Privacy Policy

EstefiCreates.com

Effective Date: May 27, 2025  |  Last Revised: March 31st, 2026

Hey there! Thanks for stopping by EstefiCreates.com. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data in compliance with applicable international privacy laws, including:

  • GDPR (EU General Data Protection Regulation)
  • CCPA/CPRA (California Consumer Privacy Act / Privacy Rights Act)
  • PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act)

1. Who We Are

EstefiCreates.com is operated by Estefania Hernandez, based in Spain. You can contact us anytime at:

2. What Data We Collect

Personal data you provide

  • Your name and email address (when subscribing, contacting us, or filling in forms)
  • Any information you voluntarily share via forms or surveys

Automatic data collection

When you visit our site, we (or our third-party tools) may automatically collect:

  • IP address
  • Browser type and device information
  • Pages visited, time spent on pages, and click activity
  • Approximate location data

This data is collected via cookies and similar tracking technologies. See Section 7 for details.

3. How We Collect Data

We use the following trusted third-party services. Each may place cookies or similar tracking technologies on your device, and some transfer data outside the EU/EEA (see Section 9):

  • Google Analytics – visitor statistics and behaviour tracking (analytics cookies; transfers data to the US)
  • Jetpack – security, performance, and traffic insights (functional/analytics cookies)
  • OptinMonster – displaying forms and offers based on user behaviour (marketing/behavioural cookies; require consent)
  • MailerLite – managing email subscriptions and sending newsletters (transfers data to the US)
  • Yoast SEO – content optimisation for search visibility (no direct user tracking)

4. Why We Collect Data and Our Lawful Basis

Under GDPR, we are required to identify a lawful basis for each type of processing. Here is how we use your data and the legal ground we rely on:

  • Understanding how our content performs (analytics) – Lawful basis: Legitimate interest. We have a legitimate interest in understanding how visitors use our site to improve our content.
  • Sending newsletters and marketing emails – Lawful basis: Consent. We only send emails to people who have actively subscribed. You can withdraw consent at any time by unsubscribing.
  • Responding to enquiries and form submissions – Lawful basis: Legitimate interest / performance of a pre-contractual relationship.
  • Showing relevant offers via OptinMonster – Lawful basis: Consent (cookies are not loaded until consent is given).
  • Complying with legal obligations – Lawful basis: Legal obligation.

We do not sell your personal data.

5. How Long We Keep Your Data

We only keep your personal data for as long as necessary for the purposes described in this policy:

  • Email subscriber data: kept until you unsubscribe or request deletion.
  • Analytics data (Google Analytics): retained for 14 months (Google’s default setting).
  • Contact form submissions: deleted after 12 months.
  • Data required for legal compliance: retained for the period required by applicable law.

6. Your Privacy Rights

We will respond to all valid requests within 30 days, as required by applicable law. To exercise any of the rights below, email us at [email protected].

If you’re in the EU/UK (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict certain processing activities
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Request data portability (where processing is based on consent or contract)
  • Lodge a complaint with your local data protection authority. As we are based in Spain, the relevant authority is the Agencia Española de Protección de Datos (AEPD) – www.aepd.es

If you’re in California (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected and how it is used
  • Request the deletion of your personal data
  • Opt out of the sale or sharing of your personal information (we do not sell your data)
  • Not be discriminated against for exercising your privacy rights

If you’re in Canada (PIPEDA)

You have the right to:

  • Access your personal data
  • Request correction of inaccuracies
  • Withdraw consent for certain uses of your data

7. How We Protect Your Data

We use security best practices including SSL encryption, secure servers, and regular software updates. While no system is 100% foolproof, we do our best to keep your data safe.

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.

8. Cookies & Tracking Technologies

We use a consent management tool on our site. Non-essential cookies are not loaded until you have given your consent via our cookie banner. You can change or withdraw your consent at any time by clicking the cookie settings link in our website footer.

We use the following categories of cookies:

  • Strictly necessary cookies: Required for the site to function. These do not require consent and cannot be disabled.
  • Analytics cookies: Used by Google Analytics and Jetpack to understand how visitors use our site. These require your consent.
  • Marketing / behavioural cookies: Used by OptinMonster to display relevant offers based on your behaviour. These require your consent.

You can also control cookies via your browser settings and opt out of Google’s analytics tracking at any time via Google’s Ad Settings.

9. International Data Transfers

Some of our third-party service providers (including Google Analytics and MailerLite) transfer and process personal data outside the European Economic Area (EEA), including in the United States.

Where such transfers take place, we rely on appropriate safeguards approved by the European Commission — including Standard Contractual Clauses (SCCs) — to ensure your data receives an equivalent level of protection to that within the EEA.

10. Email Communications

We only send marketing emails to people who have actively opted in to our mailing list. Every marketing email we send includes an unsubscribe link so you can opt out at any time. You can also manage your preferences by emailing us at [email protected].

11. Third-Party Links

Our website may contain links to third-party websites (such as YouTube or affiliate partners). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before sharing any personal information with them.

12. Children’s Privacy

This website is not intended for children under the age of 16 (or under 13 in certain jurisdictions where a lower age applies). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

13. Policy Updates

We may update this policy to stay compliant with applicable law or to reflect changes in our practices. When we do, we will update the date at the top of this page.

For significant changes that materially affect how we process your personal data, we will notify active subscribers by email prior to the change taking effect.

14. Questions or Complaints?

If you have any questions about this policy or how we handle your data, please contact us:

Thanks for trusting us with your information. We’re committed to using it responsibly — and only for good.