Privacy Policy – Tatiana Bakounine

Effective date: 1 December 2025

Website: https://tatianabakounine.com

This Privacy Policy explains how TatianaBakounine (“we”, “us”, “our”) collects, uses and protects your personal data when you visit tatianabakounine.com, use our chatbot, subscribe to our newsletter or otherwise interact with us.

We are established in the United Arab Emirates and comply with applicable data protection laws, including, where they apply, the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), and the UAE Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data (“UAE PDPL”). (GDPR)

Please read this Policy carefully to understand how we process your personal data.

1. Who is responsible for your data?

Data Controller

The data controller for processing carried out via this website is:

TatianaBakounine
United Arab Emirates
Email: info@tatianabakounine.com

If you have any questions about this Policy or how we handle your personal data, you can contact us at info@tatianabakounine.com.

Where GDPR applies to our processing of your personal data and we are required to appoint an EU/EEA representative under Article 27 GDPR, we will publish their contact details here and in our legal notices.

2. What personal data do we collect?

We may collect and process the following categories of personal data:

2.1 Data you provide directly

  • Identification and contact details
    • First and last name
    • Email address
    • Phone number
  • Health-related information (special category data)
    • Answers you provide to health-related questions in our chatbot or forms (for example, relevant background information to assess whether our services are suitable for you).
      These answers may include data concerning health, which is a special category of personal data under GDPR and requires additional protection.
  • Communication content
    • Messages you send us via email, contact forms, or chatbot
    • Your newsletter preferences and any feedback you voluntarily provide

2.2 Data we collect automatically

When you visit our website, we may automatically collect:

  • Device and browser information (e.g. IP address, browser type, operating system, device identifiers)
  • Usage data (pages visited, clicks, time on page, referring URLs)
  • Approximate location based on IP address

This information is typically collected using cookies and similar technologies through tools such as Google Analyticsand Microsoft Clarity.

2.3 Data from third parties

We may receive limited analytics information from:

  • Google LLC (Google Analytics)
  • Microsoft Corporation (Microsoft Clarity)

This is usually aggregated or pseudonymised data about how visitors use our website.

We do not collect or process:

  • Payment card data (we do not accept payments on this website)
  • Government ID numbers, unless you voluntarily provide them (which we discourage)

3. For what purposes and on what legal bases do we use your data?

Where GDPR applies, we must have a lawful basis for each processing purpose (Article 6 GDPR). For health-related information, we must also meet a special condition for processing under Article 9 GDPR.

3.1 Providing our services and responding to enquiries

Data used:
Name, email, phone number, communication content, relevant health-related information you choose to share.

Purposes:

  • To respond to your enquiries and support requests
  • To assess whether our services are appropriate for you
  • To communicate with you about our services

Legal bases (GDPR):

  • Article 6(1)(b) – Contract: processing necessary to take steps at your request before entering into a contract (e.g. responding to your enquiry, providing information about our services).
  • Article 6(1)(f) – Legitimate interests: our legitimate interest in running and improving our business and communicating with prospective clients, where your interests and rights do not override these.
  • Health data (special category):
    • Article 9(2)(a) – Explicit consent: we ask for your explicit consent before processing health-related information you provide to us via the chatbot or forms.

You can withdraw your consent to our processing of your health-related information at any time (see Section 9).

3.2 Health questions in the chatbot

Data used:
Your health-related answers and other information you provide in the chatbot.

Purposes:

  • To understand your situation at a high level in order to determine whether our services may be suitable for you
  • To provide tailored information or recommendations related to our services (not medical diagnosis or treatment)

Legal bases (GDPR):

  • Article 6(1)(b) and/or 6(1)(f) as described above.
  • Article 9(2)(a) – Explicit consent for any information concerning health.

We do not use this data for automated decisions that produce legal or similarly significant effects on you (see Section 8).

3.3 Newsletters and marketing communications

Data used:
Name, email address, preferences (e.g. topics you are interested in).

Purposes:

  • To send you newsletters, updates, and information about our services
  • To measure the performance of our email campaigns (for example, open and click rates)

Legal basis (GDPR):

  • Article 6(1)(a) – Consent: we send newsletters only if you have actively subscribed (e.g. by ticking a box or entering your email for this purpose).
    You can unsubscribe at any time by using the link in each email or by contacting us at info@tatianabakounine.com.

3.4 Website analytics and usage statistics

Data used:
IP address, device and browser information, usage data, cookies and similar identifiers; data processed via Google Analytics and Microsoft Clarity.

Purposes:

  • To understand how visitors use our website
  • To improve our content, design and user experience
  • To maintain the security and performance of the website

Legal bases (GDPR):

  • For strictly necessary cookies (e.g. security, essential site features):
    • Article 6(1)(f) – Legitimate interests in operating a secure and functional website.
  • For analytics and similar non-essential cookies in regions where consent is required (e.g. EEA/UK):
    • Article 6(1)(a) – Consent, obtained via our cookie banner or settings, where applicable.

We configure these tools to respect privacy principles such as data minimisation and limited retention where possible.

3.5 Retargeting and remarketing

Our website does not show third-party banner ads. However, we may use retargeting or remarketing tools (for example, via Google or social media platforms) to show you ads for our own services on other websites or platforms.

Data used:
Cookie identifiers, device identifiers, and limited information about your interaction with our website.

Purposes:

  • To display relevant ads about our own services to people who have previously visited our website

Legal basis (GDPR):

  • Article 6(1)(a) – Consent, where required (for example, for non-essential cookies and similar technologies in the EEA/UK).

You can usually manage your preferences for these tools via:

  • Our cookie banner/settings
  • Your browser settings
  • The privacy settings of the relevant platform (e.g. Google, Facebook, etc.)

3.6 Compliance, security and legal obligations

Data used:
Any of the categories listed above as necessary.

Purposes:

  • To secure our website, prevent fraud and abuse
  • To establish, exercise or defend legal claims
  • To comply with legal or regulatory obligations

Legal bases (GDPR):

  • Article 6(1)(c) – Legal obligation
  • Article 6(1)(f) – Legitimate interests (e.g. in protecting our business and legal rights)

For health data in this context, we may rely on Article 9(2)(f) (establishment, exercise or defence of legal claims), if applicable.

4. Cookies and similar technologies

We use cookies and similar technologies to:

  • Make our website function properly
  • Perform analytics and audience measurements
  • Enable retargeting/remarketing of our own services (where applicable)

When required, we will obtain your prior consent for non-essential cookies via a cookie banner or settings. You can change your preferences at any time through your browser settings or (where available) our cookie settings tool.

For more detailed information, we may provide a separate Cookie Policy linked from our website.

5. Who do we share your data with?

We share personal data only when necessary and only with appropriate safeguards in place. Typical categories of recipients include:

  • Hosting and infrastructure providers
    Companies that host our website and related IT systems.
  • Analytics providers
    • Google Analytics (Google LLC and/or its affiliates)
    • Microsoft Clarity (Microsoft Corporation and/or its affiliates)
  • Email and newsletter service providers
    Platforms used to manage email lists and send newsletters.
  • Professional advisers
    Such as lawyers, accountants, or consultants, where necessary.
  • Authorities and regulators
    Where we are legally required to do so (e.g. courts, supervisory authorities).

These third parties only process personal data on our instructions and are bound by contractual obligations to protect your data (data processing agreements or equivalent).

We do not sell your personal data.

6. International transfers of personal data

Because we are located in the United Arab Emirates and use global service providers (such as Google and Microsoft), your personal data may be processed in countries outside the European Economic Area (EEA) and outside the UAE, including countries that may not offer the same level of data protection as your home country.

Where GDPR applies and your data is transferred outside the EEA, we will ensure that an appropriate transfer mechanism is in place, such as:

  • An adequacy decision by the European Commission (where applicable), or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary safeguards where required.

Under UAE PDPL, we also ensure that cross-border transfers meet the legal requirements of that law, including appropriate safeguards and protections.

You can contact us for more information about international transfers relevant to your data.

7. How long do we keep your data?

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy, including to:

  • Provide our services
  • Comply with legal, accounting or reporting requirements
  • Resolve disputes and enforce agreements

In general, we follow these guidelines (which may be adjusted according to legal requirements):

  • Enquiries and communications:
    Up to 3 years after our last meaningful interaction, unless we need to keep them longer in relation to a legal claim.
  • Health-related information from the chatbot:
    Only for as long as necessary to evaluate suitability for services and, if you become a client, for the duration of our relationship and a reasonable period afterwards (for example, up to 5 years after our last interaction), unless a longer retention is required or permitted by law.
  • Newsletter data:
    Until you unsubscribe or your email address repeatedly bounces, plus a short period (usually up to 3 years) to demonstrate that we have complied with your request and with legal requirements.
  • Analytics data:
    In line with the retention periods offered by our analytics providers and configured by us (typically between 14 and 26 months in identifiable form), after which data may be aggregated or anonymised.

When data is no longer needed, we will delete or anonymise it.

8. Do we use automated decision-making or profiling?

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, within the meaning of Article 22 GDPR.

We may use limited profiling for:

  • Understanding which content or newsletter topics may be more relevant for you
  • Retargeting/remarketing our own services

This is done in a way that does not produce significant effects on you, and you can object to such processing at any time (see Section 9).

9. Your rights under GDPR and other applicable laws

Where GDPR applies, you have the following rights regarding your personal data:

  • Right of access – to obtain confirmation of whether we process your data and to access that data.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – to request deletion of your data in certain circumstances.
  • Right to restriction of processing – to request restriction of processing in certain cases.
  • Right to data portability – to receive your data in a structured, commonly used format and have it transmitted to another controller where technically feasible.
  • Right to object – to object to processing based on our legitimate interests or to direct marketing at any time.
  • Rights related to consent – where processing is based on your consent (including health data and newsletters), you may withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

To exercise these rights, please contact us at info@tatianabakounine.com. We may need to verify your identity before processing your request.

Complaints to a supervisory authority

If GDPR applies, you also have the right to lodge a complaint with your local data protection authority in the EU/EEA or with the relevant supervisory authority in the UK.

If you are located in the UAE, you may also have rights and remedies under the UAE PDPL and related regulations.

10. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure or destruction, in line with GDPR and UAE PDPL requirements.

These measures may include:

  • Access controls and authentication
  • Encryption and secure transmission (e.g. HTTPS)
  • Regular updates and security monitoring of our systems
  • Data minimisation and limited access based on role

However, no method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children’s data

Our website and services are not intended for individuals under 18 years of age, and we do not knowingly offer services to or collect personal data from persons under 18.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at info@tatianabakounine.com. We will take steps to delete such data where required.

12. Third‑party websites

Our website may contain links to third‑party websites or services. We are not responsible for the privacy practices of those third parties. We recommend that you review the privacy policies of any third‑party sites you visit.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities or in applicable laws.

When we do so, we will:

  • Update the “Effective date” at the top of this page, and
  • Take additional steps if required by law (for example, notifying you by email or via a notice on our website).

We encourage you to review this Policy periodically to stay informed about how we process your personal data.

14. How to contact us

If you have any questions, concerns or requests regarding this Privacy Policy or our use of your personal data, please contact us at:

Email: info@tatianabakounine.com

Important note:
This text is a general template based on the information you provided and public information about GDPR and UAE data protection law. It does not constitute legal advice. Before publishing it, you should have it reviewed and adapted by a qualified legal professional familiar with GDPR and UAE law and with your actual processes (for example, exact retention periods, analytics configuration, and any EU representative details).