Mirela Curiman

Legal

Privacy policy.

Last updated: 14 May 2026

In one paragraph

mirelacuriman.com is the personal practice of Mirela-Loredana Curiman, an independent Fractional CMO based in Amsterdam. The site is built to respect your privacy by default: no advertising cookies, no third-party trackers, no behavioural profiling. The only data processed is what you intentionally send (an email or a booking) and the strictly-necessary local storage that remembers your cookie preference.

Who is the data controller?

Mirela-Loredana Curiman, Amsterdam, Netherlands. Contact: mirelacuriman@proton.me.

What data is collected, and why

  • Contact form / email: the name, email, organisation and message you send. Used only to reply to your enquiry. Lawful basis: legitimate interest and pre-contractual contact (GDPR Art. 6(1)(b) / (f)).
  • Calendar booking (cal.eu): when you book a call viacal.eu/mirelacuriman, Cal.com (Cal.com Inc., processor) handles your name, email and chosen time. See cal.com/privacy.
  • Email delivery (Proton): messages are received in ProtonMail (Proton AG, Switzerland), end-to-end encrypted at rest.
  • Local storage: a single key (mc-cookie-consent-v1) remembers your cookie-banner choice. No personal data.
  • Google Analytics 4 (Google Ireland Ltd., processor): loaded only after you explicitly accept analytics in the cookie banner. Used to understand aggregated traffic patterns (pages viewed, country, device class) so the site can be improved. IP addresses are anonymised. No advertising features, no cross-site profiling, no Google Signals. Lawful basis: consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by clearing site data or re-opening the cookie preferences.
  • Google Search Console (Google Ireland Ltd.): uses a static <meta name="google-site-verification">tag to prove domain ownership. It does not set cookies, does not run JavaScript and does not collect visitor data — Search Console only reports on how Google's crawler sees the site.
  • Hosting logs: the hosting platform may keep short-lived technical request logs (IP, user-agent, timestamp) for security and abuse protection. Not used for analytics or profiling.

What is NOT done

  • No advertising or marketing cookies.
  • No Meta Pixel, TikTok pixel, LinkedIn Insight tag or behavioural advertising trackers.
  • No selling, renting or sharing of contact data with third parties.
  • No automated decision-making or profiling.

How long data is kept

Enquiry emails are retained while the conversation or engagement is active and for up to 24 months afterwards, then deleted on request or as part of routine cleanup. Invoicing data is retained for the statutory 7 years required by Dutch tax law.

Your rights (GDPR)

You have the right to access, rectify, erase, restrict, port or object to the processing of your personal data, and to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). To exercise any of these rights, email mirelacuriman@proton.me — requests are answered within 30 days.

International transfers

Proton (Switzerland) operates under an EU adequacy decision. Cal.com may process data outside the EEA under Standard Contractual Clauses. Hosting infrastructure runs in the EU where possible.

Security

See the responsible disclosure policy for how to report a vulnerability.

Changes

Material changes to this policy will be reflected by an updated "Last updated" date at the top of this page.