top of page

Privacy Policy

www.beatricegrassocoaching.com

Last Updated: March 2026

This Privacy Policy explains how Beatrice Grasso Coaching collects, uses, processes, and protects your personal data. We are committed to ensuring your privacy and complying with the General Data Protection Regulation (GDPR), the Italian Code on Data Protection (Decreto Legislativo 30 giugno 2003, n. 196, as amended by Legislative Decree 101/2018), and all applicable Italian and EU data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Beatrice Grasso

Business Registration

Partita IVA (VAT): IT05537330267

Contact Email

beatricegrasso.coaching@gmail.com

We do not have a Data Protection Officer (DPO), as we are not required to appoint one under GDPR Article 37.

 

2. Services and Data Collection

We provide the following services through our website:

  • One-on-one coaching and consultations

  • Newsletter and email marketing communications

 

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Data Provided Directly by You

  • Name and email address

  • Phone number

  • Location data (provided via contact forms or services intake forms; necessary for invoicing and service delivery)

  • Payment information processed via PayPal and Stripe (we do not store full payment card details; payment processors handle this securely)

 

3.2 Data Collected Automatically

  • Location data via IP address (collected through website analytics)

  • Cookies and similar tracking technologies (detailed below)

 

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. You can manage your cookie preferences through the Usercentrics cookie consent banner on our website. We use the following types of cookies:

4.1 Essential Cookies

These cookies are necessary for the website to function properly. They include security cookies and cookies that enable core functionality. These are always enabled.

 

4.2 Functional Cookies

These cookies remember your preferences and allow us to customise the website to enhance your user experience.

 

4.3 Analytical Cookies

We use Wix standard analytics tracking to understand how you interact with our website. These cookies help us improve our website and services. We may enable Google Analytics in the future to supplement this analysis. Analytical cookies require your consent.

 

4.4 Marketing Cookies

These cookies are used to track your behaviour across the web to deliver targeted advertising and marketing content. Marketing cookies require your consent and are managed through the Usercentrics banner.

You can withdraw consent to non-essential cookies at any time by updating your preferences in the Usercentrics cookie banner.

 

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

5.1 Performance of a Contract

We process your name, email, phone number, location data, and payment information to provide coaching services and manage client relationships. This processing is necessary to fulfil our contractual obligations to you.

 

5.2 Legitimate Interests

We process website analytics and usage data based on our legitimate interest in:

  • Understanding how our website is used and improving user experience

  • Ensuring website security and fraud prevention

 

5.3 Consent

For non-essential cookies (analytical and marketing cookies), we rely on your explicit consent provided through the Usercentrics cookie banner. For newsletter subscriptions, we require explicit consent via double opt-in.

 

6. Newsletter Subscriptions and Email Marketing

We collect email addresses from newsletter subscribers through a double opt-in process. This means you must confirm your email address after subscribing. We send you newsletters and promotional content only after you have confirmed your subscription.

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in any email we send you. We will stop sending you marketing communications immediately upon your request.

We do not use automated decision-making or profiling to segment our newsletter subscribers for marketing purposes.

 

7. Third-Party Data Processors

We use the following third-party services that process your personal data as data processors:

Service Provider

Purpose

Data Location

Stripe & PayPal

Payment processing

USA (SCCs in place)

Wix Analytics

Website analytics and performance tracking

USA (SCCs in place)

Zoom

Coaching sessions and video conferencing

USA (SCCs in place)

Usercentrics

Cookie consent management

EU / USA (SCCs in place)

Social Media Platforms

Marketing and outreach

USA/Various (SCCs in place)

All third-party processors have signed Data Processing Agreements incorporating Standard Contractual Clauses (SCCs) to ensure your data is protected according to GDPR standards, even where they are located outside the EEA.

 

8. International Data Transfers

Some of your personal data may be transferred to countries outside the European Union, including the United States, where some of our processors are located (Stripe, PayPal, Zoom, Wix, social media platforms).

To protect your data during these transfers, we have implemented Standard Contractual Clauses (SCCs) with all processors. These clauses ensure that your personal data receives the same level of protection as it would under EU law, regardless of where it is processed.

 

9. Data Retention

We retain your personal data for the following periods:

9.1 Coaching Client Data

We retain client contact details, service records, and session notes for ten (10) years following the termination of the coaching relationship. This retention period is necessary to meet legal and accounting obligations in Italy, to handle potential disputes, and to maintain continuity if a client re-engages our services. After ten years, all client data is securely deleted.

 

9.2 Newsletter Subscriber List

We maintain our newsletter subscriber list on an ongoing basis for as long as you are subscribed. We conduct an annual review of the list and remove inactive subscribers. You can unsubscribe at any time, and your email address will be deleted within 30 days.

 

9.3 Payment Records

Payment records and transaction data are retained in accordance with Italian tax law and accounting requirements (generally 10 years for business records). Payment processors (Stripe, PayPal) may maintain records in accordance with their own policies.

 

9.4 Website Cookies and Analytics

Cookies are retained in accordance with their expiration dates and the settings configured by Wix. Analytical data is retained according to Wix data retention policies.

 

10. Video Conference Recording

Zoom sessions used for coaching are not recorded unless you have explicitly agreed in advance. If a session is recorded with your consent, you will be informed of the recording policy, and the recording will be stored securely. Recordings are retained only as long as necessary for the purpose for which they were created. You can request deletion of recorded sessions at any time.

 

11. Your Data Protection Rights

Under the GDPR and Italian data protection law, you have the following rights regarding your personal data:

 

11.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you. We will provide this information within 30 days of your request.

 

11.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will make corrections within 30 days of your request.

 

11.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as where the data is no longer necessary, or where you withdraw consent. Please note that we may retain data where required by law (such as for tax or accounting purposes) or where necessary to fulfil our contractual obligations. We will respond to erasure requests within 30 days.

 

11.4 Right to Restrict Processing

You have the right to request that we limit the processing of your data in certain circumstances, for example, whilst we are verifying the accuracy of data that you have disputed.

 

11.5 Right to Data Portability

You have the right to request a copy of your personal data in a machine-readable format and to transmit this data to another organisation, where technically feasible.

 

11.6 Right to Object

You have the right to object to the processing of your personal data for marketing purposes or where we rely on legitimate interests. We will stop processing for these purposes upon receipt of your objection.

 

11.7 Right to Withdraw Consent

Where we have requested your consent to process data (such as for non-essential cookies or newsletter subscriptions), you can withdraw this consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

11.8 How to Exercise Your Rights

To exercise any of these rights, please contact us by email at:

beatricegrasso.coaching@gmail.com

Please include your full name and details of your request. We will respond to all requests within 30 days. In some cases, where the request is particularly complex, we may extend this period by up to two months.

If you are not satisfied with our response, you have the right to lodge a complaint with the Italian data protection authority (Garante per la Protezione dei Dati Personali).

 

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure password practices, restricted access to data, and regular security reviews. However, no transmission of data over the internet is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.

 

13. Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant data protection authorities in accordance with GDPR Article 33 and Italian law requirements. If the breach poses a high risk to you personally, we will also notify you directly without undue delay.

Our notification will include the nature of the breach, the data affected, and measures we have taken to mitigate the harm. We will co-operate fully with data protection authorities and other competent authorities in investigating and resolving breaches.

 

14. Children's Data

Our website and services are intended for adults. We do not intentionally collect personal data from children under 16 years of age. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will delete such data immediately. If you believe we have collected data from a child, please contact us at beatricegrasso.coaching@gmail.com.

 

15. Third-Party Links

Our website may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to those external websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites before providing your personal data.

 

16. Automated Decision-Making and Profiling

We do not engage in automated decision-making (such as algorithmic decisions that produce legal or similarly significant effects) or large-scale profiling of individuals. Any communication sent to you is based on your explicit consent or our contractual relationship, not on automated profiling.

 

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or in response to changes in applicable law. We will notify you of any material changes by posting the updated policy on our website with an updated "Last Updated" date. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated policy.

 

18. Applicable Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of Italy, including the General Data Protection Regulation (GDPR) and the Italian Code on Data Protection (Decreto Legislativo 30 giugno 2003, n. 196, as amended by Legislative Decree 101/2018). Any disputes arising from this policy shall be subject to the jurisdiction of the Italian courts.

 

19. Contact Information

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your data protection rights, please contact us:

Email: beatricegrasso.coaching@gmail.com

Website: www.beatricegrassocoaching.com

This Privacy Policy is effective as of March 2026.

bottom of page