PRIVACY POLICY – MARCELA BONTURI

1. Legal Framework
This Privacy Policy complies with the European Union’s General Data Protection Regulation (GDPR), applicable since 25 May 2018, and with Ireland’s Data Protection Act 2018, which provides additional local enforcement. In Ireland, the competent supervisory authority is the Data Protection Commission (DPC).

2. Data Controller
By accepting this policy, you authorize Marcela Bonturi to process your personal data provided through our digital channels (newsletter forms, contact forms, accounts, etc.) or related to contracts and services, under the terms described herein — including collection, storage, processing, and communication.

3. General Principles of Processing
We comply with the fundamental principles of the GDPR, ensuring that:

  • Lawfulness, fairness, and transparency – processing is lawful and transparent.

  • Purpose limitation – data is collected for specific, explicit, and legitimate purposes.

  • Data minimization – only data that is adequate, relevant, and necessary is processed.

  • Accuracy – data is kept accurate and up to date.

  • Storage limitation – data is retained only for as long as necessary.

  • Integrity and confidentiality – adequate security protects against unauthorized access.

  • Accountability – we can demonstrate compliance with these principles.

4. Legal Basis for Processing
Depending on the context, your data may be processed on the basis of:

  • Explicit consent;

  • Fulfilment of contractual or legal obligations;

  • Legitimate interests, provided these do not override your rights and freedoms;

  • Performance of legal or official obligations.

5. Data Subject Rights
We fully respect your rights under the GDPR, including the right to:

  • Access and rectification of your data;

  • Erasure (“right to be forgotten”);

  • Restrict or object to processing in certain cases;

  • Data portability, in a structured and readable format;

  • Withdraw consent at any time, without affecting prior processing;

  • Lodge a complaint with Ireland’s Data Protection Commission (DPC).

6. Cookies and Similar Technologies
We use cookies to enhance your browsing experience — maintaining sessions, preferences, and more — always in line with transparency and consent requirements, and treating online identifiers as “personal data”.

7. Security and Technical Measures
We implement appropriate technical and organizational measures (such as encryption, pseudonymization, and access control) to protect your data, as required by the GDPR and Irish legislation.

8. Data Retention
Data will be retained only as long as necessary to achieve the purposes for which it was originally collected, or as long as your authorization is maintained. After this period, data will be deleted or anonymized.

9. Sharing and Transfers
We may share your data with partners or service providers for operational purposes, always under contractual confidentiality obligations. We do not sell or trade your data. If transfers to third countries occur, they will comply with the safeguards required by the GDPR.

10. Children’s Rights
If we collect data from minors for digital services, we comply with the legal digital age of consent (16 years in Ireland). For children under 16, parental or guardian consent is required.

11. Changes to This Policy
This policy may be updated whenever necessary. Any changes will be published on our website, allowing you to review them and, if you wish, discontinue use.

12. Contact and Supervision
For questions or requests regarding your data, please contact: [email protected].

You also have the right to file a complaint directly with Ireland’s Data Protection Commission (DPC).

Conclusion
This document is aligned with the requirements of the GDPR and the provisions of the Data Protection Act 2018 (Ireland), ensuring a transparent, secure, and legally compliant privacy policy.