Privacy Policy

Privacy Policy

Last updated: June 2026

1. Data Controller

Francesca De Paolis
Email: [email protected]
Website: italianowithfrancesca.com

2. Data We Collect and Why

Email address and name — collected when you subscribe to the newsletter or book a lesson. Used to manage your bookings and send the newsletter you opted into.
Legal basis: performance of a contract (bookings) / consent (newsletter).

Payment data — processed exclusively and securely by Stripe. We never store card details on our servers. Stripe's privacy policy applies to payment data.

Usage data — basic technical data (cookies for authentication and language preference) used solely to operate the site. No advertising or tracking cookies are used.

3. Data Retention

Booking and payment data: retained for 5 years to comply with fiscal obligations.
Newsletter subscription: retained until you unsubscribe.
Level test responses: not stored beyond the session.

4. Your Rights (GDPR Art. 15–22)

You have the right to access, rectify, erase, restrict processing of, and obtain portability of your personal data, as well as the right to object to processing.
To exercise any of these rights, email: [email protected]

You also have the right to lodge a complaint with your national data protection authority. In Spain: aepd.es. In Italy: garanteprivacy.it.

5. Third-Party Processors

We use the following sub-processors, each bound by their own privacy policies:

• Stripe — payment processing (stripe.com/privacy)
• Brevo — email delivery (brevo.com/legal/privacypolicy)
• Google Calendar / Meet — lesson scheduling (policies.google.com/privacy)
• Firebase / Firestore — data storage (firebase.google.com/support/privacy)
• Cloudflare — hosting and security (cloudflare.com/privacypolicy)

6. International Transfers

Some of our processors (Google, Stripe, Cloudflare) may transfer data outside the EEA. These transfers are protected by Standard Contractual Clauses approved by the European Commission.