Privacy Policy
Version: 1.0 | Effective Date: 26/03/2026 | Applies to: lostandfoundpsychotherapy.com
Jurisdiction: Republic of India | Governed by: DPDPA 2023, IT Act 2000, and applicable international law
This Privacy Policy governs the collection, use, storage, and protection of information gathered through your use of the Lost and Found Psychotherapy website. It applies to all visitors whether or not you are a registered client. Please read it carefully before using the website.
GOVERNING LEGISLATION — AMBULATORY REFERENCE
All references to legislation in this Policy include all amendments, re-enactments, replacements, subordinate rules, and notifications made thereunder, whether existing now or enacted in the future (General Clauses Act, 1897, Section 8). L&F shall not be required to reissue this Policy solely because a law changes.
Digital Personal Data Protection Act, 2023 (DPDPA) | Information Technology Act, 2000 | IT (Reasonable Security Practices) Rules, 2011 | Mental Healthcare Act, 2017 | Consumer Protection Act, 2019 | Bharatiya Nyaya Sanhita, 2023 | GDPR (EU) 2016/679 (for EU/EEA visitors) | UK GDPR & Data Protection Act 2018 | Australian Privacy Act 1988 | PIPEDA (Canada) | UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021 | Qatar Personal Data Privacy Protection Law No. 13 of 2016
1. WHO WE ARE AND HOW TO CONTACT US
This Privacy Policy is issued by Lost and Found Psychotherapy (“L&F”, “we”, “us”, “our”), a psychoanalytic psychotherapy practice registered and operating in New Delhi, India. L&F is the Data Fiduciary in respect of all personal data collected through this website under the Digital Personal Data Protection Act, 2023.
Practice Name
Lost and Found Psychotherapy
Registered Address
New Delhi, India
Website
Privacy / Data Queries / Contact
dialogues@lostandfoundpsychotherapy.com
Last Updated
26/03/2026
2. SCOPE - WHO AND WHAT THIS POLICY COVERS
To use our Services, you must:
- All Website Visitors: Every person who lands on, browses, or interacts with any page of the Website, whether or not they are registered or have booked a Service.
- Registered Users and Clients: Persons who create an account, complete a booking, or use the Client portal. Supervisees and
- Organisational Clients: Mental health professionals booking supervision, and organisational representatives accessing consultation services.
- Newsletter and Blog Subscribers: Persons who subscribe to L&F communications or engage with published content.
This Policy covers data collected through the Website only. It does not cover information shared in clinical sessions, which is governed by L&F’s Terms and Conditions and Informed Consent Form.
3. THE TWO LAYERS OF THE WEBSITE
IMPORTANT — PUBLIC AND RESTRICTED LAYERS
The Website operates on two distinct layers with different data implications:
PUBLIC LAYER – Blogs, articles, therapist profiles, service descriptions, educational content. No registration required. Limited data collected (technical/analytics only). Open to the world.
RESTRICTED LAYER – Booking portal, Client portal, session records, payment systems, account management. Registration required. Full data collection applies. Access is private and controlled.
The type and extent of data L&F collects about you depends entirely on which layer you interact with.
4. IMPORTANT - BLOG AND EDUCATIONAL CONTENT DISCLAIMER
BLOG AND EDUCATIONAL CONTENT IS NOT CLINICAL ADVICE
All blog posts, articles, educational materials, newsletter content, and any other informational content published on the public layer of this website (collectively ‘Educational Content’) are provided for general informational and educational purposes only.
Educational content does NOT constitute psychotherapy, psychoanalytic treatment, clinical advice, medical advice, diagnosis, or any form of professional mental health service. It is NOT a substitute for therapy, clinical consultation, or professional mental health support.
L&F makes no representation that Educational content is accurate, complete, current, or suitable for any particular person’s circumstances. You rely on educational content entirely at your own risk. L&F shall bear no liability for any action taken or not taken based on educational content published on this Website.
If you are experiencing mental health difficulties, please book a session with a qualified therapist or contact emergency services as appropriate.
5. WHAT DATA WE COLLECT AND HOW
5.1 Data Collected Automatically - All Visitors (Public Layer)
When any person visits the website, the following data is collected automatically by the website’s technical infrastructure, without any action required from you:
IP Address
Your Internet Protocol address is used to identify your approximate geographic location, detect suspicious access patterns, and maintain security logs. Not used to identify you personally. This collection is automatic and unavoidable as a function of how the internet operates.
Browser Information
Browser type and version, operating system, device type (desktop/mobile/tablet), screen resolution. Used for technical optimisation of the website only.
Pages Visited
Which pages of the website you visit, the order in which you visit them, time spent on each page, and the page you came from (referrer URL). Used for analytics and improving website content.
Time and Date Stamps
The date and time of your visit, duration of session on the website. Used for security and analytics.
Cookies and Trackers
See Section 8 for full cookie information. Cookies are placed on your device automatically unless you disable them in your browser settings.
Clickstream Data
A record of links you click on within the website. Used to understand how visitors navigate the site and improve user experience.
This Privacy Policy governs the collection, use, storage, and protection of information gathered through your use of the Lost and Found Psychotherapy website. It applies to all visitors whether or not you are a registered client. Please read it carefully before using the website.
5.2 Data You Provide — Registration and Booking (Restricted Layer)
When you create an account or book a service, you provide the following data directly to L&F:
Identity Data
Full legal name, date of birth, gender (if provided).
Contact Data
Email address, telephone number, home or work address.
Account Credentials
Username and password. Passwords are stored in encrypted form only.
Booking Data
Selected Therapist, preferred session times, session format (in-person or online), booking history.
Health and Clinical Data
Information you share about your mental health history, presenting concerns, and relevant personal circumstances. This is classified as Health Data (see Section 6 for full details and protections).
Financial Data
Transaction records, invoice references. Full payment card details are NOT collected or stored by L&F. Payments are processed directly by a third-party payment gateway unless agreed specifically between the client and L&F.
Communication Data
Emails, messages, contact form submissions, and any other communications you send to L&F through the Website.
Referral Information
If you were referred to L&F by another professional or person, and you choose to share this.
Accuracy of Data Provided. You are solely responsible for the accuracy, completeness, and currency of all data you provide to L&F. L&F shall not be liable for any loss, damage, or consequence arising from inaccurate, incomplete, or false information provided by you, whether at registration or at any time during your use of the Services.
5.3 Data Collected During Online Sessions
Where you attend a session online through L&F’s approved video platform, additional technical data may be collected by that platform including device audio and video access, connection quality, and IP address. This data is governed by the video platform’s own privacy policy. L&F does not store recordings of sessions. See Section 9 on Third-Party Platforms.
5.4 Data Collected From Blog Interactions and Newsletter Sign-Up
If you subscribe to L&F’s newsletter, comment on blog posts (if enabled), or engage with educational content, L&F will collect your email address (as required) and any name you provide. This data is used solely to send you the content you requested and is not used for any other purpose without your explicit consent.
5.5 Aggregated and Anonymised Data
L&F may use aggregated, anonymised data derived from website usage from which no individual can be identified. This is required for the purposes of improving the website, understanding usage patterns, and developing L&F’s services. This aggregated data is not personal data and is not subject to the restrictions in this policy. It may be retained indefinitely.
6. HEALTH AND CLINICAL DATA - SPECIAL CATEGORY PROTECTION
HEALTH DATA — HIGHEST PROTECTION CATEGORY
Any information relating to your mental or physical health is classified as Health Data. Under Indian law, this constitutes Sensitive Personal Data or Information (SPDI) as defined under Rule 3 of the IT (Reasonable Security Practices) Rules, 2011, and falls within the special categories of personal data under the Digital Personal Data Protection Act, 2023, attracting heightened legal obligations including mandatory explicit written consent before processing. For visitors from the EU/EEA and UK, this data constitutes as Special Category Data under Article 9 of the GDPR and UK GDPR respectively. L&F treats all Health Data in accordance with these obligations as the most stringently protected category of personal data.
The confidentiality of health and therapeutic records is a constitutionally protected fundamental right in India. L&F treats all Health Data with absolute seriousness.
L&F will NEVER sell, rent, share, or intentionally disclose your Health Data to any third party. This is an unconditional and non-negotiable commitment.
6.1 Lawful Basis.
L&F processes Health Data exclusively on the basis of your explicit written consent, given through the Informed Consent Form signed before therapy begins. You may withdraw this consent at any time, subject to L&F’s legal obligations to retain clinical records.
6.2 Who Can Access Health Data.
Access to Health Data is restricted strictly to: (a) your treating Therapist; and (b) their clinical supervisor, where required for professional oversight purposes. Supervisors are bound by the same confidentiality obligations as Therapists, and identifying details are anonymised wherever possible.
6.3 No Health Data in Analytics.
Health Data is never used for website analytics, marketing, or any purpose other than the direct provision of clinical Services to you.
6.4 HIPAA-Equivalent Standards.
L&F voluntarily adopts security and confidentiality standards equivalent to those required under the US Health Insurance Portability and Accountability Act (HIPAA) as a matter of clinical ethics and best practice. This voluntary adoption does not constitute an admission that HIPAA applies to L&F, nor does it create any enforceable obligation under HIPAA or US law.
6.5 How L&F Handles Health Data in Practice.
L&F collects Health Data only through secure, registered pathways and never through public website forms, contact pages, social media, or any unsecured channel. Health Data is stored in restricted systems accessible only to the treating Therapist and their clinical supervisor. It is used exclusively for the purpose of delivering the Service to which you have consented. It is shared only in the circumstances specified in L&F’s Terms and Conditions, and only to the minimum extent necessary. It is transmitted only through encrypted channels. It is retained for the periods specified in Section 11 of this Policy and thereafter securely and irreversibly destroyed. Every instance of disclosure outside L&F is documented with the reason recorded.
6.6 Client Responsibility for Data Shared.
You are solely responsible for any Health Data or personal information you choose to share with L&F. L&F strongly advises against sharing sensitive health information through any public or unsecured channel including social media, unencrypted email, or the public comment sections of this Website. Any data shared through unsecured channels is shared entirely at your own risk and L&F shall bear no liability for any resulting exposure or loss.
7. HOW WE USE YOUR DATA
Purpose
Data Used
Providing and managing the Services you have booked
Identity, Contact, Booking, Health Data
Processing payments and maintaining financial records
Financial Data, Identity Data
Communicating with you about appointments, fees, and updates
Contact Data, Communication Data
Maintaining and improving the Website and its content
Technical/Analytics Data (anonymised)
Security purpose such as for detecting and preventing fraud, unauthorised access, and cyber attacks
IP Address, Technical Data, Access Logs
Legal and regulatory compliance, including clinical record-keeping
All categories as required by law
Responding to complaints, disputes, or legal proceedings
All relevant categories
Sending newsletters and educational content (where subscribed)
Email Address, Name
Clinical supervision and quality assurance
Health Data (anonymised where possible)
Improving the Website using aggregated anonymised analytics
Anonymised, non-identifiable data only
L&F does not use your Personal Data for automated decision-making or profiling that produces legal or similarly significant effects.
8. USER WARRANTY AND PROHIBITED CONDUCT
By accessing or using this Website, you represent, warrant, and agree that:
- All information and data you provide to L&F through the website is accurate, complete, current, and genuinely yours to provide.
- You will not use the website or any data obtained from it to scrape, harvest, copy, reproduce, distribute, or commercially exploit any content, data, or information without L&F’s express prior written consent.
- You will not attempt to access any restricted area of the website without authorisation, circumvent any security measure, or interfere with the Website’s operation in any way.
- You will not use the website for any unlawful purpose, including but not limited to fraud, impersonation, or the transmission of malicious code.
- You will not share, sell, or transfer your account credentials to any third party.
- You accept sole responsibility for maintaining the security of your account credentials and for all activity carried out through your account.
Indemnification. You agree to indemnify, defend, and hold harmless L&F, its founder, Therapists, employees, and contractors from and against any and all claims, losses, liabilities, costs, and expenses (including legal fees) arising from: (a) your breach of this warranty; (b) inaccurate or false data provided by you; (c) your misuse of the website; (d) your violation of any applicable law in connection with your use of the website; or (e) any data breach or exposure caused by your own negligence, including use of an unsecured device or network.
Account Suspension and Termination. L&F reserves the right to suspend or permanently terminate your account and access to the website at any time and without notice if you breach any provision of this policy, L&F’s terms and conditions, or any applicable law. Suspension or termination does not affect any obligation you have already incurred, including payment for Sessions booked.
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 What Are Cookies
Cookies are small text files placed on your device by a website when you visit it. They allow the website to remember information about your visit such as your login status, preferences, and browsing behaviour. Some cookies are essential for the Website to function; others are used for analytics or user experience improvement.
9.2 Types of Cookies Used on This Website
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
|
Strictly Necessary |
Essential for the website to function such as for login sessions, booking portal access, security tokens, payment processing. The Website cannot function without these. |
No — these are essential |
|
Functional |
Remember your preferences and settings such as language, session format preferences, previously viewed content. |
Yes — via browser settings |
|
Analytics |
Track how visitors use the website, the pages visited, time spent, referral source. Data is aggregated and anonymised. Used to improve Website content and design. |
Yes — via browser settings |
|
Security |
Detect and prevent fraudulent access, bot activity, and suspicious behaviour patterns. Essential for protecting the restricted layer of the Website. |
No — essential for security |
|
Third-Party Embeds |
If L&F embeds third-party content (e.g. video, maps, social media links), those third parties may place their own cookies. L&F does not control these. |
Via those third parties’ settings |
9.3 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to: view cookies currently stored; delete individual or all cookies; block cookies from specific or all websites; and set preferences for future cookies.
Please note: disabling strictly necessary or security cookies will prevent you from accessing the restricted layer of the website, including the booking portal and client portal. Disabling analytics cookies will not affect your ability to use any part of the Website.
10. THIRD-PARTY PLATFORMS AND SERVICE PROVIDERS
To operate the Website and deliver Services, L&F uses third-party service providers. These providers may process your data as part of their service. L&F does not sell your data to any third party and does not permit any third party to use your data for their own marketing purposes.
Payment Gateway
Processes your payment transactions. Card details go directly to the payment gateway. L&F never sees or stores your full card number. The gateway operates under its own security standards.
Video Platform
Used for online Sessions. The platform processes your audio and video data during sessions. The platform’s own privacy policy applies to data it processes. L&F does not control the security practices of the video platform and shall not be liable for any breach occurring within the platform’s own infrastructure.
Cloud Storage
L&F uses reputable cloud storage providers for administrative and client records. These providers operate under their own terms of service, which may permit them to access stored data for purposes including scanning, legal compliance, and service operations.
Email Service Provider
Used to send appointment confirmations, billing notices, and (where subscribed) newsletters. Your email address is shared with this provider solely for this purpose.
Website Analytics
Anonymised analytics data (no personal identification) may be processed by a third-party analytics tool to help L&F understand Website usage patterns. No Health Data is involved.
Booking Software
The booking portal may be powered by a third-party scheduling tool. Booking data (name, contact, appointment time) is shared with this tool solely to manage your appointment.
All third-party processors are required to: process your data only on L&F’s instructions; maintain appropriate confidentiality; implement reasonable security measures; and not transfer your data to any further party without L&F’s consent. L&F enters into formal Data Processing Agreements (DPAs), if applicable, with all third-party processors in accordance with the Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025. L&F remains the Data Fiduciary for all Client data processed by third parties.
No Liability for Third-Party Processors. L&F shall not be liable for any breach, loss, misuse, or unauthorised access to your data that occurs within the infrastructure, systems, or operations of any third-party processor beyond L&F’s reasonable control. By using the website and services, you accept this risk as a condition of their use.
11. INTERNATIONAL DATA TRANSMISSION
NOTICE : INTERNATIONAL DATA TRANSMISSION
Where you access the Website or Services from outside India, or where L&F’s third-party service providers have servers located outside India, your Personal Data may be transmitted across international borders.
L&F makes no representation or warranty regarding the security of data during international transmission. By accessing the Website or booking Services online, you acknowledge and unconditionally accept ALL risks associated with international data transmission, including interception, unauthorised access, data loss, or exposure during transit.
L&F shall bear no liability whatsoever for any loss or damage arising from international data transmission, third-party platform infrastructure, or your choice to access Services from outside India.
International data transfers are conducted in compliance with the DPDPA, 2023, and any applicable transfer regulations issued by the Central Government of India from time to time.
12. DATA RETENTION
L&F retains different categories of data for different periods, reflecting legal obligations and the principle of data minimisation, collecting and retaining only what is necessary:
Full Clinical Records
As per EHR STANDARDS 2016 (MoHFW)] : For LIVING Clients retained for the Client’s lifetime (minimum 10 years from last Session). For DECEASED Clients, records may be made inactive 3 years after confirmed date of death.. This includes session notes, clinical correspondence, referral letters, and all Health Data.
Contact and Booking Records
1 year from date of last Session. This includes name, email, appointment history, account information.
Financial and Payment Records
7 years from date of transaction. This includes invoices, receipts, GST records. Mandatory under Indian tax law.
Website Analytics Data
Aggregated and anonymised data. No fixed deletion period as it contains no personal identifiers.
Cookie Data
Varies by cookie type – strictly necessary cookies expire at browser close; functional cookies expire after 12 months; analytics cookies per analytics provider settings.
Newsletter / Subscriber Data
Retained until you unsubscribe. Deleted within 30 days of unsubscription request.
Minor Client Records
As per EHR standards, For living minor Clients: Retained for the Client’s lifetime (minimum 10 years from last Session). For deceased minor Clients: Records may be made inactive 3 years after confirmed date of death.
Records Subject to Active Proceedings
Retained indefinitely until full and final resolution of any complaint, dispute, or legal proceedings. The retention clock freezes upon notice of any claim and resumes only upon final resolution.
Upon expiry of the applicable retention period, data is securely and irreversibly destroyed. You may request confirmation of destruction by contacting at dialogues@lostandfoundpsychotherapy.com. Prior to erasing personal data upon expiry of the applicable retention period, L&F will notify you at least 48 hours in advance by email to your registered address.
13. DATA SECURITY - L&F'S COMMITMENT AND LIMITATIONS
13.1 Core Commitment. L&F commits unconditionally that it will never intentionally disclose, leak, sell, transfer, or misuse any visitor’s or client’s personal data or health data. This is an absolute and non-negotiable commitment. Any member of L&F’s staff or any contractor who intentionally discloses data without authorisation will be subject to immediate termination and reported to law enforcement.
13.2 Reasonable Steps. L&F takes reasonable steps appropriate to an independent psychotherapy practice to protect data in its possession from loss, theft, and unauthorised access. However, L&F makes no representation that its systems are immune to third-party criminal attack or data breach by external actors. The internet is inherently insecure and no system can be made absolutely safe.
13.3 No Liability for Third-Party Breach. Where a data breach occurs as a result of third-party hacking, cyber attack, ransomware, a vulnerability in third-party infrastructure, interception during transmission, your own device or network being compromised, or any other act or omission of a party other than L&F, L&F shall bear no liability whatsoever for any resulting loss, damage, distress, or consequence. The risk of all such events is accepted by you as a condition of using the Website and Services.
13.4 Website Availability and Virus Disclaimer. L&F does not warrant that the website will be continuously available, uninterrupted, error-free, or free from viruses, malware, or other harmful components. You are responsible for implementing appropriate technical and security measures on your own device. L&F shall not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technically harmful material that infects your device, software, or data in connection with your use of this Website or any third-party website linked to it.
13.5 Breach Notification. In the event of a personal data breach, L&F will comply with all applicable notification and reporting obligations as required under the Digital Personal Data Protection Act, 2023, and any rules notified thereunder from time to time.
13.6 Legal Consequences for Data Misuse. Any person, whether a hacker, external attacker, rogue employee, or contractor who unlawfully accesses, steals, leaks, or misuses any data belonging to L&F or its Clients will be pursued to the fullest extent of Indian criminal and civil law, including under Sections 43, 66, 66B, 66C, 66E, and 72A of the IT Act, 2000, the BNS, 2023, and the DPDPA, 2023 (financial penalties up to Rs. 250 Crore).
14. YOUR RIGHTS AS A DATA PRINCIPAL
Under the Digital Personal Data Protection Act, 2023, you have the following rights in respect of your Personal Data held by L&F:
Right of Access
Obtain confirmation of whether your Personal Data is being processed and receive a summary of that data.
Right of Correction
Request correction of inaccurate or incomplete personal data.
Right of Erasure
Request deletion of your personal data. Note: Clinical and financial records must be retained for the mandatory periods in Section 12 regardless of this request.
Right to Grievance Redressal
Raise complaints with L&F directly. If unresolved, escalate to the Data Protection Board of India after 30 days of grace period.
Right of Nomination
Nominate a person to exercise your data rights in the event of your death or incapacity.
Right to Withdraw Consent
Withdraw consent to processing at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact: dialogues@lostandfoundpsychotherpay.com. L&F will respond within 30 days. Some requests may take longer where L&F needs to verify your identity before processing.
Limitation on Erasure. The exercise of these rights is subject to L&F’s overriding legal obligations to retain clinical records, financial records, and any records relating to active legal proceedings for the periods specified in Section 12. A request for erasure will be honoured to the maximum extent permitted by law. L&F cannot and will not delete records it is legally required to retain regardless of any request. This is not a discretionary decision, it is a legal obligation.
15. INTERNATIONAL VISITORS - GDPR AND LOCAL DATA PROTECTION LAW
Where you access the website from outside India, additional data protection laws may apply to your personal data:
- EU/EEA Visitors (GDPR): The General Data Protection Regulation (EU) 2016/679 applies. You have rights of access, rectification, erasure, restriction, portability, and to object to processing. A request for erasure will be honoured to the maximum extent permitted by law, but L&F cannot delete records it is legally required to retain. L&F processes your data on the lawful bases of explicit consent and contractual necessity. Where data is transferred from the EEA to India, L&F relies on your explicit consent as the transfer mechanism.
- UK Visitors (UK GDPR): The UK GDPR and Data Protection Act 2018 apply. The same rights as EEA visitors apply, subject to UK-specific provisions.
- Australian Visitors (Privacy Act 1988): The Australian privacy principles apply. L&F handles your personal information in accordance with those principles to the extent applicable.
- Canadian Visitors (PIPEDA): L&F collects, uses, and discloses your personal information only with consent and for identified purposes.
- UAE Visitors (UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021): The UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021 and its Executive Regulations apply to the processing of personal data of individuals located in the UAE. Health data constitutes sensitive personal data under UAE law and requires explicit consent before processing. L&F processes UAE visitors’ data on the lawful basis of explicit consent. Where data is transferred from the UAE to India, L&F relies on your explicit consent as the transfer mechanism. Visitors located within the Dubai International Financial Centre (DIFC) or Abu Dhabi Global Market (ADGM) are subject to those free zones’ separate data protection frameworks, which are broadly equivalent to GDPR standards; the same rights and protections described for EU/EEA visitors apply to such visitors. L&F’s acknowledgment of UAE data protection law does not constitute submission to the jurisdiction of any UAE court or regulator, nor an admission that L&F is established in the UAE.
- Qatar Visitors (Personal Data Privacy Protection Law No. 13 of 2016): Qatar’s Personal Data Privacy Protection Law No. 13 of 2016 applies to the processing of personal data of individuals located in Qatar. Health data is classified as sensitive personal data under Qatari law and requires explicit consent before processing. L&F processes Qatar visitors’ data on the lawful basis of explicit consent. Where data is transferred from Qatar to India, L&F relies on your explicit consent as the transfer mechanism. You have rights of access, correction, and deletion of your personal data subject to L&F’s legal retention obligations as specified in Section 12. L&F’s acknowledgment of Qatari data protection law does not constitute submission to the jurisdiction of any Qatari court or regulator, nor an admission that L&F is established in Qatar.
- Other Jurisdictions: L&F will endeavour to comply with applicable local data protection law to the extent practicable for an India-based practice. The DPDPA 2023 remains the primary governing framework.
Note: Acknowledging these laws does not constitute L&F’s submission to the jurisdiction of any foreign court or regulator, nor an admission that L&F is established in any jurisdiction outside India. The Client remains solely responsible for determining whether accessing L&F’s website and services is lawful in their jurisdiction.
16. CHILDREN AND MINORS
The Website is not directed at children under the age of 18. L&F does not knowingly collect personal data from minors through the public layer of the Website.
Where a minor (under 18) accesses services through L&F, a parent or legal guardian must register on their behalf, provide explicit consent, and take full responsibility for all data submitted. The parent or guardian assumes full and sole liability for any data provided on behalf of a minor. Minor client records are retained until the client turns 25 or for 3 years from the last Session, whichever is longer.
If you believe a minor has submitted personal data through the Website without appropriate parental consent, please contact dialogues@lostandfoundpsychotherapy.com.
17. LINKS TO THIRD-PARTY WEBSITES
The Website may contain links to third-party websites. This includes professional resources, emergency helplines, and informational references. These links are provided for your convenience only.
No Liability for Third-Party Sites. L&F is not responsible for and expressly disclaims all liability in respect of the content, accuracy, privacy practices, security, availability, or any other aspect of any third-party website. The fact that L&F provides a link to a third-party website does not constitute an endorsement, approval, or recommendation of that website or its content. Clicking a link to a third-party website means you are leaving L&F’s Website immediately and that site’s own terms and privacy policy govern your visit from that point onwards. L&F recommends reviewing the privacy policy of any third-party website you visit.
18. ELECTRONIC COMMUNICATIONS AND CONSENT
18.1 Communications L&F Sends. By registering an account or booking a Service, you consent to receive electronic communications from L&F to your registered email address and telephone number, including: appointment reminders and confirmations; billing and payment notices; updates to this Privacy policy or the Terms and Conditions; clinical correspondence from your Therapist; and newsletter content (if subscribed). Where WhatsApp or similar messaging applications are used for appointment reminders, Clients are advised not to share clinical, health, or sensitive personal information through these channels. All sensitive clinical communication should be made through secure portals or by telephone.
18.2 Legal Effect. All notices sent by L&F to your registered email address are deemed received on the day of transmission under the Information Technology Act, 2000.
18.3 Opting Out of Non-Essential Communications. You may opt out of non-essential marketing and newsletter communications at any time by contacting dialogues@lostandfoundpsychotherapy.com or using the unsubscribe link in any email. You cannot opt out of essential service communications (appointment reminders, billing notices, policy updates) without discontinuing the Services entirely.
18.4 Accuracy of Contact Details. You are solely responsible for keeping your contact details current and accurate. L&F is not liable for any missed communication, missed appointment, or any consequence resulting from outdated or inaccurate contact details you have provided.
19. SOCIAL MEDIA AND EXTERNAL PLATFORMS
L&F may maintain a presence on social media platforms (Instagram, LinkedIn, or similar). If you interact with L&F’s content on those platforms, your data is governed by those platforms’ own privacy policies. L&F does not control the data practices of any social media platform and shall not be liable for any data collection or use by those platforms.
Do Not Share Health Information on Social Media. Do not share sensitive personal or health information in comments, direct messages, or public posts on any social media platform. These channels are not secure and are not appropriate for confidential clinical communication. Any information shared on social media is entirely at your own risk and L&F bears no responsibility for it. Clients are specifically advised not to share, post, describe, or discuss any content from their therapy sessions on any social media platform. Such sharing may breach the confidentiality of the therapeutic relationship, constitute a breach of the Clinical Services Agreement, and may have adverse legal and clinical consequences.
L&F’s Website may include social media sharing buttons or embeds. These may allow the social media platform to collect data about your visit even if you do not click on them. L&F does not control this data collection.
20. COMPLAINTS AND GRIEVANCE REDRESSAL
20.1 Internal Complaints – First Step. If you have any concern about how L&F handles your Personal Data, please contact us in the first instance at dialogues@lostandfoundpsychotherapy.com. L&F will acknowledge your complaint within 7 Business Days and aim to provide a substantive response within 30 Business Days. You are expected to use this internal process before escalating to any regulator or court.
20.2 Data Protection Board of India. If your complaint is not resolved to your satisfaction by L&F within 30 days, you have the right to escalate it to the Data Protection Board of India, established under the Digital Personal Data Protection Act, 2023. Designated Grievance Officer: Anmol Bhatnagar, dialogues@lostandfoundpsychotherapy.com. All data-related complaints should be addressed to the Designated Grievance Officer in the first instance. Grievances will be acknowledged within 7 Business Days and resolved within 30 Business Days.
20.3 International Complaints. Visitors from the EU/EEA may also lodge complaints with their local supervisory authority under the GDPR. UK visitors may contact the Information Commissioner’s Office (ICO). Australian visitors may contact the Office of the Australian Information Commissioner (OAIC). L&F’s acknowledgment of these international complaint rights does not constitute submission to the jurisdiction of any foreign regulator or court.
20.4 Complaints Do Not Suspend Obligations. The submission of a complaint or grievance does not suspend, vary, or otherwise affect any of the client’s obligations under L&F’s Terms and Conditions, including the obligation to pay for Services booked and the obligation to resolve disputes through binding arbitration as set out therein. A complaint is not a mechanism to avoid payment or to suspend any contractual obligation.
21. CHANGES TO THIS PRIVACY POLICY
L&F may update this Privacy Policy at any time. The revised Policy will be posted on this page with an updated effective date. L&F may, at its sole discretion, notify registered Clients of material changes by email, but is not obligated to do so. L&F will provide registered Clients with not less than 14 days’ prior written notice of any material change to this Privacy Policy by email to their registered address. Minor or editorial changes may be made without such notice.
Your continued use of the Website after any changes are posted constitutes your acceptance of the revised Policy. L&F recommends reviewing this page periodically. All legislative references in this policy automatically update to reflect amendments, re-enactments, and new regulations without requiring a reissue of this Policy.
22. GOVERNING LAW AND JURISDICTION
This privacy policy is governed by and construed exclusively in accordance with the laws of the Republic of India. Any dispute arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Gurugram, Haryana, India, and shall be resolved through binding arbitration in accordance with the arbitration provisions set out in L&F’s Terms and Conditions.
Any judgment obtained against L&F in a foreign court in connection with this policy shall not be enforceable against L&F or its assets in India without fresh proceedings before the courts of Gurugram, Haryana, India. L&F shall not be required to participate in, respond to, or bear the costs of any legal proceedings initiated against it in any court or tribunal outside India.
23. CONTACT US
Practice Name
Lost and Found Psychotherapy
Registered Address
Gurugram, Haryana, India
Website
Privacy / Data / Complaints / General Contact
dialogues@lostandfoundpsychotherapy.com
ACCEPTANCE
BY ACCESSING OR USING THIS WEBSITE, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY IN ITS ENTIRETY, THAT YOU CONSENT TO THE COLLECTION AND USE OF YOUR DATA AS DESCRIBED HEREIN, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE, PLEASE IMMEDIATELY CEASE ALL ACCESS TO AND USE OF THIS WEBSITE.
© Lost and Found Psychotherapy, Gurgugram, Haryana, India. All rights reserved. Version 1.0
This Privacy Policy does not constitute legal advice. L&F recommends review by a qualified Indian advocate before final publication.