Natasha Cáceres

Legal

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy describes how natashacaceres.com (the “Site”) collects, uses, and protects personal data of visitors and users. It is drafted to comply with Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 on Data Protection and Digital Rights (LOPD-GDD).

1. Data Controller

The data controller is Natasha Cáceres, operating as a self-employed professional registered in Spain.

  • Name: Natasha Cáceres
  • Address: Gran Via de les Corts Catalanes, 08013, Barcelona, Spain
  • Email: caceresg.natasha@gmail.com

2. What Personal Data We Collect

We collect personal data in the following situations:

  • Contact forms: name, email address, organisation, role, project details, and any message content you voluntarily submit.
  • Course enrolments: name, email, professional background when you enrol in any Open Finance Academy course.
  • Navigation data: IP address, browser type, device information, pages visited, and session duration, collected via analytics cookies.
  • Cookies: see our Cookie Policy for full detail.

3. Purposes of Processing

  • Respond to inquiries submitted through contact or advisory request forms.
  • Deliver courses, educational materials, and related communications you have enrolled in.
  • Send occasional updates about new research, articles, or offerings, with your explicit consent.
  • Analyse site usage to improve content and user experience.
  • Comply with legal, accounting, and tax obligations.

4. Legal Basis for Processing

We rely on the following legal bases (Article 6 GDPR):

  • Consent — for newsletter subscriptions and non-essential cookies.
  • Performance of a contract — for course delivery and consulting engagements you have requested.
  • Legal obligation — for tax and invoicing records retained under Spanish law.
  • Legitimate interest — for responding to inquiries and improving our services.

5. Data Retention

Personal data is kept only as long as necessary for the purposes described. Contact-form messages are kept for up to 24 months. Course enrolment data is kept for the duration of the commercial relationship plus the legally required period for tax records (6 years under Spanish law). Analytics data is anonymised or deleted after 14 months.

6. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (right to be forgotten) where applicable.
  • Restrict processing under certain circumstances.
  • Object to processing based on legitimate interest.
  • Data portability in a structured, machine-readable format.
  • Withdraw consent at any time without affecting lawfulness of prior processing.
  • Lodge a complaint with the Spanish Data Protection Agency (AEPD, http://www.aepd.es).

To exercise any of these rights, email caceresg.natasha@gmail.com with a copy of identification. We respond within 30 days.

7. Data Sharing and International Transfers

We do not sell personal data. Data may be processed by trusted third-party providers acting as processors on our behalf, including the website host (Automattic Inc. — WordPress.com) and email delivery tools. Some of these providers are based in the United States and operate under appropriate GDPR safeguards, including Standard Contractual Clauses and, where applicable, EU–U.S. Data Privacy Framework certification.

8. Security

We apply reasonable technical and organisational measures to protect personal data, including HTTPS encryption, access controls, and regular security updates provided by the hosting platform.

9. Updates to This Policy

This Privacy Policy may be updated to reflect changes in law or operations. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated where feasible.

10. Contact

For any question regarding this Privacy Policy or the processing of your personal data, contact: caceresg.natasha@gmail.com