top of page

Privacy Policy

 

Effective Date: [October 14, 2025]

This Privacy Policy explains how Ana Zore Grmek ("we," "us," or "our") collects, uses, and protects your personal information, including sensitive data, in compliance with the General Data Protection Regulation (GDPR). We are committed to protecting your privacy and the confidentiality of your personal data.

 

1. Data Controller

 

The data controller responsible for the processing of your personal data is:

Ana Zore Grmek, Piazza Santa Maria 16 Agliano, 55034 Minucciano, LU, thescapegoatmanifesto@gmail.com

2. Personal Data We Collect

 

We collect and process the following categories of personal data:

  • Identity and Contact Data: Your name, email address, and other contact information you provide when you contact us.

  • Sensitive Data: Information you share with us during online coaching sessions or via email. This is considered special category data and includes details about you and your highly sensitive information. We handle this data with the utmost care and confidentiality.

  • Payment and Billing Data: Your full name and personal address, which are required to issue invoices and comply with tax and legal obligations.

  • Newsletter Data: Your email address, if you choose to subscribe to our newsletter.

  • Usage and Technical Data: This is data collected automatically by our website, including your IP address, browser type, device information, and browsing activity on our site.

  • Advertising Data: Data collected for advertising purposes, such as unique identifiers from cookies, for which we obtain your consent.

 

3. Purpose and Legal Basis for Processing

 

We process your personal data for the following specific purposes and on the following lawful bases:

  • To provide online coaching services: We use your personal and sensitive data to deliver and manage the coaching services you have requested. The legal basis for this is contractual necessity to fulfill our agreement with you. For sensitive data, the basis is your explicit consent, which you will provide before a coaching session begins.

  • To process payments and comply with legal obligations: We collect your name and personal address to issue invoices and receipts. This processing is necessary for compliance with a legal obligation under Italian tax law, which requires us to keep accurate financial records and share them with the relevant authorities.

  • To communicate with you: We use your contact information to respond to your inquiries and schedule appointments. The legal basis for this is our legitimate interest in providing effective customer service.

  • To send you newsletters: If you subscribe, we will use your email address to send you our newsletter. The legal basis for this is your explicit consent. You can withdraw this consent at any time.

  • To operate and secure the website: We use technical data to ensure the website functions correctly and securely. The legal basis for this is our legitimate interest in maintaining a functional and secure online platform.

  • For advertising purposes: We use data to measure the effectiveness of our advertising campaigns and to target ads to potential clients. The legal basis for this is your explicit consent, which we obtain via a cookie banner.

 

4. Data Sharing and Third-Party Processors

 

We only share your personal data when it is necessary for the purposes outlined in this policy or when required by law. The third parties we share data with are our data processors:

  • Wix.com: Our website host and provider of the newsletter service.

  • Google (Gmail, Google Ads, Google Meet): We use Google's services for email communication, advertising, and as a backup platform for online coaching sessions. Google processes this data on our behalf, but for advertising purposes, Google also acts as a data controller.

  • itscomplicated.life: We use this platform for our primary online coaching sessions. This platform is specifically designed for coaching services and uses encryption to secure all video calls.

  • Fatture in Cloud: Your name, address, and payment information are processed by this Italian company for the purpose of issuing invoices and managing our business's financial records.

  • Italian Tax Authorities: We are legally required to provide financial and billing data to the Italian tax system to fulfill our tax obligations.

  • Social Media and External Links: Our website contains links to external sites (e.g., social media pages, Amazon.com). We do not share any personal data with these external platforms, and your use of their services is subject to their own privacy policies.

 

5. International Data Transfers

 

Your personal data may be transferred to and stored in countries outside of the European Union (EU) and European Economic Area (EEA), specifically to the United States, as some of our third-party processors (e.g., Google) are U.S.-based companies.

We ensure these transfers are protected by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs), which are legal instruments approved by the European Commission, to guarantee your data receives a level of protection equivalent to that under GDPR.

 

6. Data Retention

 

We retain your personal data only for as long as is necessary to provide our services and to fulfill any legal, accounting, or reporting requirements.

  • Coaching data: This sensitive data will be stored securely for a period of up to 10 years following your last session.

  • Payment and billing data: This data will be retained for 10 years, or as required by Italian tax law to comply with our legal obligations.

  • Newsletter email addresses: These will be stored until you unsubscribe.

 

7. Your Data Protection Rights

 

Under the GDPR, you have the right to:

  • Access your personal data.

  • Rectify any inaccurate data.

  • Erase your personal data ("right to be forgotten"). Note that we may be legally required to retain certain billing data even if you request its erasure.

  • Restrict the processing of your data.

  • Object to the processing of your data.

  • Request data portability.

  • Withdraw consent at any time.

To exercise any of these rights, please contact us at thescapegoatmanifesto@gmail.com.

8. Use of Cookies and Tracking Technologies

 

Our website uses cookies. You have the right to choose which cookies you accept.

  • Essential Cookies: These cookies are provided by our host, Wix, and are critical for the site to function correctly. They do not store any personally identifiable information and are always active.

  • Advertising Cookies: If you consent, we use Google Ads cookies to measure the effectiveness of our advertising campaigns. You can withdraw your consent for these cookies at any time via our cookie settings. For more information on how Google uses your data for advertising, please visit this link: [Link to Google's page on how it uses data from partner sites].

 

9. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date" at the top.

 

10. Contact Us

 

If you have any questions about this Privacy Policy or our data practices, please contact us at:

thescapegoatmanifesto@gmail.com

bottom of page