Privacy Policy

Privacy Policy

Cristina Girleanu | cristinagirleanu.com

Last updated: May 2026

 

1. Who I Am

I am Cristina Girleanu, a certified RTT® Practitioner, Spirit Release Facilitator, and Rahanni Celestial Healer operating as a sole practitioner based in Ljubljana, Slovenia.

 

Website: cristinagirleanu.com

Email: info@cristinagirleanu.com

 

I am the data controller for all personal data collected through this website. This means I am responsible for deciding how and why your personal data is collected, stored, and used.

 

2. What This Policy Covers

This Privacy Policy explains:

  • What personal data I collect from you
  • Why I collect it and the legal basis for doing so
  • How I use it
  • How long I keep it
  • Who I share it with
  • Your rights under GDPR
  • How to contact me with questions or requests

 

This policy applies to all data collected through cristinagirleanu.com, including through booking forms, intake forms, freebie download forms, quiz forms, and any direct email communication.

 

3. What Data I Collect

 

3.1 Data you provide directly

When you book a session, download a freebie, complete a quiz, or contact me, I may collect:

  • Your first and last name
  • Your email address
  • Your location — country, city, street address and house number (required for Spirit Release sessions, where the clearing of your primary living space is included as standard)
  • Your date of birth (on intake forms)
  • Health and wellbeing information you share on intake and assessment forms
  • Information about your current life circumstances, patterns, and goals that you share voluntarily
  • Feedback and testimonials you choose to provide

 

3.2 Data collected automatically

When you visit cristinagirleanu.com, standard technical data may be collected automatically, including:

  • Your IP address
  • Browser type and version
  • Pages visited and time spent on the website
  • Referring website

 

This data is collected through cookies and standard website analytics. Please see Section 9 (Cookies) for more information.

 

3.3 Special category data

Health and wellbeing information — including information about mental health, emotional wellbeing, and physical health — is classified as ‘special category data’ under GDPR and is treated with the highest level of care and protection.

This data is collected only because it is necessary for the delivery of the services you have requested, and only with your explicit consent provided through the intake form process.

 

4. Why I Collect Your Data and the Legal Basis

 

Under GDPR, I must have a legal basis for processing your personal data. The legal bases I rely on are:

 

4.1 Contract performance

When you book a session or purchase a service, I process your data because it is necessary to deliver the service you have paid for. This includes:

  • Preparing for and conducting sessions
  • Delivering session reports, recordings, and programme materials
  • Sending session-related communications and check-ins
  • Processing payments and managing bookings
  • Using your address to conduct the energetic clearing of your primary living space as part of Spirit Release sessions

 

Using your address to conduct the energetic clearing of your primary living space as part of Spirit Release sessions

 

4.2 Legitimate interests

I process some data based on legitimate interests — where processing is necessary for the reasonable operation of my practice and does not override your rights. This includes:

  • Sending your quiz or freebie result immediately after you request it
  • Responding to direct enquiries you send to me
  • Maintaining basic records for professional purposes

 

4.3 Consent

Where I send marketing communications — including follow-up email sequences after quizzes or freebies — I do so only with your explicit consent, given through a clearly labelled checkbox on the relevant form.

You can withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting me directly. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

 

4.4 Legal obligation

In limited circumstances I may be required to process or disclose your data to comply with a legal obligation — for example, if required to do so by a court or regulatory body.

 

5. How I Use Your Data

 

Your data is used only for the purposes for which it was collected:

 

  • To deliver the service you have booked or requested
  • To send you your session report, personalised recording, and programme materials
  • To send you check-in emails and follow-up communications related to your session
  • To send you the freebie or quiz result you requested
  • To send you follow-up email sequences where you have given consent
  • To respond to questions or concerns you contact me about
  • To improve the website and understand how it is used (anonymized analytics only)

 

I do not use your data for automated decision-making or profiling.

I do not sell your data to any third party.

I do not use your data for advertising purposes.

 

6. How Long I Keep Your Data

 

I retain your data only for as long as necessary for the purposes for which it was collected:

 

  • Active client records: retained for the duration of our working relationship plus 3 years
  • Address data collected for Spirit Release purposes is deleted following delivery of the Spirit Release report, unless you are an ongoing client.
  • Session notes and intake forms: retained for 3 years following the last session
  • Email marketing records (consent and unsubscribe records): retained for 5 years as required by GDPR accountability obligations
  • Basic financial records: retained for 7 years as required by Slovenian tax law
  • Website analytics data: retained for 26 months

 

After the applicable retention period, your data is securely deleted.

 

7. Who I Share Your Data With

 

I do not sell, rent, or trade your personal data. I share data only with the following categories of third-party service providers, and only to the extent necessary to deliver my services:

 

Email delivery platforms (Mailchimp)

Used to deliver email sequences and communications. Your name and email address are stored on Mailchimp’s servers. Mailchimp is GDPR-compliant and certified under the EU-US Data Privacy Framework. You can review Mailchimp’s privacy policy at mailchimp.com/legal/privacy.

 

Website platform (WordPress / hosting provider)

Your data submitted through website forms is processed through WordPress and stored on the website’s hosting server. The hosting provider is contractually required to maintain appropriate security standards.

 

Booking and payment systems

Payment processing is handled by a third-party payment provider. I do not store your payment card details. The payment provider is responsible for the security of your payment information.

 

Spirit Release sessions

Spirit Release sessions are conducted in collaboration with a Spirit Release medium. In the course of this collaboration, your first name and the general nature of the work may be shared with the medium. No sensitive personal data beyond what is necessary for the session is shared. The medium is bound by confidentiality.

 

Professional supervision

As part of maintaining professional standards, I may discuss session work in supervision. All such discussions are anonymized — no identifying information about you is shared.

 

All third parties with whom I share data are required to handle it in accordance with GDPR and applicable data protection law.

 

8. International Data Transfers

Some of the third-party service providers I use (including Mailchimp) are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, I ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or certification under an approved framework such as the EU-US Data Privacy Framework.

 

9. Cookies

 

cristinagirleanu.com uses cookies — small text files stored on your device — to make the website function correctly and to understand how it is used.

 

The types of cookies used on this website:

 

Essential cookies

Required for the website to function. These cannot be disabled. They include cookies that remember your preferences within a session.

 

Analytics cookies

Used to understand how visitors use the website (pages visited, time on site, etc.). This data is anonymized and aggregated. No individual is identified.

 

You can control and manage cookies through your browser settings. Disabling cookies may affect the functionality of the website.

 

10. Your Rights Under GDPR

 

As a data subject under GDPR, you have the following rights:

 

Right of access

You have the right to request a copy of the personal data I hold about you.

 

Right to rectification

You have the right to request that I correct any inaccurate or incomplete personal data I hold about you.

 

Right to erasure (‘right to be forgotten’)

You have the right to request that I delete your personal data, where there is no compelling reason for me to continue processing it. Note that this right is not absolute — I may be required to retain certain data for legal or contractual reasons.

 

Right to restriction of processing

You have the right to request that I restrict how I use your data in certain circumstances.

 

Right to data portability

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

 

Right to object

You have the right to object to processing based on legitimate interests. I will stop processing unless I can demonstrate compelling legitimate grounds that override your rights.

 

Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

 

Right to lodge a complaint

If you believe I have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec):

  • Website: ip-rs.si
  • Email: gp.ip@ip-rs.si
  • Telephone: +386 1 230 97 30

 

To exercise any of your rights, please contact me at [insert your email address]. I will respond within 30 days.

 

11. Data Security

I take the security of your personal data seriously. Appropriate technical and organizational measures are in place to protect your data against unauthorized access, loss, destruction, or alteration. These include:

  • Secure password management
  • Use of HTTPS on the website
  • Limiting access to personal data to only what is necessary
  • Using GDPR-compliant third-party service providers

 

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, I will notify you and the relevant supervisory authority as required by GDPR.

 

12. Children’s Data

My services are intended for adults only. I do not knowingly collect personal data from anyone under the age of 18. If you believe I have inadvertently collected data from a minor, please contact me immediately and I will delete it.

 

13. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in my practice, the services I offer, or applicable law. The most current version will always be available at cristinagirleanu.com/privacy-policy.

The date of the most recent update is displayed at the top of this document. Where changes are significant, I will notify active clients by email.

 

14. Contact

For any questions about this Privacy Policy, or to exercise your data rights, please contact:

 

Cristina Girleanu

cristinagirleanu.com

Email: info@cristinagirleanu.com

 

Visited 1 times, 1 visit(s) today