Andriciuc, Smaranda-Maria · Business & Financial Strategy

Privacy Policy

Compliant with EU Regulation 2016/679 (GDPR) and Belgian Law of 30 July 2018

Last updated: March 2026

1. Who is the data controller
2. What data we collect
3. Purposes and legal basis
4. How long we retain data
5. Who we share data with
6. International transfers
7. Your rights
8. Cookies
9. Data concerning minors
10. Changes to this policy

Who is the data controller

Controller identification details

—Name: Andriciuc, Smaranda-Maria

—Address: Kievitlaan 5, Bornem 2880, Belgium

—Website: smaranda-andriciuc.com

—Contact email: smaranda.andriciuc@gmail.com

🇧🇪 Belgian operator — services delivered online across the EU

Andriciuc, Smaranda-Maria is a Belgian sole trader providing financial coaching and business consulting services, delivered exclusively online. The controller processes personal data as an independent data controller, in compliance with EU Regulation 2016/679 (GDPR), the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, the Belgian Code of Economic Law (WER/CEL), and any other applicable regulation in force.

Competent supervisory authority: The controller is a Belgian natural person established in Belgium. The competent authority is the Autorité de protection des données / Gegevensbeschermingsautoriteit (APD/GBA) — www.dataprotectionauthority.be — Rue de la Presse 35, 1000 Brussels — Tel: +32 2 274 48 00.

What data we collect

Depending on how you interact with our platform, we may collect the following categories of personal data:

Categories of data processed

—Identification data: First name, last name, email address, phone number (if voluntarily provided)

—Professional data: Occupation, business stage, industry — provided in the context of coaching sessions or contact forms

—General financial data: Information about revenues, expenses, financial goals — exclusively in the consulting context, voluntarily provided by the client

—Technical data: IP address, browser type, pages visited, session duration — collected automatically via cookies and analytics tools

—Communication data: Messages sent via the contact form, email or online session platforms (e.g. Google Meet)

We do not collect special categories of data (health data, religious beliefs, ethnic origin, etc.) and we do not request such information. If a data subject voluntarily provides such data during sessions, the processing is based exclusively on their explicit consent, in accordance with Art. 9(2)(a) GDPR.

Purposes and legal basis

Each processing of personal data has a specific purpose and an explicit legal basis, in accordance with Art. 6 GDPR. The complete table is presented below:

Purpose	Data involved	Legal basis (Art. 6 GDPR)
Providing coaching and consulting services	Identification, professional, general financial	Performance of contract — Art. 6(1)(b)
Responding to contact requests and enquiries	Identification, communication	Consent — Art. 6(1)(a) or legitimate interest — Art. 6(1)(f)
Managing appointments and online sessions	Identification, technical data (video platforms)	Performance of contract — Art. 6(1)(b)
Sending newsletters or marketing communications	Email address, preferences	Explicit and revocable consent — Art. 6(1)(a)
Fulfilling legal obligations (invoicing, accounting)	Identification, billing data	Legal obligation — Art. 6(1)(c)
Statistical analysis and website improvement	Technical data (anonymous IP, site behaviour)	Legitimate interest — Art. 6(1)(f)

Regarding consent: Where processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal can be made by a simple email to the contact address indicated above.

How long we retain data

Personal data is retained for the period strictly necessary for the purpose for which it was collected, in accordance with the storage limitation principle (Art. 5(1)(e) GDPR):

Retention periods

—Active client data (contracts, invoices): 7 years from the date of the last transaction — in accordance with Belgian accounting law (Law of 17 July 1975 on business accounting) and Belgian tax law

—Coaching session data (notes, plans): Maximum 3 years from the end of the engagement, after which they are permanently deleted or irreversibly anonymised

—Contact form data (no subsequent contract): 12 months from the last interaction

—Newsletter data (marketing consent): Until consent is withdrawn or 3 years of inactivity

—Technical data / logs: Maximum 12 months, anonymised after 30 days

Belgian vs Romanian retention: The retention period for accounting documents in Belgium is 7 years (as required by Belgian law), not 10 years as under Romanian law.

Upon expiry of the retention period, data is securely deleted or irreversibly anonymised so that it can no longer be associated with an identifiable person.

Who we share data with

Your personal data is not sold, rented or traded to third parties. Access to data is limited to the persons and entities strictly necessary for the provision of services:

Categories of recipients

—Online session platform providers (Google Meet / Google LLC) — exclusively for the purpose of conducting contracted sessions. Google LLC acts as a data processor and processes data in accordance with its own GDPR policy and applicable standard contractual clauses.

—Email and newsletter service providers (e.g. Mailchimp / similar) — exclusively for sending consented communications.

—Web hosting and security providers — with limited technical access, under data processing agreements.

—Accountant / tax advisor — exclusively for billing data required to fulfil legal obligations.

—Public authorities — exclusively when required by law (e.g. Belgian tax authority, courts), within strictly necessary limits.

International data transfers

Some of the platforms used (e.g. Google Meet, Mailchimp) may involve the transfer of data outside the European Economic Area (EEA), including to the United States of America.

These transfers are carried out exclusively on the basis of appropriate safeguards, in accordance with Chapter V of GDPR, in particular:

Transfer mechanisms used

—Standard Contractual Clauses (SCC) adopted by the European Commission — mandatory for our US-based providers

—EU–US Data Privacy Framework (DPF) — where providers are certified under this adequacy decision (Commission Implementing Decision of 10 July 2023)

—Data transferred is limited to the minimum necessary for the operation of the services used

You may request additional information about the safeguards applied for each provider by contacting the controller at the email address indicated above.

Your rights as a data subject

In accordance with EU Regulation 2016/679, you benefit from the following rights, which you may exercise at any time, free of charge, by sending an email to the controller's address:

Art. 15 GDPR

Right of access

You may request a copy of the personal data we hold about you and information about how we process it.

Art. 16 GDPR

Right to rectification

You may request the correction of inaccurate data or the completion of incomplete data concerning you.

Art. 17 GDPR

Right to erasure

You may request the deletion of your data under the conditions provided by law (e.g. withdrawal of consent, data no longer necessary).

Art. 18 GDPR

Right to restriction

You may request the restriction of processing of your data in certain situations provided for by GDPR.

Art. 20 GDPR

Right to portability

You may receive data provided on the basis of contract or consent, in a structured and machine-readable format.

Art. 21 GDPR

Right to object

You may object to processing based on the controller's legitimate interest or to direct marketing, at any time.

Art. 22 GDPR

Automated decision-making

We do not use automated profiling or decisions with legal effects based solely on automated processing.

Art. 7(3) GDPR

Withdrawal of consent

Where processing is based on your consent, you may withdraw it at any time, without consequences for your rights.

Response time: The controller will respond to your requests within a maximum of 30 calendar days of receipt, in accordance with Art. 12 GDPR. In complex cases, the deadline may be extended by a further 60 days, with prior notification to the data subject.

If you believe your rights have been violated, you have the right to lodge a complaint with:

Competent supervisory authority

—Autorité de protection des données / Gegevensbeschermingsautoriteit (APD/GBA) — www.dataprotectionauthority.be — Rue de la Presse 35, 1000 Brussels — Tel: +32 2 274 48 00

Cookies and similar technologies

This website uses cookies and similar tracking technologies, in accordance with Directive 2002/58/EC (ePrivacy), as implemented in Belgium by the Act of 13 June 2005 on electronic communications, and in line with APD/GBA Recommendation 01/2020 on cookie consent.

Categories of cookies used

—Essential cookies (strictly necessary): Required for the website to function; cannot be disabled. Do not require consent.

—Analytics cookies: Collect anonymised data about visitor behaviour (e.g. Google Analytics with anonymous IP). Require consent.

—Marketing / retargeting cookies: Used only if explicitly enabled by the visitor through the consent banner.

On your first visit to the website, you will be informed about cookies via a consent banner, in accordance with legal requirements. You may modify your preferences at any time from your browser settings or through the consent management mechanism available on the site.

Data concerning minors

The services of Andriciuc, Smaranda-Maria are addressed exclusively to persons aged at least 18 years. We do not knowingly collect or process personal data of minors.

If a minor provides us with personal data without the knowledge of a legal guardian, please contact us immediately. We will delete such data without undue delay, in accordance with Art. 8 GDPR and applicable Belgian law.

Changes to this policy

The controller reserves the right to periodically update this privacy policy to reflect legislative changes, technological developments or evolutions in the services offered.

The updated version will be published on this page, with the date of the last update indicated. In the case of material changes affecting the rights of data subjects, we will send a notification by email (for users with a newsletter subscription), at least 30 days before the new provisions come into force.

Continued use of the website or our services after the publication of updates constitutes acceptance of the revised version, to the extent permitted by law.

Questions about your data?

We are available for any request related to your GDPR rights.

📧 smaranda.andriciuc@gmail.com

Response time: maximum 30 calendar days

Andriciuc, Smaranda-Maria · Kievitlaan 5, Bornem 2880, Belgium · Compliant with GDPR (EU) 2016/679 & Belgian Law of 30 July 2018

Message me on WhatsApp