Privacy Policy

1. Data controller

Catalina Within is the data controller for personal data processed through this website and related service communications.

For privacy requests, contact:

• hello@catalinawithin.com
• +1 929 222 6505
• Bucharest, Romania

2. Data we collect

We may collect the following categories of data:

• Identity and contact data (name, email address, phone number).
• Form-submission data (subject, message, wellness goals you choose to share).
• Website usage data (IP address, technical logs, visited pages, basic interactions).
• Transaction metadata (payment status, order reference), while full sensitive card details are not stored on our servers.

3. Data sources

Data is collected directly from you (forms, email, bookings) and, in a limited way, from technical tools used for security, functionality, and analytics.

4. Legal bases (GDPR)

For individuals in the EU/EEA, processing relies on one or more legal bases under GDPR Article 6:

• Contract performance and pre-contract steps (bookings, service communications).
• Consent (for example, marketing messages where consent is required).
• Legal obligations (tax/accounting records, compliance duties).
• Legitimate interests (security, abuse prevention, service improvement), balanced against your rights.

5. Processing purposes

Data is used to:

• Respond to inquiries and schedule sessions.
• Deliver contracted services and manage customer relationships.
• Process payments and administrative records.
• Maintain website security and prevent abusive or fraudulent use.
• Meet legal obligations and protect legitimate rights.

6. Data sharing with third parties

Data may be shared only where necessary with service providers (for example: email, hosting, payment processing, anti-abuse tools), public authorities, or professional advisers, within legal and contractual limits.

We do not sell personal data.

7. International data transfers

If data is transferred outside the EEA, we rely on appropriate legal safeguards (for example, European Commission Standard Contractual Clauses or, where available, an adequacy decision).

8. Retention periods

Data is retained only as long as needed for the stated purposes, contract performance, legal obligations (including tax/accounting), and defense of legal claims within applicable limitation periods.

9. Your EU/Romania rights

Under GDPR, you may have rights to:

• Access, rectify, and erase personal data where applicable.
• Restrict processing and object to certain processing activities.
• Data portability where processing is automated and based on consent or contract.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with ANSPDCP (Romanian data protection authority).

10. U.S. state privacy rights and CalOPPA notice

If you are a U.S. resident, you may have additional rights under state privacy laws (for example, California and other applicable states). We honor applicable rights where legally required.

For CalOPPA transparency, this policy describes categories of data collected, uses, third-party sharing, and how policy updates are communicated.

Browser "Do Not Track" signals are currently not processed through a uniform technical response on this website.

11. Cookies and similar technologies

The website may use essential cookies and, where applicable, functional or analytics cookies. You can manage choices through cookie-banner settings or browser controls.

12. Children’s data

Services are not directed to children under 13 (U.S.) or minors below the applicable legal age without parent/guardian involvement.

If you believe a child provided data without required authorization, contact us so we can delete it.

13. Data security

We apply reasonable technical and organizational measures to protect data against unauthorized access, loss, or misuse. No online system can guarantee absolute security.

14. Complaints and contact

We aim to handle privacy requests promptly.

For questions or rights requests, use the contact details above.