Privacy Policy

Last updated: 30 May 2026

1. Who is responsible for your data

The controller responsible for processing personal data collected through this website is:

• Name: Lucia Gallardo Helmfelt
• Address: Josep Capo Historiador 13, 07320 Santa Maria del Camí, Spain
• Tax ID: Z0119704V
• Email: [email protected]

If you have any questions about this policy or about how your data is handled, contact me at the email above.

2. What data I collect, why, and on what legal basis

This site collects the minimum data needed to run a contact form and protect it from abuse. I do not run advertising, analytics, or any cross-site tracking.

a) Contact form

When you submit the contact form, I process the name, email address, and message content you provide.

• Purpose: to read and respond to your enquiry.
• Legal basis: Art. 6(1)(a) GDPR (your consent, given by submitting the form) and/or Art. 6(1)(f) GDPR (my legitimate interest in responding to messages addressed to me).
• Retention: your message is kept only as long as needed to handle the enquiry and any follow-up, then deleted within 12 months of last contact.

b) Abuse prevention (rate limiting)

To prevent spam and automated abuse of the form, the site temporarily stores a hashed version of your IP address to count requests over a short window.

• Purpose: security and abuse prevention.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in keeping the service available and spam-free).
• Retention: the hashed value is discarded automatically within one hour.

c) Bot protection (Cloudflare Turnstile)

The contact form is protected by Cloudflare Turnstile. To distinguish humans from bots, Turnstile processes signals such as your IP address, user-agent, and interaction behaviour.

• Purpose: to verify that form submissions come from a human and block automated abuse.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security).
• Processor / recipient: Cloudflare, Inc. acts as a processor for this. See its Data Processing Addendum and privacy documentation at https://www.cloudflare.com/privacypolicy/.
• International transfer: processing may take place on Cloudflare infrastructure outside the EU, including the United States. Transfers are covered by Cloudflare’s EU Standard Contractual Clauses and the EU–US Data Privacy Framework.

3. Cookies

This website does not set its own cookies and uses no analytics or tracking cookies.

Cloudflare’s security infrastructure and Turnstile may set strictly necessary cookies (for example __cf_bm or cf.turnstile.u) solely for bot detection and security. These are exempt from the prior-consent requirement under the ePrivacy rules and Spanish AEPD guidance, which is why this site shows no cookie banner.

4. Who receives your data

Beyond Cloudflare (above), your data may be processed by:

• Hosting provider: Cloudflare Pages — handles server infrastructure and serves the site.
• Email provider: Resend — receives the contact-form message so I can read it.

I do not sell your data or share it for advertising.

5. Your rights

Under the GDPR you have the right to:

• access the personal data I hold about you;
• have inaccurate data corrected;
• have your data erased;
• restrict or object to processing;
• receive your data in a portable format;
• withdraw consent at any time (without affecting processing already carried out).

To exercise any of these, email me at [email protected].

You also have the right to lodge a complaint with a supervisory authority. In Spain this is the Agencia Española de Protección de Datos (AEPD), https://www.aepd.es.

6. Automated decision-making

I do not carry out any automated decision-making or profiling that produces legal or similarly significant effects.

7. Changes to this policy

I may update this policy if the site or its data processing changes. The current version is always the one published here, with the revision date shown at the top.