Last update: 01/10/2025
Domain: heddamartinasola.com

1) DATA CONTROLLER

The controller responsible for the processing of personal data is:
Dr. Hedda Martina Šola, PhD
E-mail: heddamartina.sola@gmail.com

2) DATA PROCESSED AND PURPOSES OF PROCESSING

2.1. Website visit (logs and essential cookies)

• Data: IP address, date and time, URL, user-agent, and essential technical cookies required for website functionality.
• Purpose: Website display, abuse prevention, and basic security.
• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — ensuring service stability and security.

2.2. Contact by e-mail or contact form

• Data: name and surname (if provided), e-mail address, message content, possible attachments.
• Purpose: responding to inquiries, arranging cooperation or appointments, and keeping communication records.
• Legal basis:
  • Taking steps at the request of the data subject before entering into a contract (Art. 6(1)(b) GDPR), or
  • Legitimate interest for proper business communication (Art. 6(1)(f) GDPR).

2.3. Newsletter subscription

• Data: e-mail address, name (optional), open and click statistics (if the provider supports).
• Purpose: sending professional updates and information about content, podcasts, and events.
• Legal basis: Consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time via the “Unsubscribe” link or by contacting the above e-mail address.

2.4. Embedded third-party content (e.g. YouTube podcast)

• Data: technical identifiers and cookies set by the provider (e.g. Google/YouTube), IP address, browser/device data, player interactions.
• Purpose: displaying and playing video content directly on the website.
• Legal basis:
  • Consent for setting non-essential cookies (where applicable), and
  • Legitimate interest in delivering requested content (in line with ePrivacy rules on cookies).
• Note: Whenever possible, the YouTube “Privacy-Enhanced Mode” (youtube-nocookie.com) minimizes cookie placement before user interaction.

2.5. Analytics (e.g., Google Analytics or similar tools)

• Data: IP address (with anonymization if enabled), city/country-level geolocation, device and browser type, visited pages, time spent, user events (scrolls, clicks).
• Purpose: understanding website usage, improving content, and UX.
• Legal basis:
  • Consent (if non-essential tracking cookies are used), or
  • Legitimate interest with strict IP anonymization and limited features, in accordance with supervisory authority guidance.

3) COOKIES AND SIMILAR TECHNOLOGIES

• Only essential cookies are used for website functionality (e.g., language choice, security).
• Analytical/marketing cookies (e.g., Google Analytics, YouTube) are activated only after your consent via banner or cookie settings.
• You may withdraw consent at any time in “Cookie Settings” at the bottom of the page.
• More about third-party cookies is available in their privacy policies.

4) DATA RECIPIENTS

Data are shared only when necessary, with:

• Website hosting and maintenance provider (technical infrastructure and security);
• E-mail provider (e.g. Google/Gmail) for receiving and sending messages;
• Embedded content providers (e.g. YouTube/Google) when you play a video;
• Analytics tool (if active) within the scope stated in section 2.5.
  All third parties process data either as processors under Art. 28 GDPR or as independent controllers, depending on the context.

5) DATA TRANSFERS OUTSIDE THE EU/EEA

If providers’ services outside the EU/EEA are used (e.g. Google/YouTube), data may be transferred to third countries.
Such transfers are based on:

• Adequacy Decisions (where applicable), and/or
• Standard Contractual Clauses (SCCs) and additional safeguards applied by the provider.
  Details can be found in the individual provider’s privacy policy.

6) RETENTION PERIODS

• Contact/correspondence: up to 12 months after the last communication, or longer if required for legal purposes.
• Newsletter: until consent is withdrawn or unsubscribed.
• Analytics: according to the tool’s settings (e.g., 14 months), in aggregated/anonymous form.
• Technical security logs: up to 12 months, unless a more extended period is needed for incident investigation.

7) YOUR RIGHTS (GDPR)

You have the right to request:

• access to your data,
• rectification of inaccurate data,
• erasure (“right to be forgotten”) under the GDPR conditions,
• restriction of processing,
• data portability,
• objection to processing based on legitimate interest,
• withdrawal of consent at any time (without affecting prior lawful processing).

To exercise your rights, contact heddamartina.sola@gmail.com.
Responses are provided, as a rule, within 30 days.

8) RIGHT TO LODGE A COMPLAINT

If you believe your data protection rights have been violated, you may file a complaint with the supervisory authority:
Croatian Personal Data Protection Agency (AZOP)
Ulica Metela Ožegovića 16, 10000 Zagreb, Croatia
Web: azop.hr | E-mail: azop@azop.hr | Tel: +385 1 4609 000

9) DATA SECURITY

We implement appropriate technical and organizational measures (TLS/HTTPS, access control, data minimization, regular system updates) to protect personal data from unauthorized access or misuse.

10) CHANGES AND UPDATES

This Privacy Policy may be updated periodically to comply with legal requirements and website functionalities.
The current version is always available on this page.

LEGAL BASIS AND REFERENCES

• General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, official text on EUR-Lex.
• Croatian Law on Implementation of the GDPR (NN 42/2018).
• AZOP — Croatian supervisory authority, official website, and cookie-policy guidance.
• ePrivacy and Cookies (Croatia) — rules in accordance with the ePrivacy Directive and the Croatian Electronic Communications Act.