Privacy Policy — Aniyah Connelly

1. Introduction & Scope

Welcome to the Privacy Policy of Aniyah Connelly (hereinafter referred to as "we", "us", "our", or "the Blog"). This document explains how we collect, use, store, and protect your personal data when you visit our website, interact with our content, fill out contact forms, or engage with any of the services offered through this platform. We are committed to maintaining the highest standards of data protection and transparency, in full compliance with the General Data Protection Regulation (GDPR) of the European Union (Regulation 2016/679), the Dutch Data Protection Act (Uitvoeringswet AVG), and other applicable privacy legislation.

This Privacy Policy applies to all visitors, users, and clients who access the website located at aniyahconnelly.blog and any associated subdomains, landing pages, or digital properties under our control. By accessing or using our website, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, we kindly ask you to discontinue use of our services immediately.

We take your privacy seriously. This is not a generic template policy copied from the internet; it has been carefully drafted to reflect the actual data practices of this blog, the limited nature of the information we collect, and the specific ways in which we use that information to serve our community of readers and clients interested in movement, lifestyle, and wellness content.

2. Data We Collect

We believe in collecting only the minimum amount of data necessary to provide our services and respond to your inquiries. The types of personal data we may collect include the following categories, depending on how you interact with our website:

2.1 Information You Provide Voluntarily

When you fill out the contact form on our website, subscribe to updates, or communicate with us via email, you may provide the following personal information:

Full Name — used to address you personally in our communications and to identify your inquiry in our records.
Email Address — used as the primary channel for responding to your messages, sending program materials, and delivering newsletters if you have opted in.
Telephone Number — collected optionally for cases where a phone consultation is requested or when email communication is insufficient for complex inquiries.
Message Content — the text you enter in the message field, which helps us understand your needs, questions, or feedback so we can provide a tailored response.
Topic Selection — the category you choose from the dropdown menu (Program Inquiry, Collaboration, General Question, or Feedback), which helps us route your message to the appropriate workflow.

2.2 Automatically Collected Information

When you browse our website, certain technical information is automatically collected by our web server and third-party services integrated into the site. This includes:

IP Address — a numerical label assigned to your device when connecting to the internet, used for security monitoring, fraud prevention, and understanding geographic distribution of our audience.
Browser Type and Version — helps us ensure our website displays correctly across different browsers and devices.
Operating System — allows us to optimize the user experience for different platforms (Windows, macOS, iOS, Android, etc.).
Referring Website — indicates which external site or search engine directed you to our blog, helping us understand our traffic sources.
Pages Visited and Time Spent — aggregated analytics data that shows us which content is most valuable to our readers.
Date and Time of Visit — used for server log maintenance and troubleshooting technical issues.

2.3 Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. Cookies are small text files stored on your device when you visit a website. We use the following categories of cookies:

Essential Cookies — necessary for the website to function properly, such as maintaining your session state and enabling basic navigation. These cannot be disabled.
Analytics Cookies — help us understand how visitors interact with our website by collecting and reporting information anonymously. We use these to improve content and user experience.
Preference Cookies — remember your settings and choices (such as language preferences) to provide a more personalized experience on repeat visits.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. However, please note that disabling certain cookies may affect the functionality of our website.

3. How We Use Your Data

We process your personal data for specific, explicit, and legitimate purposes. We do not use your data for purposes that are incompatible with the original reason for collection. The primary purposes for which we process your personal information are:

Responding to Inquiries — When you submit a message through our contact form, we use your contact details to send a personalized reply addressing your questions, program interest, or collaboration proposal.
Providing Services — If you purchase a program or book a consultation, we use your information to deliver the agreed-upon services, send program materials, and coordinate scheduling.
Improving Our Content — Aggregated, anonymized data about page visits and engagement helps us understand which topics resonate most with our audience, allowing us to create more valuable blog posts and resources.
Security and Fraud Prevention — IP addresses and access logs are monitored to detect suspicious activity, prevent unauthorized access, and protect the integrity of our website and user data.
Legal Compliance — We may process your data when required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Communication — With your explicit consent (indicated by checking the GDPR consent box on our contact form), we may occasionally send you updates about new blog posts, program launches, or community events. You can opt out at any time.

We do not sell, rent, trade, or otherwise transfer your personal data to third parties for marketing purposes. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Data Security Measures

Protecting your personal data is a responsibility we take extremely seriously. We implement a comprehensive set of technical and organizational security measures designed to prevent unauthorized access, disclosure, alteration, or destruction of your information. These measures include:

SSL/TLS Encryption — All data transmitted between your browser and our server is encrypted using industry-standard Secure Sockets Layer (SSL) technology, indicated by the HTTPS prefix in our website URL.
Access Controls — Only authorized personnel have access to personal data, and access is granted on a need-to-know basis with individual login credentials and activity logging.
Regular Security Audits — We periodically review our security practices, update software, and patch vulnerabilities to maintain a robust defense against emerging threats.
Data Minimization — We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, after which it is securely deleted or anonymized.
Incident Response Plan — In the unlikely event of a data breach, we have procedures in place to detect, assess, and notify affected individuals and relevant authorities in accordance with GDPR requirements.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to strengthen our defenses.

5. Your Rights Under GDPR

As a resident of the European Union (or as a data subject whose data is processed under EU jurisdiction), you are granted extensive rights regarding your personal data under the General Data Protection Regulation. We fully respect and facilitate the exercise of these rights:

Right to Access (Article 15) — You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
Right to Rectification (Article 16) — If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion.
Right to Erasure (Article 17) — Also known as the "right to be forgotten", you can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
Right to Restrict Processing (Article 18) — You can request that we limit the processing of your data under certain circumstances, such as when you contest its accuracy.
Right to Data Portability (Article 20) — You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to Object (Article 21) — You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes at any time.
Right to Withdraw Consent (Article 7) — Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint (Article 77) — If you believe your rights have been violated, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

To exercise any of these rights, please contact us using the details provided in the Contact section below. We will respond to your request within one month of receipt, in accordance with GDPR timelines. This period may be extended by two further months for complex requests, in which case we will inform you of the extension and reasons.

6. International Data Transfers

Our website is hosted on servers located within the European Union, and we primarily process and store your data within the EEA. However, certain third-party services we use (such as Google Analytics, Google Maps, and Font Awesome CDN) may transfer data to servers located outside the EEA, including the United States.

When such transfers occur, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms. We only work with service providers who demonstrate compliance with GDPR requirements and maintain robust data protection practices.

7. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

Contact Form Submissions — Retained for 24 months from the date of submission, after which they are securely deleted unless an ongoing client relationship exists.
Client Records — Retained for the duration of the service agreement plus 7 years, as required by Dutch tax and accounting regulations.
Server Logs — Retained for 12 months for security and troubleshooting purposes, then automatically purged.
Analytics Data — Aggregated and anonymized after 26 months; individual-level data is not retained indefinitely.
Marketing Consents — Retained until you withdraw your consent or unsubscribe, after which your contact details are removed from our mailing lists.

8. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. Upon verification, we will take prompt steps to delete such information from our records.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of our website. When we make material changes, we will post the updated policy on this page with a revised "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we protect your data.

Significant changes that affect your rights or the way we process your data will be communicated to you directly via email (if we have your contact details) or through a prominent notice on our homepage.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your inquiries promptly and transparently.

Data Protection Contact

Name: Aniyah Connelly

Address: Transvaalkade 7, 1092 JS Amsterdam, Netherlands

Email: privacy@aniyahconnelly.blog

Phone: +31 20 555 0376

Office Hours: Monday – Friday, 09:00 – 17:00 CET

For formal complaints regarding data protection, you may also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.