able to offer services without your real identity.
• Right to Opt Out of Direct Marketing: You may request to opt out of receiving direct marketing communications from us. We will process your request promptly and cease sending such communications.
• Right to Complain: You have the right to lodge a complaint about any perceived breach of your privacy rights under the Privacy Act or the Australian Privacy Principles.

Collection, Use, and Disclosure of Data:

We collect your personal data for purposes directly related to providing our services, including:

• For Professional Members: Managing your profiles.
• For Professional Members: Processing payments and managing subscription services.
• Communicating with you via email, phone, or notifications.
• Improving our services through usage analytics and feedback.

Cross-border Disclosure of Data:

Your personal data may be disclosed to recipients located outside of Australia, such as our servers or third-party service providers based in the European Union. When disclosing your data to overseas recipients, we take reasonable steps to ensure your personal data is protected by the same privacy standards that apply under Australian law. However, you acknowledge that, in some cases, overseas recipients may not be subject to Australian privacy laws, and you consent to the transfer of your data on this basis.

Legal Basis for Processing Your Information:

We will collect, use, and disclose your personal data only when we have a lawful basis to do so, including:

• Consent: Where you have provided consent for us to process your personal data for a specific purpose (e.g., marketing communications).
• Contract: To fulfill a contract or provide services you have requested.
• Legal Obligations: Where we are required to process your personal data to comply with Australian laws or regulations.
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights.

Data Protection and Security Measures:

We implement reasonable security safeguards to protect your personal data from unauthorized access, misuse, or disclosure. These include encryption, firewalls, and secure storage practices. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute protection.

Making a Complaint:

If you believe that we have breached the Privacy Act 1988 (Cth) or the Australian Privacy Principles, you have the right to file a complaint. To do so, please contact us at:

Email: support@psychologytoday.com

We will acknowledge your complaint and respond promptly, investigating the issue and taking any necessary corrective actions. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) for further assistance.

_____________________________________________________________________________

15. Changes To This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, new features, legal requirements, or evolving privacy and security practices. Any significant changes to how we use or disclose your personal data will be communicated to you in advance through a notice on our website..

For minor updates or changes that do not significantly affect your privacy rights, we may make revisions without prior notice. The "Effective Date" at the top of this policy will indicate when the latest revisions were made, so you can easily track any changes. By continuing to use our services after the updated Privacy Policy takes effect, you acknowledge and agree to the terms outlined in the revised policy.

_____________________________________________________________________________

16. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us via email: support@psychologytoday.com 

_____________________________________________________________________________

Professional Members

Last Updated: 03 January 2025

The following sections apply only to Professional Members using our Site and Services. “Professional Members” referred to in this section are members who have profiles on the therapy directory as well as Contributing Bloggers who publish content on our site. If you are an individual user (a “User”), please refer to the User Personal Data section (above on this page) for information relevant to your personal data.

1. Information We Collect

The section below outlines the types of personal data we collect from Professional Members who use our platform, along with the sources of this data and the third parties with whom we may share it for business purposes.

Personal Identifiers: First and last name, email address, phone number, office address, mailing address

• Source: You
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Parties You Authorize, Access, or Authenticate

Professional Information: Professional licenses, education history, certifications, specialties

• Source: You, Third Parties such as State licensing authorities
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Licensing Bodies

Demographic Data: Gender identity, age, date of birth, ZIP code, race, spoken languages

• Source: You
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Ad Networks, Parties You Authorize, Access, or Authenticate

Online Identifiers: IP address, device ID, browser type, operating system

• Source: You, Third Parties
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Analytics Partners, Ad Networks

Internet Activity: Interactions with our website or platform, referring URL, engagement statistics

• Source: You, Third Parties
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Analytics Partners, Ad Networks

Geolocation Data: General location data derived from IP address

• Source: You, Third Parties
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Ad Networks, Analytics Partners

Payment Processor: We do not collect or store sensitive billing details. We use a secure third party provider.

• Source: You
• Third Parties With Whom We Share Data for Business Purposes: Service Provider, Stripe

Other Identifying Information: Personal data you voluntarily provide in communications (e.g., via email or phone calls)

• Source: You
• Third Parties With Whom We Share Data for Business Purposes: Service Providers

Sensitive Data: Gender identity, race, sexual orientation

• Source: You, Third Parties
• Third Parties With Whom We Share Data for Business Purposes: Service Providers, Ad Networks, Parties You Authorize, Access, or Authenticate

We collect this data to provide our services, maintain the accuracy of Professional Member listings, and support user engagement with Professional Members.

We may share your personal data with service providers and business partners to facilitate the use of our platform, support advertising efforts, and ensure compliance with professional regulations.

If you voluntarily provide additional personal data (e.g., via email, phone calls), that data may be retained and shared with relevant service providers to assist in delivering the services you request.

_____________________________________________________________________________

2. Sources of Personal Data

We collect personal data from a variety of sources, including:

From You

Directly from you

• When you register to be listed on our site including professional directories: We collect information to create your profile, such as your name, email address, professional qualifications, certifications, and your area of practice.
• When you contact us: When you send us an email, message, or reach out through other communication channels.
• When you respond to emails from clients: Your responses to client emails through our Site. Professional App or Message Center
• When you use our Services: We automatically collect personal data when you use our platform, including:
  • Through cookies: Information is collected to personalize and improve your experience.
  • When you use location-based features: If you download our mobile app or use location-enabled features, we may receive data about your location and device.

From Third Parties

• Service Providers: We use service providers to help analyze how users interact with our platform and assist with customer support, lead generation, and user profile creation.
• Analytics Partners: Our analytics partners help us understand website traffic and usage patterns to optimize and market our services.
• Public Records: We may use publicly available records to verify the credentials of Professional Members listed on our Services.
• Advertising Partners: We collect data from advertising partners about how you interact with our services, communications, or advertisements to improve our marketing efforts.

_____________________________________________________________________________

3. Business or Commercial Purposes for Collecting Data

We collect and use your personal data for the following purposes:

Providing, Customizing, and Enhancing Our Services

• Account Creation and Management: Managing your account or Professional Member profile on Psychology Today
• Billing and Invoicing: Generating invoices and billing statements for services provided through the platform.
• Delivering Services: Providing the services, information, and resources you request from us.
• Fulfilling Your Requests: Using your information to meet the purpose for which you provided it.
• Customer Support: Assisting you with questions, troubleshooting, or other support needs.
• Improvement and Research: Enhancing our services through testing, research, and product development, as well as conducting internal analytics to better understand user behavior.
• Personalization: Tailoring our platform, content, and communications to your preferences and interactions
• Security and Fraud Prevention: Protecting your data and preventing fraudulent activity, bugs, or security issues.

Marketing the Services

• Marketing Communications: Sending you emails, magazines and updates that we think will interest you, including information about professionals, resources, and services based on your preferences.

Communicating with You

• Responding to Your Inquiries: Answering your emails, messages, or any other communication you initiate with us.
• Reminders: Notifying you about upcoming sessions or other scheduled services such as email or phone contacts.
• Relevant Content: Sending you information that aligns with your preferences, such as relevant professional recommendations, articles, or features of the platform.

Legal Obligations and Requirements

• Protecting Rights: Safeguarding the rights, property, and safety of you, Sussex, or other parties.
• Enforcing Agreements: Upholding agreements with you and addressing claims related to third-party rights.
• Dispute Resolution: Resolving any disputes or issues that may arise from your use of the platform.

Verification of Professional Members

• Onboarding and Credential Verification: Ensuring that Professional Members listed on Sussex have the appropriate credentials to provide their services.

_____________________________________________________________________________

4. How We Disclose Your Data

In certain situations, we may disclose your personal data to the following categories of service providers and third parties for specific business purposes:

Service Providers

Payment Processors: Our payment processing partner (currently Stripe) securely handles your payment details for processing transactions. Please refer to their terms of service and privacy policy for more details on how they manage personal data.

Example of 3rd Party Vendors We May Use: Stripe

Identity Authentication: Our partner to authenticate your ID is Stripe. They securely handle your identity details, such as your driving license, for processing authentication. You are required to give your consent before using their service. Please refer to their terms of service and privacy policy for more details on how they manage personal data.

Example of 3rd Party Vendors We May Use: Stripe

Security and Fraud Prevention Consultants: Detecting and addressing security incidents, protecting against fraudulent, malicious, or illegal activities, and prosecuting individuals responsible for such activities.

Example of 3rd Party Vendors We May Use: reCAPTCHA, CloudFare

Hosting, Technology, and Communications Providers: Providing the necessary infrastructure for hosting, communication, and other technology-related services to support the platform’s functionality.

Example of 3rd Party Vendors We May Use: Amazon Web Services, CloudFare, Hubspot, MailChimp

Data Storage Providers: Safely storing your data in compliance with legal and security standards.

Example of 3rd Party Vendors We May Use: Amazon Redshift, Vimeo

Analytics Providers: Conducting data analysis to improve the user experience and optimize our services.

Example of 3rd Party Vendors We May Use: Google Analytics, DataDog, Tableau 

Staff Augmentation Personnel: Assisting with operational services, such as customer support, order fulfillment, billing, and data storage, to ensure seamless functionality.

Example of 3rd Party Vendors We May Use: Zendesk, Twilio 

Selected Recipients

Analytics Partners: Monitoring how users access and interact with the platform, such as tracking referrals and user engagement.

Example of 3rd Party Vendors We May Use: Google Analytics, DataDog

Parties You Authorize, Access, or Authenticate

Third-Party Business Partners You Access Through the Services: Sharing personal data if you choose to access third-party services or log in through a third-party platform. This helps facilitate the integration and usage of third-party tools through the Sussex platform.

Example of 3rd Party Vendors We May Use: Twilio

_____________________________________________________________________________

5. Controlling Your Data

For Professional Members using our Services, you have the ability to review and update your personal data by logging into your account and navigating to your profile page on our website. If you need to make changes, access, or delete any personal data you have shared with us, you can also contact us directly at support@psychologytoday.com. 

In most cases, deleting your personal data will also require the deletion of your user account.

There may be instances where we are unable to accommodate certain requests to modify or delete information, especially if such changes would violate legal requirements or result in inaccuracies.

If you remove any content or information that you have posted on the website, copies of that content may still be visible in cached or archived versions, or might have been saved by other users. The proper handling of any information shared on the platform, including user-generated content, is governed by our Terms of Use.