PRIVACY

Privacy Policy

Last reviewed: 4 June 2026.

LAST REVIEWED

Privacy Policy

Last reviewed: 4 June 2026.

This Privacy Policy explains how Ioana Vărzaru collects and uses personal data when you visit ioanavarzaru.com, contact the studio, select a course, pay with Mollie, or request a manual invoice.

Business entity: FirstClass SRL, Avenue des Heros 23, 1160 Bruxelles, Belgium. VAT: BE0675726744.

CONTROLLER

Who is responsible for your data

Data controller: FirstClass SRL, Avenue des Heros 23, 1160 Bruxelles, Belgium. VAT: BE0675726744.

Contact: contact@ioanavarzaru.com.

If a data protection officer is appointed in the future, their contact details will be added to this page.

DATA WE COLLECT

Personal data we collect

We collect only the data needed to answer requests, manage course enrollment, handle payments, issue invoices, and run the website.

  • Contact formName, email address, selected inquiry type, message content, language, and basic anti-spam/request metadata such as user agent and referrer.
  • Checkout selectionSelected course, selected price variant, voucher code if used, and language. This selection is stored in your browser localStorage so you can continue checkout.
  • Mollie online paymentFull name, email, optional phone, optional note, selected course, price, voucher details, payment status, Mollie payment ID, and transaction metadata. Full card or bank details are handled by Mollie and are not stored by this website.
  • Manual invoice requestFull name, email, optional phone, selected course, requested invoice amount, deposit and remaining balance, billing identity, company name and VAT/tax number if provided, country, billing address, installment interest, note, and request metadata.
  • Transactional emailsEmail address, subject, message content, delivery status, Resend message ID, and related order or invoice request reference.
  • Admin accessIf you are an authorized website administrator, Payload may process account and session data required to secure the admin area.
WHY WE USE IT

Purposes and legal bases

  • Responding to inquiriesWe use contact form data to reply to your request. The legal basis is your request before a possible contract and our legitimate interest in handling messages.
  • Course enrollment and customer supportWe use checkout, order, and invoice request data to process your course request, confirm payment status, communicate practical details, and provide course support. The legal basis is contract or steps before a contract.
  • Invoices, accounting, and taxWe use order, payment, and billing data to issue invoices, reconcile payments, and meet Belgian accounting and tax obligations. The legal basis is legal obligation.
  • Security and fraud preventionWe use basic request metadata, Mollie status data, anti-spam controls, and admin access controls to protect the site and payments. The legal basis is legitimate interest and, where applicable, legal obligation.
  • Consent-based processingWhere we ask for consent, such as non-essential tracking added in the future, you may withdraw it at any time.

We do not sell personal data and we do not use automated decision-making or profiling for course enrollment.

PAYMENTS

Mollie and invoice requests

Online payment is available only for full payment through Mollie. Mollie receives the payment and transaction information needed to process the payment, prevent fraud, comply with legal obligations, and provide its payment services. Mollie may act as an independent controller for payment transaction data and as processor for certain services.

Manual invoice requests are reviewed by Ioana. Submitting an invoice request does not confirm enrollment. Enrollment is confirmed only after the deposit or full payment has been received and recorded.

SHARING

Who receives personal data

We share personal data only where needed to run the website, process payments, send transactional emails, and comply with legal obligations.

  • MolliePayment provider for online full payments and payment reconciliation. Mollie privacy information is available at mollie.com/privacy.
  • ResendTransactional email provider used for payment confirmations, invoice request receipts, internal notifications, and contact form notifications. Resend stores customer data in the United States and provides a DPA with Standard Contractual Clauses.
  • Website hosting and database providerProduction hosting, database, and server providers used to operate the website. The exact production provider must be confirmed before launch.
  • Payload CMS administratorsAuthorized administrators can access orders, invoice requests, contact messages, email logs, vouchers, and course data as needed for operations.
  • Accountant or bookkeeperBilling, invoice, and payment records may be shared for accounting, VAT, tax, and legal compliance.

If personal data is transferred outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses, an adequacy decision, or another lawful transfer mechanism must apply.

RETENTION

How long we keep data

  • Contact form messagesNormally up to 24 months after the last interaction, unless the message becomes part of a booking, dispute, or legal record.
  • Orders, payments, invoices, and accounting recordsNormally 10 years from the legally relevant accounting date, in line with Belgian accounting and VAT retention obligations.
  • Invoice requests that do not become paid enrollmentsNormally up to 24 months after the last interaction, unless needed for a dispute, legal claim, accounting, or fraud prevention.
  • Transactional email logsNormally up to 24 months, unless the email is needed as evidence for accounting, payment, support, or a legal dispute.
  • Browser storageCart, voucher, dismissed event card, quiz, and theme preferences stay in your browser until you clear them or the website replaces them.
COOKIES AND STORAGE

Cookies, localStorage, and analytics

The public website currently uses essential browser storage for requested functions such as keeping your checkout selection, voucher code, dismissed event card, quiz state, and theme preference. This storage is needed for the service or interface you request.

No analytics or marketing tracking provider is currently identified in the codebase. If analytics, advertising pixels, embedded marketing tools, or other non-essential trackers are added later, this policy must be updated and a valid consent mechanism must be implemented before those trackers run.

Mollie may use its own cookies or similar technologies on Mollie-hosted payment pages according to Mollie policies.

YOUR RIGHTS

Your GDPR rights

Subject to legal conditions and retention obligations, you may ask to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete personal data where retention is no longer required.
  • Restrict or object to certain processing.
  • Receive a portable copy of data you provided.
  • Withdraw consent where processing is based on consent.

Contact contact@ioanavarzaru.com to exercise your rights. We normally respond within one month. You may also lodge a complaint with the Belgian Data Protection Authority: dataprotectionauthority.be.

SECURITY

How we protect data

We use reasonable technical and organizational measures such as HTTPS, limited admin access, secure service providers, and operational access controls.

No internet service can guarantee absolute security. If a personal data breach occurs and notification is legally required, affected people and the competent authority will be informed according to GDPR requirements.

CHILDREN

Children

The courses and services are intended for adults. We do not knowingly collect personal data from minors for course enrollment.

CONTACT

Questions

For questions about this policy or your personal data, contact: contact@ioanavarzaru.com.