Privacy Policy

Last updated: 2026-02-17  |  Version: 1.0

1. Who we are

Controller:
Laura Otto Solutions
Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands
Registration (KvK): 94716501
VAT: NL005104012B61

Website: https://lauraotto.nl
Privacy policy: https://lauraotto.nl/legal/privacy.html
Contact: lauraottosolutions@gmail.com

2. What personal data we process

Depending on how you use our website, we may process:

2.1 Contact form

When you submit the contact form, we process:

• name
• email address
• message content

Purpose: To respond to your inquiry.
Legal basis: Your consent (GDPR Art. 6(1)(a)).
Retention: We do not store your message on our servers. It is sent by email to our inbox. We retain email correspondence for up to 2 years after the last communication, after which we delete it.

2.2 AI Masterclass waitlist

When you join the AI Masterclass waitlist, we process:

• email address
• date of signup

Purpose: To notify you when the masterclass is ready and to offer an early-bird discount.
Legal basis: Your consent (GDPR Art. 6(1)(a)).
Retention: Until the masterclass launch + 1 year, or until you request deletion.
Storage: Your email is stored in Google Sheets. Google may process data outside the EEA; we rely on Standard Contractual Clauses. By signing up, you consent to this transfer.

2.3 Website usage and cookies

We process website usage data (server logs) for security and operation. We do not use analytics cookies, marketing cookies, or tracking technologies.

• Strictly necessary: Session and technical cookies required for the site to function. No consent required.
• Server logs: IP address, timestamp, request path. Processed under legitimate interest (GDPR Art. 6(1)(f)) for security and operation. Retention: 90 days.

If we introduce analytics or marketing cookies in the future, we will obtain your prior consent and update this policy.

3. Sharing with third parties

We share personal data only with service providers:

• Brevo (email delivery) – EEA-based (France)
• Google (Sheets API for waitlist) – US; Standard Contractual Clauses
• Railway (hosting)

Where required, we ensure appropriate data processing agreements or contractual safeguards are in place.

4. International transfers

Brevo processes data within the EEA. Google may process data in the US. For the waitlist, we rely on Google's Standard Contractual Clauses (SCCs). You consent to this transfer when you sign up.

5. Security

We implement appropriate technical and organisational measures (GDPR Art. 32), including TLS encryption in transit, access controls, and secure handling of credentials.

6. Your rights

Under the GDPR you have rights including access, rectification, erasure, restriction, objection, and data portability. To exercise your rights, contact us at lauraottosolutions@gmail.com.

7. Complaints

You have the right to lodge a complaint with your supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).

8. Changes

We may update this Privacy Policy. The latest version is always at https://lauraotto.nl/legal/privacy.html.

← Back to portfolio