Privacy Policy

Last updated: June 2026

In the kind of customer experience I design for brands and organisations, trust is the foundation. So when you visit my website or interact with me, whether you request the diagnostic, write to me or simply explore the content, you have the right to know exactly what data I collect, what I use it for and how I protect it.

This document is my public commitment: clear, legal and without small print.

1. Who is behind this website

This website is my professional home, and I operate it personally. "Elena Marcelle" is the name I work, write and publish under. For legal purposes, here is exactly who answers for this site:

• Owner / Service provider: Elena Marcelle Hernandez Matos, independent professional

• Enterprise / VAT number: BE 1022.077.716

• Registered address: Rue du Noyer 57, 1000 Brussels, Belgium

• Email: contact@elenamarcelle.com

• Phone: +32 492 72 39 58

• Main domain: www.elenamarcelle.com

2. What data do I collect, and where does it come from

This website is deliberately light on data. There are no accounts, no payment processing and no newsletter sign-up hosted on this site. What I may process:

• Identification and contact data: name, email address, phone, organisation and role.

• Professional data: if you act on behalf of an organisation.

• Email communications data: if you become a contact, your email address and interaction with my communications will be managed through Hostinger's email marketing service.

• Technical data: IP address, browser, device and analytics data via cookies (see the Cookie Policy).

Important: I do not request sensitive data (health, beliefs, etc.). If a specific project ever required it, I would ask for your explicit consent and apply reinforced security measures.

3. What I use your data for, and for how long

• Responding to enquiries (including diagnostic requests). Legal basis: legitimate interest. Retention: 12 months.

• Delivering professional services. Legal basis: performance of a contract. Retention: duration of the engagement plus 10 years (legal and tax obligations).

• Sending professional communications by email. Legal basis: consent — you can unsubscribe at any time. Retention: until you unsubscribe, or 24 months without interaction.

• Web analytics. Legal basis: consent. Retention: as set out in the Cookie Policy.

• Security and fraud prevention. Legal basis: legitimate interest or legal obligation. Retention: as long as necessary.

About the newsletter: CX as Strategy is published and managed on LinkedIn. Subscribing happens entirely on LinkedIn, under LinkedIn's own terms and privacy policy. This website does not collect or store newsletter subscriber data.

4. Who else sees your data, and under what conditions

In line with the GDPR's transparency principles, these are the providers I currently use. All of them comply with data protection law and, where located outside the European Economic Area (EEA), apply Standard Contractual Clauses approved by the European Commission or equivalent safeguards. This list is updated whenever I add or replace a provider.

Hosting and email

• Hostinger International Ltd. — website hosting and email marketing. 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. Privacy policy: https://www.hostinger.com/privacy

Analytics and search

• Google (Google Analytics, Google Tag Manager, Google Search Console) — web analytics, tag management and search performance. Privacy policy: https://policies.google.com/privacy · GDPR resources: https://cloud.google.com/security/gdpr/resource-center

Professional network

• LinkedIn — professional network and newsletter platform. Where you interact with LinkedIn through links on this site, LinkedIn acts as an independent controller. Privacy policy: https://www.linkedin.com/legal/privacy-policy

In specific cases, I may use tools not listed here if they are the better option for a given task. If that happens and the use involves processing personal data, I will notify the users, clients or participants concerned beforehand.

5. International transfers

Some providers process data outside the EEA. In those cases, transfers only take place where the European Commission has issued an adequacy decision for the country concerned, or where the provider applies Standard Contractual Clauses (SCCs) or equivalent safeguards recognised by the GDPR. Currently, this applies to Google LLC (United States) for Analytics, Tag Manager and Search Console.

6. Your rights

You can ask me at any time to:

• Access your data — know what personal data is being processed, where it came from, who it has been shared with and for what purpose.

• Rectify your data — correct or update inaccurate or incomplete data.

• Erase your data ("right to be forgotten") — where it is no longer necessary for the purposes it was collected for, or where you withdraw your consent.

• Object to or restrict processing — for reasons related to your particular situation, or while accuracy or a complaint is being resolved.

• Data portability — receive your data in a structured electronic format and, where technically possible, have it transmitted to another controller. Applies to automated processing based on consent or contract.

• Withdraw your consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise these rights, write to contact@elenamarcelle.com with the subject line "GDPR rights request". I will respond within a maximum of 30 calendar days. If the request is complex, I will let you know within that first month, and the deadline may be extended by up to two further months in line with the GDPR. I may ask for additional information or proof of identity solely to verify that you are the data subject.

Your rights are yours, and you can exercise them at any time. Bear in mind that I may sometimes need to keep certain information to comply with the law or with a commitment already underway. You can also lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit): https://www.dataprotectionauthority.be/citizen

7. Security

I protect your information with technical and organisational measures: HTTPS, two-factor authentication, encrypted backups and periodic access reviews.

8. Confidentiality

Your data is part of your story, and like every story that matters, it deserves care and confidentiality. I will not share it with third parties beyond the cases described here, or where the law requires it.

Your privacy is not negotiable.

9. Links to third-party websites

I sometimes link to other websites or tools to complete the experience, but I cannot take responsibility for what happens there. Each site has its own rules and its own way of handling information. Before leaving your data on any external website, I invite you to read its privacy policy and make sure you agree with how it looks after your data.

10. Protection of minors

My services and content are intended for people over 18. If you are a minor, you need the authorisation of your parents or legal guardians to provide any personal data on this website. I have no mechanism to verify each user's real age and cannot accept responsibility if this rule is not respected. If you believe a minor has provided personal data on this site without consent, please contact me so I can address it immediately.

11. Cookies

I use cookies to improve your experience and analyse how the site is used. Non-essential cookies are only activated if you accept them. You can manage them at any time through the Cookie Policy and the preference panel.

12. Changes to this policy

If I update this document, I will publish the new version with its revision date and, if the change is significant, I will let you know. If you have any questions about this policy or about how I handle your data, contact me at contact@elenamarcelle.com.