Privacy Policy – Romina Hoyos

1) Controller & Contact

Controller

Romina-Hoyos Consulting

Legal form

Private Limited Company (UK)

Address

27 Old Gloucester Street
London WC1N 3AX
United Kingdom

contact@rominahoyos.com

+55 119 4792 5627

Represented by

Romina Hoyos

Send privacy request Open WhatsApp

2) Scope

This Privacy Policy applies to the website at https://www.rominahoyos.com including all subpages, provided they refer to this notice.

It describes the processing of personal data in accordance with the principles of the GDPR (EU) and – where applicable – the UK GDPR as well as supplementary national provisions.

3) Definitions & principles

Personal data means any information relating to an identified or identifiable natural person (e.g. name, email address, IP address).

Data minimisation: only as much as necessary.
Purpose limitation: only for clear, legitimate purposes.
Security: appropriate technical/organisational measures.
Transparency: clear information & easy ways to contact us.

4) Processing when you visit the website

4.1 Server log files

When you access the website, the server necessarily processes certain data to establish the connection, deliver the website and ensure security. In particular, the following may be processed:

IP address (truncated or full, depending on the server setup)
Date and time of access
Requested page/file, status codes
Amount of data transferred
Referrer URL (previously visited page, if transmitted)
Browser type/version, operating system, language settings

Purpose: operation of the website, stability, detection of abuse/attacks, error analysis.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, stable operation).

Retention period: Log data is generally stored only as long as required for the purposes (e.g. a few days to weeks) and then deleted or anonymised, unless security/legal reasons require longer storage.

4.2 Hosting / processing on behalf

The website is operated with a hosting service provider. The provider processes the technical data mentioned above on our behalf insofar as this is necessary to provide and operate the website.

Legal basis: Art. 6(1)(f) GDPR (secure operation) and, where applicable, Art. 28 GDPR (processing on behalf).

4.3 External content / assets (e.g. images, fonts)

This website may embed content from external servers (e.g. background images, media files, libraries). When such content is retrieved, your IP address is technically transmitted to the respective provider, otherwise delivery would not be possible.

Purpose: appealing presentation and efficient delivery of content.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in professional presentation and performance).

If you do not want any transmission to third-party providers, we can technically adjust external content so that it is delivered entirely from our own server (where possible).

5) Contact & communication

5.1 Contact via email / WhatsApp

If you contact us (e.g. via email or WhatsApp), we process your information to handle your request and to answer any follow-up questions.

Data categories: contact details (e.g. name, email, phone number), communication content, metadata (time, possibly technical identifiers).
Purpose: handling and documenting enquiries, support, preparation/performance of contracts.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

Retention period: as long as necessary to handle the request; beyond that only if statutory retention obligations exist or for the defence of legal claims.

Note: When using WhatsApp, data may also be processed by the respective service provider. You can always use email instead if you prefer.

6) Cookies & similar technologies

6.1 Principle

Cookies are small text files that can be stored on your device. This website may use technically necessary cookies, insofar as this is required for core functions (e.g. security, language settings, session handling).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in functional, secure operation) or – where required – Art. 6(1)(a) GDPR (consent), e.g. for optional marketing/tracking cookies.

6.2 Web analytics / tracking (currently not described)

On this website – unless we explicitly activate it – no personal tracking mechanisms for marketing purposes are required. If analytics/tracking tools are used in the future, this notice will be updated in advance and – if necessary – consent will be obtained.

7) Recipients, third-country transfers, retention

7.1 Recipients / service providers

We only share personal data where necessary, e.g. with:

Hosting/IT service providers (operation, maintenance, security)
Communication service providers (e.g. email, messenger – depending on your chosen contact channel)
Authorities/courts where we are legally obliged to do so

If service providers process data on our behalf, this is done on the basis of a data processing agreement (Art. 28 GDPR), where required.

7.2 Transfers to third countries

Depending on the service providers or communication channels used, processing may also take place outside the EU/EEA. In such cases, we ensure appropriate safeguards (e.g. Standard Contractual Clauses, additional protective measures), insofar as legally required.

7.3 Retention (general)

We store personal data only for as long as necessary for the respective purposes or as required by law. Thereafter, data is deleted or anonymised, unless legitimate reasons (e.g. legal defence) prevent this.

Data subject rights

8) Your rights

Depending on applicability, you have in particular the following rights:

Access to processed data (Art. 15 GDPR)
Rectification of inaccurate data (Art. 16 GDPR)
Erasure (“right to be forgotten”) (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing (Art. 21 GDPR), in particular where based on Art. 6(1)(f)
Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
Complaint to a supervisory authority (Art. 77 GDPR)

To exercise your rights, an informal message to the following address is sufficient: contact@rominahoyos.com.

9) Right to object (Art. 21 GDPR)

If we process data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you may object at any time for reasons arising from your particular situation. We will then no longer process the data unless we can demonstrate compelling legitimate grounds or the processing serves the establishment, exercise or defence of legal claims.

10) Data security

We implement appropriate technical and organisational security measures to protect data against loss, manipulation, unauthorised access or unauthorised disclosure. Transmission is generally encrypted (TLS/HTTPS) if supported by the browser.

11) Data Protection Officer

No Data Protection Officer is currently appointed, unless there is a legal obligation to do so.

12) Social media links

This website may contain links to social media profiles. By clicking a link you will be redirected to the respective platform. Only there will further data be processed – depending on the provider. Please refer to the privacy information of the respective provider.