Privacy Policy for paolocarner.com

Last Updated: 6 JULY 2025

1. Introduction

This Privacy Policy explains how Paolo Carner ("I", "me", "my") collects, uses, and protects your personal information when you visit and interact with my website paolocarner.com (the "Website").

I am committed to protecting your privacy and ensuring transparency about how your personal data is processed. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller: Paolo Carner

Contact: paolo@bare-consult.nl

Website: paolocarner.com

2. Information I Collect

2.1 Information You Provide Directly

Newsletter Subscription:

  • Email address

  • First name (optional)

  • Subscription preferences

  • Date and time of subscription

Contact Form:

  • Name (first and last)

  • Email address

  • Subject line

  • Message content

  • Date and time of submission

Speaking Inquiries:

  • Contact information provided in the inquiry forms

  • Event details and requirements

  • Communication preferences

2.2 Information Collected Automatically

Website Analytics (via Google Analytics):

  • IP address (anonymized)

  • Browser type and version

  • Operating system

  • Pages visited and time spent

  • Referring website

  • Geographic location (country/region level)

  • Device information

Technical Information:

  • Cookies and similar tracking technologies

  • Log files and server data

  • Website performance metrics

2.3 Information from Third Parties

Social Media Interactions:

  • Public profile information when you interact with my LinkedIn posts

  • Comments and engagement data on social platforms

3. Legal Basis for Processing

I process your personal data based on the following legal grounds under GDPR:

Consent (Article 6(1)(a)):

  • Newsletter subscriptions

  • Optional contact form fields

  • Cookie preferences

Legitimate Interests (Article 6(1)(f)):

  • Website analytics and improvement

  • Responding to contact inquiries

  • Professional networking and business development

  • Security and fraud prevention

Contract Performance (Article 6(1)(b)):

  • Providing requested services or information

  • Speaking engagement arrangements

4. How I Use Your Information

4.1 Newsletter and Communications

  • Send weekly cybersecurity insights and blog updates

  • Provide career guidance and business security advice

  • Share relevant industry news and resources

  • Communicate about speaking events and professional activities

4.2 Website Improvement

  • Analyze website traffic and user behavior

  • Improve content and user experience

  • Optimize website performance and functionality

  • Understand audience preferences and interests

4.3 Professional Services

  • Respond to contact inquiries and speaking requests

  • Provide cybersecurity consulting and career guidance

  • Maintain professional relationships and networking

  • Develop relevant content and resources

4.4 Legal and Security

  • Comply with legal obligations

  • Protect against fraud and security threats

  • Enforce website terms of use

  • Maintain records for business purposes

5. Data Sharing and Disclosure

I do not sell, rent, or trade your personal information. I may share your data only in the following circumstances:

5.1 Service Providers

Email Marketing Platform (e.g., Squarespace Email Campaigns):

  • Email addresses and subscription data for newsletter delivery

  • Engagement metrics and analytics

  • Website Hosting (Squarespace):

  • Technical data necessary for website operation

  • Contact form submissions and website analytics

Analytics Services (Google Analytics):

  • Anonymized website usage data

  • Geographic and demographic insights

5.2 Legal Requirements

  • When required by law or legal process

  • To protect rights, property, or safety

  • In connection with legal proceedings

  • To comply with regulatory requirements

5.3 Business Transfers

  • In the event of a business sale or merger

  • With appropriate data protection safeguards

  • With prior notice to affected individuals

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of my service providers are located.

Safeguards in Place:

  • Standard Contractual Clauses (SCCs) with service providers

  • Adequacy decisions by the European Commission where applicable

  • Additional security measures for data protection

Service Provider Locations:

  • Google Analytics: United States (with appropriate safeguards)

  • Squarespace: United States (with appropriate safeguards)

7. Data Retention

I retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Newsletter Subscriptions: Until you unsubscribe or request deletion

  • Contact Inquiries: 3 years for business relationship management

  • Website Analytics: 26 months (Google Analytics default)

  • Legal Records: As required by applicable law (typically 7 years)

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right of Access (Article 15)

Request a copy of the personal data I hold about you, including:

  • Categories of data processed

  • Purposes of processing

  • Recipients of data

  • Retention periods

8.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (Article 17)

Request deletion of your personal data when:

  • No longer necessary for original purpose

  • You withdraw consent

  • Data has been unlawfully processed

  • Required for legal compliance

8.4 Right to Restrict Processing (Article 18)

Request a limitation on processing in certain circumstances.

8.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

8.7 Rights Related to Automated Decision-Making (Article 22)

I do not engage in automated decision-making or profiling.

8.8 How to Exercise Your Rights

To exercise any of these rights, contact me at: paolo@bare-consult.nl

I will respond to your request within one month of receipt. In complex cases, this may be extended by up to two additional months, provided notification is given.

9. Cookies and Tracking Technologies

9.1 Types of Cookies Used

Essential Cookies:

  • Website functionality and security

  • Session management

  • User preferences

Analytics Cookies (Google Analytics):

  • Website traffic analysis

  • User behavior insights

  • Performance optimization

Marketing Cookies:

  • Newsletter signup tracking

  • Social media integration

  • Content personalization

9.2 Cookie Management

You can control cookies through your browser settings:

  • Block all cookies

  • Delete existing cookies

  • Receive notifications before cookies are set

  • Allow cookies from specific websites only

    Note: Disabling certain cookies may affect website functionality.

9.3 Third-Party Cookies

  • Google Analytics: https://policies.google.com/privacy

  • Social Media Platforms: https://www.squarespace.com/privacy

  • 10. Data Security

I implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

  • SSL/TLS encryption for data transmission

  • Secure hosting infrastructure

  • Regular security updates and patches

  • Access controls and authentication

Organizational Measures:

  • Data protection policies and procedures

  • Staff training on data protection

  • Regular security assessments

  • Incident response procedures

11. Children's Privacy

This website is not intended for children under 16 years of age. I do not knowingly collect personal data from individuals under the age of 16. If I become aware that I have collected such data, I will promptly delete it.

12. Changes to This Privacy Policy

I may update this Privacy Policy periodically to reflect changes in:

  • Legal requirements

  • Business practices

  • Technology developments

•Service offerings

Notification of Changes:

  • Updated policy posted on website

  • Email notification for material changes

  • Continued use constitutes acceptance of changes

13. Contact Information and Complaints

13.1 Data Protection Contact

For questions about this Privacy Policy or data protection matters:

Email: paolo@bare-consult.nl

Response Time: Within 5 business days

13.2 Supervisory Authority

You have the right to complain with your local data protection authority if you believe your data protection rights have been violated.

For EU Residents: Contact your national data protection authority

For Ireland: Data Protection Commission (dataprotection.ie)

For UK Residents: Information Commissioner's Office (ico.org.uk)

14. Specific Provisions for Different Activities

14.1 Newsletter Subscription

Legal Basis: Consent

Data Collected: Email address, name (optional), preferences

Purpose: Deliver cybersecurity insights and career guidance

Retention: Until unsubscription or deletion request

Your Rights: Unsubscribe anytime, request deletion, update preferences

14.2 Contact Forms

Legal Basis: Legitimate interest (responding to inquiries)

Data Collected: Name, email, subject, message content

Purpose: Respond to inquiries and provide requested information

Retention: 3 years for business relationship management

Your Rights: Request deletion, rectification, or restriction

14.3 Website Analytics

Legal Basis: Legitimate interest (website improvement)

Data Collected: Anonymized usage data, geographic location

Purpose: Understand audience and improve website experience

Retention: 26 months (Google Analytics default)

Your Rights: Opt-out via browser settings or Google Analytics opt-out

14.4 Professional Services

Legal Basis: Contract performance, legitimate interest

Data Collected: Contact information, service requirements

Purpose: Provide cybersecurity consulting and speaking services

Retention: Duration of business relationship plus 7 years

Your Rights: Access, rectification, erasure (subject to legal requirements)

15. Data Protection by Design and Default

I implement data protection principles throughout my data processing activities:

Data Minimization: Collect only necessary data

Purpose Limitation: Use data only for stated purposes

Accuracy: Maintain accurate and up-to-date data

Storage Limitation: Retain data only as long as necessary

Integrity and Confidentiality: Implement appropriate security measures

Accountability: Demonstrate compliance with data protection principles

Version: 1.0

This Privacy Policy is written in clear, plain language to ensure transparency about how your personal data is processed. If you have any questions or concerns, please don't hesitate to contact me.