Origin Blueprint | Kristina Manuel | Portfolio
top of page

General Data Protection Regulation (GDPR) Notice

General Data Protection Regulation (GDPR) Notice

Last Updated: March 13, 2026

This section applies to you if you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, and explains additional rights and information required under the General Data Protection Regulation (GDPR) and similar laws.

If this section conflicts with any other part of the Privacy Policy, this section prevails for individuals in these regions.

1. Data controller

For the purposes of GDPR, the data controller for personal data collected through this Site is:

Kristina Manuel
Website: kristinamanuel.com
Contact: via the “Contact Me” form on the Site

 

This means I decide how and why your personal data is processed in connection with this portfolio.

 

2. Types of personal data processed

Depending on how you use the Site, I may process the following categories of personal data:cookieyes+1

  • Identification and contact data: name, email address, and any other details you provide via the contact form or email (e.g., role, company, links to your portfolio or LinkedIn).

  • Communication content: the content of messages you send, including information about potential collaborations, consulting, or employment.

  • Technical and usage data: IP address, general location (city/region), device and browser type, pages visited, date/time of access, and basic log information generated by servers and security/analytics tools.

 

I do not intentionally collect special categories of personal data (such as health, religious beliefs, political opinions) through this Site and ask that you avoid submitting such information unless specifically requested and appropriate in context.

 

3. Purposes and legal bases for processing

Under GDPR, I must have a lawful basis for processing your personal data. I rely on the following:

  1. Performance of a contract or steps taken at your request prior to entering into a contract

    • Communicating with you about potential collaborations, consulting, speaking engagements, or employment.

    • Reviewing information you provide to decide whether to engage in a professional relationship.

  2. Legitimate interests

    • Operating and improving this Site as a professional portfolio.

    • Maintaining records of professional correspondence.

    • Ensuring security, detecting misuse, and protecting my rights and the rights of others.

    • Using basic analytics to understand how the Site is used, where this does not override your rights and freedoms.

  3. Consent

    • Where required for certain cookies/trackers or specific types of optional processing, I may rely on your consent (e.g., where a cookie banner is presented).termly+1

    • You can withdraw your consent at any time, as described below.

  4. Legal obligations

    • Complying with applicable laws, regulatory requirements, or responding to lawful requests from authorities.

 

4. Data retention

I keep your personal data only for as long as reasonably necessary for the purposes listed above, including:

  • Responding to your messages and maintaining professional correspondence.

  • Considering potential collaborations, consulting, or employment opportunities.

  • Meeting legal, accounting, and reporting obligations.

  • Ensuring security, preventing abuse, and resolving disputes.

 

After this, data is deleted, anonymized, or aggregated where appropriate, unless I am required by law to retain it longer.

 

5. Data recipients and international transfers

Your personal data may be shared with:

  • Service providers that help operate this Site (e.g., hosting, email services, basic analytics or form tools). These providers act as processors and process data on my instructions, under appropriate contractual safeguards.

  • Professional counterparts where we mutually agree to progress a collaboration, consulting engagement, or employment conversation and need to include additional stakeholders.

  • Public authorities or legal advisors where necessary to comply with law, enforce rights, or respond to legal claims.

 

Because I am based outside the EEA/UK, your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, I aim to rely on appropriate safeguards (such as the EU Standard Contractual Clauses or equivalent) or your explicit consent for specific transfers.

 

6. Your GDPR rights

Subject to applicable law and certain exceptions, you have the following rights in relation to your personal data:

  1. Right of access
    You can request confirmation of whether I process your personal data and obtain a copy of that data, along with related information.

  2. Right to rectification
    You can request correction of inaccurate data about you and completion of incomplete data.

  3. Right to erasure (“right to be forgotten”)
    You can request deletion of your personal data where, for example, it is no longer needed, you withdraw consent (where consent is the legal basis), or you successfully object to processing.

  4. Right to restriction of processing
    You can request that I temporarily restrict processing of your data, for example while verifying accuracy or the basis for processing.

  5. Right to object
    Where processing is based on legitimate interests, you can object at any time on grounds relating to your particular situation. I will stop processing unless I can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is needed for legal claims.

  6. Right to data portability
    In certain circumstances, you can receive personal data you provided in a structured, commonly used, machine‑readable format and request it be transmitted to another controller.

  7. Right to withdraw consent
    Where I rely on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

 

You are not required to pay a fee to exercise your rights, but I may charge a reasonable fee or refuse to act on a request that is manifestly unfounded, repetitive, or excessive, as allowed by law.

 

7. How to exercise your rights

To exercise any of the rights above, please contact me via the Contact Me form on the Site, clearly stating that your request is related to GDPR and specifying which right you wish to exercise.

I may need to verify your identity before responding (for example, by confirming the email address and details associated with past communications). I aim to respond within one month, though this period may be extended in complex cases, as permitted by law.

 

8. Automated decision‑making

I do not use your personal data for automated decision‑making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

 

9. Complaints to supervisory authorities

If you are located in the EEA, UK, or Switzerland and believe that my processing of your personal data violates GDPR or similar laws, you have the right to lodge a complaint with your local data protection authority.

You are welcome to contact me first so I can try to address your concerns directly.

Let’s connect and create impact together.

  • LinkedIn
  • Alignable
  • Facebook
  • Tumblr - Boardrooms to Backroads
  • Instagram
  • Pinterest
  • X
  • Threads
  • Youtube
  • Spotify
  • TikTok

FAQ

Privacy Policy

California Consumer Privacy Act (CCPA)

General Data Protection Regulation (GDPR) Notice

Legal & Terms

© 2026 by Kristina Manuel

bottom of page