Legal

Privacy.

Who I am

My name is Vanessa Varvara and I am the data controller responsible for this site. I work as an independent practitioner, based in Cluj-Napoca, Romania.

You can contact me on WhatsApp at 0750 290 119 or by email at vanessa.garcia.laar@gmail.com.


What data I collect and why

Visitor statistics (Cloudflare Web Analytics)

This site uses Cloudflare Web Analytics, an analytics service that does not place cookies on your device and does not build individual tracking profiles. That said, Cloudflare’s servers process visitor IP addresses as part of normal network operation, before anonymizing them. Cloudflare acts as a data processor on my behalf.

The data collected includes: pages visited, device and browser type, country of origin (from anonymized IP), and number of visits. The purpose is solely to understand how the site is used, in order to improve it.

Contact via WhatsApp

If you choose to contact me through the WhatsApp button on this site, you yourself initiate a conversation on the Meta (WhatsApp) platform. I receive your messages and use them only to reply and, if you wish, to schedule a session. Meta processes the conversation data according to its own privacy policy (available at whatsapp.com/legal/privacy-policy).

I don’t collect email addresses, I don’t have contact forms on the site, and I don’t send a newsletter.

When you become a client and we set up a session, I need:

  • Your name and contact details (at least a phone or WhatsApp number), so we can communicate
  • Information you choose to share about your wellbeing, personal situation, or emotional history, so I can work with you in session
  • Payment data for fixed-rate services (ThetaHealing® and Numerology reading): payment is made by bank transfer, cash, or directly at the studio; I don’t process cards or online payments

I handle this data myself, directly, as a data controller. There is no third-party app or platform that stores it automatically.


How I use the data

  • Cloudflare statistics: used only in aggregated form, to understand how many people visit the site and which pages are useful. I don’t use them for advertising.
  • Contact data: used only to reply to your messages and arrange sessions.
  • Session data: used only to deliver the service you’ve requested. I don’t sell, transfer, or use it for marketing.

I process personal data on the following legal bases, under Article 6 of Regulation (EU) 2016/679 (GDPR):

  • Your consent (Art. 6(1)(a)): for web analytics statistics (you can block processing using an adblocker or browser settings)
  • Our legitimate interest (Art. 6(1)(f)): for basic site and network security (Cloudflare processes your IP as part of infrastructure operation)
  • Performance of a contract or pre-contractual steps (Art. 6(1)(b)): for the data you provide when you request a session
  • Your explicit consent (Art. 6(1)(a)) and legal obligations (Art. 6(1)(c)): for administrative data related to services

Sensitive data (Art. 9 GDPR)

During sessions, you may share information about your physical or emotional health, psychological difficulties, or other sensitive aspects of your life. This information is considered sensitive data under Article 9 of the GDPR.

Processing happens solely on the basis of your explicit consent, expressed by choosing to start and continue the session, and within the duty of professional confidentiality. I do not share it with anyone, with the minimal legal exceptions (imminent risk to you or another person, legal obligation, or judicial order).

I am not a medical doctor, psychologist, or licensed psychotherapist. If you are facing an active medical or psychiatric condition, I encourage you to also consult an authorized specialist.


How long I keep the data

  • Cloudflare analytics data: default retention of about 30 days according to Cloudflare’s settings, in anonymized/aggregated form.
  • WhatsApp conversations: stay in the app as long as the conversation exists; I delete them periodically or at your request.
  • Session notes: I keep them as long as professionally necessary to provide a continuous and coherent service; in practice, for the duration of our working relationship and at most a few months after it ends.

Who I share your data with

I share data with third parties only in limited and clear situations:

  • Cloudflare Inc. (USA): data processor for hosting and web analytics. Cloudflare is certified under EU-approved transfer mechanisms (Data Privacy Framework). I don’t receive individual personal data from their analytics reports.
  • Meta Platforms / WhatsApp: when you initiate a WhatsApp conversation, Meta processes the data under its own terms. I have no control over Meta’s processing.
  • No one else. I don’t sell, rent, or transfer your data to any third party for marketing or any other purpose.

Your rights

Under the GDPR (Articles 15–21), you have the following rights:

  • Right of access (Art. 15): you can ask what data I hold about you.
  • Right to rectification (Art. 16): you can ask for inaccurate data to be corrected or incomplete data to be completed.
  • Right to erasure (Art. 17): you can ask for your data to be deleted, within the bounds of my legal obligations.
  • Right to restriction of processing (Art. 18): you can ask me to limit how I process your data, in certain situations.
  • Right to data portability (Art. 20): you can receive your data in a structured, machine-readable format, where technically applicable.
  • Right to object (Art. 21): you can object to processing based on legitimate interest, including for statistical analysis.
  • Right to lodge a complaint: you can notify the supervisory authority if you consider your rights have been infringed (see the section below).

I do not make automated decisions about you and I do not carry out profiling within the meaning of Article 22 of the GDPR.


How to exercise your rights

Send me a message on WhatsApp at 0750 290 119 or by email at vanessa.garcia.laar@gmail.com. I will reply within 30 days at most.


Complaints

If you believe your data is not being processed correctly, you have the right to lodge a complaint with the Romanian supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP) Bd. G-ral Gheorghe Magheru 28-30, Sector 1, Bucharest Phone: +40 318 059 211 Email: anspdcp@dataprotection.ro Website: dataprotection.ro


Changes to this notice

I may update this notice whenever necessary. For example, if I add a new service or if new legal requirements appear. The date in the “Last updated” field always reflects the current version. I encourage you to reread it periodically.

Last updated: 6 May 2026