Skip to main content

GDPR Policies

Privacy policy – GDPR Compliance

Effective date: August 4, 2025

Clarissa Tarapanoff – Sustainability Consulting (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679).

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal data when you visit our website: https://tarapanoff-consulting.com.

If you have any questions or wish to exercise your data rights, you may contact our Data Protection Officer (DPO) at: clarissa@tarapanoff-consulting.com.

1. Who we are

Company name: Clarissa Tarapanoff – Sustainability Consulting
Website: https://tarapanoff-consulting.com
Contact email: clarissa@tarapanoff-consulting.com
Data Controller & DPO: Clarissa Tarapanoff

We are a consultancy specialized in sustainability and strategic alignment with the United Nations Sustainable Development Goals (SDGs). We support companies, organizations, and non-profit institutions in planning and implementing sustainable actions, fostering positive impact on both business and society.

2. What personal data we collect and why

We collect personal data for specific, legitimate, and explicit purposes. The following table outlines what we collect and how we use it:

Data type Purpose Legal basis (Article 6 GDPR)
Name, email, message content (contact forms or comments) To respond to inquiries or comments Consent (Art. 6.1.a)
IP address, browser type, operating system, device data To analyze website traffic and ensure security Legitimate interest (Art. 6.1.f)
Cookies and usage data To enhance user experience, analytics, remember user preferences Consent / Legitimate interest

We do not collect special categories of personal data (eg, health, religion, political opinion) without explicit consent.

3. Cookies

We use cookies and similar technologies for:

  • Session management;
  • Analytics and website improvement;
  • Storing user preferences (eg, comment author details).

You can manage cookie settings in your browser. For more detailed information, please refer to our [Cookie Policy] (if available).

4. Embedded content from third parties

Articles and pages on this site may include embedded content (eg, videos, images, forms, plugins). Such content behaves exactly as if you had visited the external website and may collect your data.

Examples:

  • Gravatar (profile image for comments)
  • Google Analytics
  • WordPress plugins

These third parties may collect personal data, set cookies, and monitor your interaction with embedded content.

5. Data sharing and processors

We do not sell or rent your personal data.

However, we may share your information with trusted third-party service providers that process data on our behalf and under our instructions. These may include:

  • Hosting services
  • Email delivery systems
  • Analytics tools
  • Security or anti-spam services

All processors are contractually bound to respect the GDPR and ensure appropriate data protection.

6. International data transfers

As our hosting or service providers may be based outside the European Economic Area (EEA), your data may be transferred to countries that do not offer an equivalent level of data protection.

When this happens, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs);
  • Adequacy decisions by the European Commission.

7. How long we retain your data

We retain your data only for as long as necessary to fulfill the purpose for which it was collected:

  • Comments and contact form submissions: indefinitely, unless a deletion request is made.
  • Cookies: up to 1 year or according to browser settings.
  • Analytics data: anonymized and stored as per service provider's policy.

You may request deletion of your personal data at any time (see section 9).

8. Your rights under GDPR

As a data subject, you have the following rights:

  • Right to access – know what personal data we hold about you.
  • Right to rectification – request correction of inaccurate or incomplete data.
  • Right to erasure – request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing – limit how we process your data.
  • Right to data portability – receive your data in a structured format or transmit it to another controller.
  • Right to object – to data processing based on our legitimate interests or for marketing purposes.
  • Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint – with a supervisory authority (eg, your local Data Protection Authority).

To exercise any of these rights, please contact: clarissa@tarapanoff-consulting.com

9. Data security

We use technical and organizational measures to protect your personal data, including:

  • SSL encryption (HTTPS);
  • Limited access controls;
  • Secure data storage and backups.

In the event of a data breach that may affect your rights and freedoms, we will notify you and the competent supervisory authority as required by the GDPR.

10. Automated decision-making

We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant impacts.

11. Changes to this privacy policy

We may update this policy from time to time to reflect legal, technical, or operational changes. When we do, we will review the “Effective Date” at the top and, if necessary, notify you through our website.

We encourage you to review this policy regularly.

12. Contact

Data Controller & DPO: Clarissa Tarapanoff
📧 Email: clarissa@tarapanoff-consulting.com
🌐 Website: https://tarapanoff-consulting.com