Privacy Policy

This Privacy Policy explains how personal data is collected, processed, and safeguarded when you interact with this personal blog and creative studio website. It is drafted in full compliance with the General Data Protection Regulation (GDPR / RGPD) of the European Union and the Dutch Algemene Verordening Gegevensbescherming (AVG). By continuing to use this website, you confirm that you have read, understood, and accepted the practices described herein.

1. Identity of the Data Controller The entity responsible for processing your personal data is Anna Smit, operating a personal blog and creative studio from Bernhardus Bumastraat 34, 8933 EL Leeuwarden, Netherlands. For any data-related inquiries, requests, or concerns, you may contact the data controller via email at hello@annasmit.blog or by telephone at +31 58 123 4567 during published studio hours. Should you believe your rights have been infringed, you retain the right to file a complaint with the Autoriteit Persoonsgegevens, the Dutch Data Protection Authority.

2. Categories of Personal Data Collected We adhere to the principle of data minimization. The only personal data we collect is what you voluntarily provide through the contact form on this website. This includes your full name, email address, telephone number, and any free-text information you choose to include in the message field. We do not process special categories of personal data as defined under Article 9 of the GDPR, including but not limited to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning a person's sex life or sexual orientation.

3. Legal Basis for Processing All processing activities are grounded in lawful bases specified under Article 6 of the GDPR. The primary basis is your explicit consent, which you grant by voluntarily completing the contact form and activating the GDPR consent checkbox. Where you request a paid service such as a Space Consultation, processing may additionally be necessary for the performance of a contract or pre-contractual steps taken at your request. We do not engage in processing based on legitimate interests where such interests would override your fundamental rights and freedoms.

4. Purposes of Processing Your personal data is used strictly for the following purposes: responding to your messages and inquiries, scheduling and confirming appointments for consultations or meetups, delivering the Thursday Inspiration newsletter to confirmed subscribers, managing the Creative Circle waitlist and attendance, and fulfilling legal obligations such as maintaining tax records in accordance with Dutch fiscal law. We do not use your data for automated decision-making, including profiling, that produces legal effects or similarly significant impacts on you.

5. Retention Periods We retain your personal data no longer than is necessary for the purposes for which it was collected. General inquiry data is kept for eighteen months from the date of the last interaction, after which it is permanently and seaddressly erased. Newsletter subscriber data is maintained until you withdraw your consent, following which deletion occurs within fourteen days. Financial and invoicing records arising from paid services are preserved for seven years as required by Dutch tax legislation, after which they are seaddressly destroyed.

6. Cookies and Similar Technologies This website employs only the most essential cookies required for core functionality. We do not deploy analytics cookies, advertising trackers, social media pixels, or any other surveillance technologies. The sole cookies that may be stored are strictly necessary session cookies that ensure the CSS-only mobile navigation menu operates correctly across page transitions. These cookies contain no personal identifiers and expire automatically upon closing your browser session.

7. Recipients and Data Sharing Your personal data is never sold, leased, licensed, or otherwise transferred to third parties for commercial gain. Access is restricted exclusively to the data controller. In the exceptional circumstance that a subcontractor is engaged (for instance, an email delivery service for newsletter distribution), such a provider is contractually bound by a data processing agreement mandating GDPR-compliant practices, end-to-end encryption, and a strict prohibition on independent use or secondary processing of the data.

8. International Transfers All data processing and storage occurs within the European Economic Area (EEA). We do not transfer your personal data to jurisdictions outside the EEA. Should this policy change in the future, any such transfer will be executed only under appropriate safeguards, such as Standard Contractual Clauses formally approved by the European Commission, ensuring an equivalent level of protection.

9. Rights of Data Subjects As a data subject under the GDPR, you are entitled to the following rights: the right to access your personal data and obtain a copy; the right to rectify inaccurate or incomplete data; the right to erasure (the "right to be forgotten") under applicable conditions; the right to restrict processing; the right to data portability in a structured, machine-readable format; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time without retroactively affecting the lawfulness of processing conducted prior to withdrawal. To exercise any of these rights, please submit a written request using the contact details provided above. We will respond within one calendar month, free of charge.

10. Security Measures We implement a comprehensive suite of technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include encrypted data transmission via HTTPS/TLS, strong password policies for administrative access, periodic security audits of the hosting infrastructure, and strict access controls ensuring that only the data controller can view submitted information.

11. Amendments to This Policy This Privacy Policy may be revised from time to time to reflect changes in legal obligations, technological developments, or our data handling practices. The effective date of the current version is displayed at the top of this page. We encourage visitors to review this policy periodically. Continued use of the website following any amendments constitutes acceptance of the updated terms.

12. Governing Law and Jurisdiction This Privacy Policy is governed by the laws of the Netherlands. Any dispute, controversy, or claim arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the competent courts of Leeuwarden, the Netherlands.