Privacy policy


Last updated: April 17, 2026

1. Controller

The controller responsible for data processing on this website is:

Laura Brunazzo
Eschersheimer Landstraße 42
60322 Frankfurt am Main
GERMANY

E-Mail: hello@laurabrunazzo.com

2. General Information

We take the protection of your personal data seriously. Your data is processed in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

Personal data is any information that can identify you directly or indirectly.

3. Data Collection on This Website

3.1 Server Log Files

When you visit this website, data is automatically collected by our hosting provider (Squarespace Ireland Limited) to ensure proper operation.

This includes: IP address, browser type and version, operating system, referrer URL, date and time of access

Purpose: technical functionality and security
Legal basis: Art. 6(1)(f) GDPR

3.2 Cookies & Tracking Technologies

This website uses cookies and similar technologies.

Essential cookies → required for website functionality
Non-essential cookies → analytics and marketing (only with consent)

You can manage your preferences via the cookie banner.

Legal basis: essential cookies → Art. 6(1)(f) GDPR, analytics/marketing → Art. 6(1)(a) GDPR (consent)

4. Contact & Communication

If you contact us via email or forms, we process:nameemailmessage content

Purpose: handling inquiries
Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract), Art. 6(1)(f) GDPR (legitimate interest)

5. Newsletter (MailerLite)

We use:

MailerLite Ltd.
88 Harcourt Street
Dublin 2, Ireland

Data processed: email address, name (if provided), interaction data (opens, clicks)

Purpose: sending newsletters and marketing communication
Legal basis: Art. 6(1)(a) GDPR (consent)

You can unsubscribe at any time.

6. Website Hosting (Squarespace)

Provider:

Squarespace Ireland Limited
Squarespace House, Ship Street Great
Dublin 8, Ireland

Squarespace processes data necessary to operate and secure the website.
Legal basis: Art. 6(1)(f) GDPR

7. Checkout & Payments

ThriveCart (Checkout)

We use ThriveCart to process purchases.

Personal data processed may include: name, email, billing details, purchase information
Legal basis: Art. 6(1)(b) GDPR


Payment Providers

Payments are processed via:

Stripe
Provider: Stripe Payments Europe Ltd.

PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg


Payment data is processed directly by these providers.

8. Community Platform (Heartbeat)

We use Heartbeat as a community platform.

If you join: profile data, interaction data and communication content may be processed.

Purpose: providing community access and interaction
Legal basis: Art. 6(1)(b) GDPR

9. Scheduling (Acuity Scheduling)

We use Acuity Scheduling (Squarespace Inc.).

Data processed: name, email, appointment details

Purpose: booking and managing appointments
Legal basis: Art. 6(1)(b) GDPR

10. Video Hosting (Vimeo)

We embed videos via Vimeo.

Provider: Vimeo Inc., USA

When you access pages with videos: IP address and usage data may be transmitted.
Legal basis: Art. 6(1)(a) GDPR (consent)

11. Analytics & Advertising

Meta Pixel (Facebook & Instagram)

Provider: Meta Platforms Ireland Ltd.

We use Meta Pixel to: measure ad performance and build custom audiences
Legal basis: Art. 6(1)(a) GDPR (consent)


Google Tracking Services

We use Google services (e.g., Google Analytics / Ads).

Provider: Google Ireland Ltd.

Data may include: IP address, usage behavior, device data
Legal basis: Art. 6(1)(a) GDPR (consent)

12. Data Sharing

We do not sell your personal data.

We only share your personal data with third parties where necessary:

  • to perform a contract (e.g. payment processing via Stripe or PayPal)

  • to provide our services (e.g. MailerLite, Squarespace, ThriveCart, Heartbeat)

  • where required by law

All service providers process data either:

  • on our behalf under a data processing agreement, or

  • as independent controllers where legally required

13. International Data Transfers

Some providers process data outside the EU (e.g., USA).

Transfers are based on: Standard Contractual Clauses (SCCs) or other GDPR-compliant safeguards

14. Retention Period

We store personal data only as long as necessary: inquiries → until resolved, newsletter → until unsubscribed, contracts → according to legal retention obligations

15. Your Rights

You have the right to: access your data (Art. 15 GDPR), correct data (Art. 16 GDPR), delete data (Art. 17 GDPR), restrict processing (Art. 18 GDPR), data portability (Art. 20 GDPR), object to processing (Art. 21 GDPR), withdraw consent at any time

Contact: hello@laurabrunazzo.com

You also have the right to lodge a complaint with a supervisory authority.

16. Right to Object

If your data is processed based on legitimate interest, you may object at any time.
If used for marketing → you can object at any time without justification.

17. No Automated Decision-Making

We do not use automated decision-making under Art. 22 GDPR.

18. Changes

We may update this Privacy Policy at any time.