Privacy Policy

Last updated: 28 May 2026

This privacy policy explains how Joana Amram ("I", "me") collects, uses and protects personal information shared through this website (www.joana-amram.com). I take privacy seriously — especially because the work I do involves health-related information.

This policy is provided in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and Portuguese Law 58/2019, which implements GDPR in the national legal order.

1. Who I am

Joana Amram — independent naturopath, registered with ANP (Associação Portuguesa de Naturopatia) and APENB (Spain).

Practice name: Joana Amram

Website: www.joana-amram.com

Contact address: Rua Alexandre Herculano 19, Lisbon, Portugal

NIF (tax number): 249775999

Email: joana@ammarhealth.com

For all matters relating to your personal data and this policy, please contact me at the email above.

2. What personal information I collect, and why

I only collect information you actively give me, plus a limited amount of technical data needed to run the website. I do not buy data from third parties and I do not sell your information to anyone.

a) Gut Symptom Quiz

When you complete the quiz on this website, I collect:

  • First name and email address — to send you your quiz result and so I can follow up if you book a consultation.
  • Your quiz answers and the resulting pattern — to provide your personalised result.

Legal basis: your consent, given by submitting the quiz form.

Where it goes: quiz submissions are processed by Formspree (formspree.io), a form-processing service. Formspree forwards them to my email inbox and stores them on their servers. Formspree is a US-based company that complies with GDPR through standard contractual clauses.

How long I keep it: quiz responses are kept for up to 24 months unless you ask me to delete them sooner, or unless you become a client (in which case your information is kept under "client records" below).

b) Discovery calls and consultation bookings

When you book a free discovery call or a paid consultation via Calendly, you provide:

  • Your name, email address and timezone
  • Any notes or questions you choose to add when booking

Legal basis: performance of a service you have requested (Article 6(1)(b) GDPR).

Where it goes: Calendly (calendly.com) processes these bookings. Calendly is a US-based company that complies with GDPR through standard contractual clauses. Calendar invites are also stored in my Google Workspace account.

How long I keep it: discovery call bookings are kept for up to 12 months. If you become a client, your data moves into "client records" below.

c) Client records (only if you become a client)

If you book a paid consultation, I collect health-related and personal information necessary to provide naturopathic support: your medical and symptom history, current health concerns, lifestyle details, any test results or prior treatments you choose to share with me, and the contents of our consultations and follow-up communication.

Health information is a special category of personal data under Article 9 of the GDPR and is treated with additional care.

Legal basis: your explicit consent (Article 9(2)(a) GDPR), given in writing before our first consultation, and the performance of the service contract between us.

Where it stored: client records are kept securely in password-protected systems. They are never shared with third parties without your explicit consent, except where required by law.

How long I keep it: client records are kept for 5 years from the date of our last consultation, after which they are securely deleted. This retention period reflects standard practice for natural health practitioners and the practical need to support returning clients.

d) Contact form / general email enquiries

When you contact me via the website contact form or directly by email, I receive your name, email and the contents of your message.

Legal basis: your consent and/or my legitimate interest in responding to enquiries about my services.

How long I keep it: general enquiries are kept for up to 12 months unless the conversation continues.

e) Website analytics (Google Analytics 4)

This website uses Google Analytics 4 ("GA4") to understand how visitors use the site, which pages are most useful, and where visitors come from. GA4 sets cookies and collects technical information that may include:

  • A pseudonymised identifier
  • Pages visited, time spent, and actions taken on the site
  • Device, browser and approximate location (city level)
  • Your IP address (truncated/anonymised before storage)

GA4 data is processed by Google LLC, which may transfer data outside the European Union under the EU–US Data Privacy Framework and standard contractual clauses.

Legal basis: your consent, requested via the cookie banner when you first visit.

How long it is kept: I keep GA4 data for 14 months by default.

You can opt out of GA4 at any time by declining or updating cookies via the cookie banner, or by installing the Google Analytics Opt-out Browser Add-on.

f) Cookies and similar technologies

This site uses cookies in three categories:

  • Essential cookies — required for the site to function (e.g. remembering that you've seen the cookie banner). These don't require consent.
  • Analytics cookies — set by Google Analytics 4 (see above). Set only with your consent.
  • Squarespace technical cookies — set by Squarespace, the platform hosting this website, to deliver the site, prevent fraud and improve performance.

You can change your cookie preferences at any time. See the cookie banner or contact me at the email above.

3. What I do not do

For clarity:

  • I do not sell your personal information to anyone, ever.
  • I do not share your information with third parties for marketing purposes.
  • I do not run advertising tracking pixels on this website (no Meta/Facebook Pixel, no TikTok pixel, no LinkedIn Insight tag).
  • I do not use your personal data to train AI systems.
  • I do not transfer your client records outside the European Union.

4. Your rights under GDPR

You have the following rights regarding your personal data, and you can exercise them at any time by emailing me:

  • Right of access — you can ask me what personal data I hold about you and receive a copy.
  • Right to rectification — you can ask me to correct information that is inaccurate or incomplete.
  • Right to erasure ("right to be forgotten") — you can ask me to delete your data, subject to any legal obligations I have to retain it.
  • Right to restriction — you can ask me to stop processing your data in certain situations.
  • Right to data portability — you can ask for your data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interest.
  • Right to withdraw consent — you can withdraw any consent you've given at any time, including consent for the quiz, cookies, or future communications. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

I respond to requests within 30 days at the latest, usually much sooner.

You also have the right to lodge a complaint with the Portuguese data protection authority, the Comissão Nacional de Proteção de Dados (CNPD), if you believe your rights have not been respected:

CNPD — Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa

www.cnpd.pt

5. How I keep your data safe

I take reasonable technical and organisational measures to protect your data:

  • All systems holding personal data are password-protected, with strong unique passwords and two-factor authentication where available.
  • Client records are stored in encrypted form.
  • Email is accessed only from devices I control.
  • I work with reputable third-party processors (Squarespace, Formspree, Calendly, Google) who themselves are GDPR-compliant.
  • If a personal data breach occurs that may affect your rights, I will notify the CNPD within 72 hours and, where required, inform you directly.

6. Children

This website and the services offered through it are intended for adults (18+). I do not knowingly collect personal data from children. If you believe a child has submitted personal data through this site, please contact me and I will delete it.

7. Updates to this policy

I may update this policy from time to time as my practice evolves or as legal requirements change. The "Last updated" date at the top of the page will always reflect the most recent version. For significant changes affecting how I use your data, I will let you know directly if I have your email.

8. Important note on naturopathy and medical advice

This website is informational and educational. It does not provide medical advice, diagnosis or treatment. Naturopathy works alongside, not in place of, conventional medical care. Always work with your doctor or a registered medical practitioner for medical concerns.

This policy is written in plain language to make your rights and my practices easy to understand. If anything is unclear, please email me — I'd rather explain than have you guessing.