Privacy Policy

Privacy Policy

Last Updated: 09/03/2025

1. Introduction

Welcome to barbaracavallaro.com (hereinafter, the “Website”). This Privacy Policy describes how your personal information is collected, used, and shared when you visit or interact with the Website. By accessing or using the Website, you agree to the terms of this Privacy Policy.

2. Data Controller

In this policy, “we,” “us,” or “our” refers to the Data Controller (the owner and operator of the Website).

3. Types of Personal Data We Collect

  1. Data Provided Voluntarily by You
  • Contact Form Submissions: If you choose to contact us through any contact form on this Website, we collect your name (or the name you choose to provide), your email address, and any other personal data you voluntarily include in your message.
  • Comments on Blog Posts (if enabled): When you leave a comment on a blog post, we may collect your name, email address, comment text, and (optionally) your personal or business website URL.
  1. Browsing Data
  • Technical Information: The Website automatically collects certain data about your device and your visit, such as your IP address (possibly anonymized), browser type, operating system, referring URLs, and pages accessed.
  • Google Tag Manager and Google Analytics 4: We use these services to understand how visitors interact with our Website. These tools may collect your IP address (with IP anonymization, where applicable), geolocation data (approximate), and browsing behavior (e.g., which pages you view, how long you stay, etc.).
  1. Cookies
  • We use both technical cookies (necessary for the functioning of the Website) and third-party cookies (e.g., Google Analytics, social media integrations). For more details, please see Section 9: Cookie Policy.

4. Purpose and Legal Basis of Processing

We process personal data for the following purposes and under these legal bases:

  1. Responding to Requests
  • To respond to inquiries or messages sent via the contact form or email.
  • Legal Basis:
    • Consent (Art. 6.1(a) GDPR), when you choose to provide your information.
    • Performance of a Contract or Pre-contractual Measures (Art. 6.1(b) GDPR), when your request is related to services or information you expect to receive.
  1. Website Analytics and Performance
  • To analyze user behavior, improve Website content, and better understand how our audience interacts with our pages.
  • Legal Basis: Consent (Art. 6.1(a) GDPR) for non-essential cookies and analytics.
  1. Website Management (WordPress Platform)
  • WordPress may store technical cookies to manage user sessions, comments, and preferences, ensuring the normal functionality of the Website.
  • Legal Basis: Legitimate Interest (Art. 6.1(f) GDPR) to maintain a secure and functional website, and/or Contractual Necessity (Art. 6.1(b) GDPR) if you register or interact in ways requiring data processing.

5. How We Process Personal Data

We process your data using manual and electronic methods designed to protect its security and confidentiality. Appropriate security measures are in place to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

6. Data Retention

  • Contact Data: We retain data provided via the contact form for as long as necessary to respond to your inquiries and, if needed, to comply with legal obligations.
  • Analytical Data (Google Analytics 4): Retention periods are set in Google Analytics according to our chosen configuration (e.g., 14 or 26 months). Where possible, data is anonymized or aggregated.
  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely (unless you request deletion), allowing us to recognize and approve any follow-up comments automatically.

7. Data Sharing and Disclosure

We may share personal data with:

  1. Service Providers: Third parties who provide services on our behalf (e.g., hosting providers, Google for analytics and tag management, maintenance and technical support) and who need access to such data to perform their work.
  2. Legal Requirements: Competent authorities or other third parties when disclosure is required by law, regulation, or legal process.

We do not sell your personal data to third parties.

8. International Data Transfers

Some of our third-party service providers (such as Google) may store or process personal data outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your personal data in accordance with applicable data protection laws.

9. Cookie Policy

Cookies are small text files that are placed on your device to store data that can be recalled by a web server in the domain that placed the cookie.

  1. Types of Cookies Used:
  • Technical/Functional Cookies: Necessary for the normal operation of the Website (e.g., user session management, preference storage).
  • Analytics Cookies: Used to collect information in aggregate form regarding user behavior (e.g., Google Analytics 4).
  • Third-Party Cookies: Some content or features on our Website are provided by external providers (e.g., embedded videos, social media platforms, or other plugins).
  1. Managing Cookies:
  • Browser Settings: You can set or change your browser controls to block or delete cookies. If you choose to reject cookies, you may still use our Website, though some features may not function properly.
  • Google Analytics Opt-Out: You can prevent Google Analytics from using your data by installing the Google Analytics Opt-out Browser Add-on.

10. Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access: Request confirmation on whether we process your personal data and obtain a copy of the data.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure (Right to be Forgotten): Request deletion of your personal data in certain circumstances (e.g., when data is no longer necessary).
  • Restriction: Request the restriction of processing of your personal data in certain cases.
  • Objection: Object to the processing of your data, for reasons related to your particular situation, especially where we rely on legitimate interests.
  • Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and request its transmission to another controller, where technically feasible.
  • Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a Complaint: File a complaint with a supervisory authority (in the EU, typically your local Data Protection Authority) if you believe the processing of your personal data is unlawful.

To exercise any of your rights, or if you have questions about our data practices, please contact us at: info@barbaracavallaro.com.

11. External Links

Our Website may contain links to external sites. We are not responsible for the privacy practices or content of such sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children’s Privacy

Our Website is not directed to individuals under the age of 16 (or the age specified by local regulations). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data without parental or guardian consent, please contact us, and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically to stay informed about our data processing practices.

Contact Us

If you have any questions regarding this Privacy Policy or our data handling practices, please contact us at:
info@barbaracavallaro.com