Privacy Policy

Last Updated: April 23, 2025

1. Introduction and Scope

Leonie Smith ("we," "us," or "our") operates this personal blog and lifestyle coaching platform. This Privacy Policy describes how we collect, process, store, and protect your personal information when you visit our website, fill out contact forms, subscribe to updates, or engage with our services. We are fully committed to compliance with the General Data Protection Regulation (GDPR) of the European Union and the Dutch Data Protection Act (Wet bescherming persoonsgegevens).

By accessing our website and providing your personal data, you confirm that you have read, understood, and accepted the practices described in this document. If you do not agree with any part of this policy, please refrain from using our services or submitting your information.

2. Identity and Contact Details of the Data Controller

The entity responsible for determining the purposes and means of processing your personal data is:

For any questions, concerns, or requests regarding your personal data, you may contact us using the details above. We aim to respond to all inquiries within five business days.

3. Categories of Personal Data We Collect

We only collect personal data that is necessary, adequate, and relevant for the purposes outlined in this policy. The categories include:

3.1 Data You Provide Voluntarily

• Identity Data: Your full name, username, or any identifier you choose to share.
• Contact Data: Email address, telephone number, and postal address submitted through forms or direct correspondence.
• Communication Data: The content of messages, emails, and feedback you send to us, including timestamps and subject lines.
• Preference Data: Your stated interests, service preferences, and subscription choices.

3.2 Data Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on each page, click patterns, referral sources, and navigation flows within the website.
• Location Data: General geographic location derived from your IP address (country and city level only).

3.3 Data from Third Parties

We do not purchase, rent, or otherwise obtain personal data from external data brokers or marketing agencies. Any third-party data we hold originates from your direct interactions with our integrated service providers, such as email platforms or analytics tools.

4. Purposes and Legal Bases for Processing

We process your personal data only when there is a valid legal basis under the GDPR. The table below summarizes our purposes and corresponding legal grounds:

• Responding to Inquiries: To answer questions, provide information about services, and follow up on expressions of interest. Legal basis: Contractual necessity or legitimate interest.
• Service Delivery: To schedule sessions, deliver coaching programs, send materials, and manage client relationships. Legal basis: Performance of a contract.
• Website Improvement: To analyze traffic patterns, fix technical issues, and enhance user experience. Legal basis: Legitimate interest.
• Marketing Communications: To send newsletters, blog updates, and promotional offers. Legal basis: Explicit consent (withdrawable at any time).
• Legal Compliance: To fulfill tax, accounting, and regulatory obligations. Legal basis: Legal obligation.
• Fraud Prevention: To detect and prevent unauthorized access or abuse of our systems. Legal basis: Legitimate interest.

5. Cookies and Similar Technologies

Our website employs cookies and comparable tracking technologies to improve functionality, analyze usage, and deliver relevant content. A cookie is a small text file placed on your device that enables us to recognize your browser and capture certain information.

5.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to operate correctly. These cannot be disabled and do not require consent.
• Performance Cookies: Collect anonymous data about how visitors use the site, helping us identify errors and optimize page loading.
• Functionality Cookies: Remember your preferences (such as language or region) to provide a more personalized experience.

5.2 Managing Cookie Preferences

Upon your first visit, a cookie banner will inform you of our use of cookies and request your consent for non-essential categories. You may modify or withdraw your consent at any time through the cookie settings panel accessible from the footer of every page. Additionally, most web browsers allow you to block or delete cookies via their settings menus. Please note that disabling cookies may limit certain features of our website.

6. Data Sharing and Recipients

We do not sell, trade, or rent your personal data to any third party for commercial gain. We share information only in the following limited circumstances:

• Service Providers: Trusted vendors who assist with website hosting, email delivery, payment processing, and analytics. These parties are contractually bound to process data solely on our behalf and in accordance with our instructions.
• Legal Authorities: When compelled by law, court order, or governmental request to disclose information.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy commitments.
• With Your Explicit Consent: In any scenario not covered above, we will seek your permission before sharing your data.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we engage service providers located outside the EEA (for example, cloud hosting in the United States), we ensure that adequate safeguards are implemented. These safeguards typically include Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually oblige the recipient to protect your data to GDPR-equivalent standards.

8. Data Security Measures

Protecting your personal data is a responsibility we take seriously. We have implemented a comprehensive security framework that includes:

• Encryption of data in transit using Transport Layer Security (TLS) protocols.
• Access controls and authentication mechanisms to restrict data access to authorized personnel only.
• Regular security audits and vulnerability assessments of our systems.
• Staff training on data protection principles and incident response procedures.
• Secure backup and disaster recovery protocols to prevent data loss.

While we employ robust measures, no internet-based system can be guaranteed 100% secure. We encourage you to use strong passwords and exercise caution when transmitting sensitive information online.

9. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention schedule is as follows:

• Contact Form Submissions: Retained for 24 months after the last interaction, unless you request earlier deletion.
• Client Records: Retained for 7 years following the conclusion of services, to comply with Dutch tax and accounting regulations.
• Marketing Subscribers: Retained until you unsubscribe or withdraw consent, after which your data is anonymized or deleted within 30 days.
• Website Analytics: Aggregated and anonymized after 26 months; individual-level data is deleted.

10. Your Rights Under the GDPR

As a data subject, you are entitled to the following rights, which you may exercise free of charge:

• Right of Access: Request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no overriding legal basis for continued processing.
• Right to Restrict Processing: Request that we temporarily suspend processing of your data in specific circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests or direct marketing, including profiling.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

To exercise any of these rights, please contact us using the details in Section 2. We will respond within one month of receiving your request, or inform you if additional time is needed due to complexity.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making processes that produce legal effects or similarly significant consequences for you. We do not use algorithms to evaluate your personal circumstances, preferences, or behaviors for the purpose of making automated decisions about service eligibility, pricing, or content delivery.

12. Children's Privacy

Our website and services are intended for individuals aged 16 and older. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. Upon verification, we will promptly delete such data from our records.

13. Changes to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through a prominent notice on our website and, where appropriate, via email. The "Last Updated" date at the top of this page indicates when the most recent revisions were made. We encourage you to review this policy regularly.

14. Contact and Complaints

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please reach out to us:

If you are unsatisfied with our response, you have the right to lodge a complaint with: