Privacy Policy 

Your privacy matters. This Privacy Policy explains what personal data is collected when you use oanaserbana.com, why it is collected, how it is used, and what rights you have over your data. This policy complies with the General Data Protection Regulation (GDPR) and applicable Dutch privacy law. 

 

1. Who is Responsible for Your Data 

The data controller for this website is: 

 Oana Serbana 

Website: oanaserbana.com 

Location: The Netherlands 

Contact: via the contact form at oanaserbana.com 

 If you have any questions or requests regarding your personal data, please reach out through the contact form on the website. 

 

2. What Personal Data We Collect 

We collect personal data in the following ways: 

 

When you fill in the contact form or survey 

  • Your name 

  • Your email address 

  • Any information you voluntarily share in your message 

 

When you book a session 

  • Your name and email address 

  • Payment information (processed securely by our payment provider — we do not store your card details) 

  • Any information shared during the booking process 

 

When you visit the website 

  • Technical data such as your IP address, browser type, and pages visited, collected automatically by Squarespace's built-in analytics 

  • Cookie data (see Section 7) 

 

During sessions 

  • Notes related to your sessions may be kept for professional record-keeping purposes. These are stored securely and never shared with third parties. 

 

3. Why We Collect Your Data (Legal Basis) 

We only collect and process personal data when we have a lawful reason to do so under GDPR: 

 

  • Contractual necessity: to process bookings, confirm appointments, and deliver the services you have requested 

  • Legitimate interest: to respond to enquiries, improve the website, and understand how visitors use it 

  • Consent: to send you newsletters or marketing emails — only if you have explicitly opted in. You can withdraw this consent at any time. 

  • Legal obligation: where we are required by law to retain or disclose certain information 

 

4. How We Use Your Data 

Your personal data is used solely for the following purposes: 

  • Processing and confirming your bookings 

  • Communicating with you about your sessions or enquiries 

  • Sending you updates or newsletters, if you have consented 

  • Improving the website and understanding visitor behaviour through anonymised analytics 

  • Complying with legal obligations 

 

We will never sell, rent, or trade your personal data to third parties. 

 

5. How Long We Keep Your Data 

  • Booking and session records: retained for up to 5 years for professional and legal record-keeping purposes 

  • Email correspondence: retained for up to 2 years 

  • Newsletter subscribers: retained until you unsubscribe 

  • Website analytics data: retained in accordance with Squarespace's data retention policy 

 

After the relevant retention period, your data is securely deleted. 

 

6. Who We Share Your Data With 

We use a small number of trusted third-party services to operate this website and deliver our services. These providers only process your data on our behalf and are bound by their own GDPR-compliant privacy policies: 

 

  • Squarespace: website hosting, booking system, and analytics (squarespace.com

  • Zoom: online session delivery (zoom.us

  • Payment processor: used at checkout to process payments securely (details available at checkout) 

 

We do not share your data with any other third parties unless required by law. 

 

7. Cookies 

This website uses cookies — small text files stored on your device — to improve your browsing experience and collect basic analytics data. 

 

Types of cookies used: 

  • Essential cookies: necessary for the website to function correctly (e.g. session cookies) 

  • Analytics cookies: used by Squarespace to understand how visitors use the website. This data is anonymised and aggregated. 

 

You can disable or delete cookies through your browser settings at any time. Note that disabling essential cookies may affect how the website functions. 

 

8. Your Rights Under GDPR 

As a resident of the EU or anyone whose data we process, you have the following rights: 

 

  • Right of access: you can request a copy of the personal data we hold about you 

  • Right to rectification: you can ask us to correct any inaccurate or incomplete data 

  • Right to erasure: you can ask us to delete your personal data, subject to legal retention requirements 

  • Right to restrict processing: you can ask us to limit how we use your data 

  • Right to data portability: you can request your data in a structured, machine-readable format 

  • Right to object: you can object to processing based on legitimate interest, including direct marketing 

  • Right to withdraw consent: if processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing 

 

To exercise any of these rights, please contact us via the contact form on oanaserbana.com. We will respond within 30 days. 

 

If you believe your data has been handled incorrectly, you also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl

 

9. Data Security 

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Sessions are conducted via Zoom, which uses end-to-end encryption. Payment processing is handled by a PCI-compliant payment provider. 

 

While we do our best to protect your data, no method of transmission over the internet is 100% secure. If you have concerns about data security, please contact us. 

 

10. International Data Transfers 

Some of our third-party providers (such as Zoom and Squarespace) are based outside the European Economic Area (EEA). Where your data is transferred outside the EEA, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission. 

 

11. Children's Privacy 

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us so we can delete it promptly. 

 

12. Changes to This Privacy Policy 

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this website, with the date of the last update clearly indicated. We encourage you to review this page periodically. 

 

13. Contact 

For any questions, requests, or concerns about this Privacy Policy or how your data is handled, please contact us via the contact form at oanaserbana.com

 

This Privacy Policy is governed by the laws of the Netherlands and complies with GDPR.