Privacy Policy (GDPR)

Last updated: [1st December 2025]

1. Who I am

This website is operated by The Ember Room.
For any questions regarding this Privacy Policy or your personal data, you can contact me at:
Email: ioana.birsan@theemberroom.org

2. What personal data I collect

When you use the contact form on this website, I may collect the following personal data:

  • First and last name

  • Email address

  • Message content provided by you

  • Selected service or package of interest

  • Any additional information you choose to include

You choose what information to share. Please avoid including sensitive personal data (such as medical or clinical details) unless you are comfortable doing so.

3. Why I collect your data

Your personal data is processed only for the following purposes:

  • To respond to your message or inquiry

  • To provide information about services you expressed interest in

  • To prepare for a potential session, if applicable

Your data will not be used for marketing purposes without your explicit consent.

4. Legal basis for processing

I process your personal data based on:

  • Your consent, given when you submit the contact form

  • Legitimate interest, limited strictly to responding to your request

5. How long I keep your data

Your personal data is stored only for as long as necessary to respond to your inquiry or to comply with legal obligations.
You may request deletion of your data at any time.

6. Who has access to your data

Your data is:

  • Accessed only by me

  • Not sold, rented, or shared with third parties

Technical service providers (such as website hosting or email services) may process data only as necessary and in compliance with GDPR.

7. Your rights under GDPR

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time

  • File a complaint with your local data protection authority

To exercise these rights, contact me at the email address listed above.

8. Data security and breach notification

I take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse.

In the event of a data breach, I will:

  • Act promptly to assess the scope and impact

  • Notify the relevant authorities where required by law

  • Inform affected individuals without undue delay when the breach is likely to pose a risk to their rights and freedoms

If I become aware that your personal data has been compromised, I will make reasonable efforts to contact you directly using the information available.

9. Changes to this policy

This Privacy Policy may be updated from time to time. Any changes will be published on this page.