menu

Privacy Policy

Privacy Policy

Last updated: 09/09/2025
This website, helloitsmaria.pt, exists to present my portfolio and CV and to allow potential employers to contact me.
If you have any questions or wish to exercise your rights, please send email to: hello@bymaria.pt

1. Controller

  • Controller: Maria Moreira Barros

  • Contact: hello@bymaria.pt

  • Data Protection Officer: not applicable unless stated otherwise.

Legal framework: EU General Data Protection Regulation (GDPR) and Portuguese Law No. 58/2019.

2. Personal data I process

  • Contact by email: if you email me, I receive your email address, message and any attachments. I use this to reply and keep a record of communications.

  • Technical logs: my hosting provider may record IP address, date and time, pages visited and user agent for operation, security and troubleshooting.

  • Embedded content if used: pages may embed third party services such as YouTube, Vimeo, Figma or Behance. Those providers may collect data under their own policies.

  • Analytics via Site Kit: I use Site Kit by Google to connect this site to Google Analytics 4 (GA4). Analytics runs only with your consent in the EU.

I do not intentionally collect special category data. Please avoid sending sensitive information.

3. Purposes and legal bases

  • Replying to enquiries and managing communications. Legal basis: Article 6(1)(b) GDPR or Article 6(1)(f) GDPR legitimate interests.

  • Operating, securing and improving the site. Legal basis: Article 6(1)(f) GDPR legitimate interests.

  • Analytics when enabled. Legal basis: Article 6(1)(a) GDPR consent.

No automated decision making or profiling that produces legal or similarly significant effects.

4. Google Analytics 4 via Site Kit

  • GA4 helps me understand visits and page performance. With GA4, IP addresses are not stored. GA4 uses first-party identifiers and may set cookies such as _ga and _ga_*.

  • I use a consent banner. In the EU, GA4 only loads after you click Accept for analytics. If you refuse, analytics is not activated.

  • Data sharing with Google: Google processes analytics data to provide the service to me as a customer under its data protection terms.

5. Cookies

  • Strictly necessary: essential for the site to work.

  • Analytics: used only if you consent. Typical GA4 cookies include _ga and _ga_* with expiries up to 24 months.
    Third party embeds may set their own cookies. See their policies.

6. Recipients and processors

I use service providers for hosting and email and Google for analytics. They process personal data under my instructions and must apply appropriate safeguards. A detailed list is available on request.

7. Cookies and similar technologies

  • I do not use analytics or marketing cookies.

  • Only strictly necessary cookies may be used for basic functionality.

  • If you interact with embedded third party content, those services may set their own cookies. Please refer to their policies.

If I add analytics in the future, they will be off by default and will only run with your consent through a cookie banner.

8. International transfers

Some providers are outside the EEA. Transfers rely on adequacy decisions or the EU Standard Contractual Clauses plus additional safeguards where required. You may request copies of the relevant clauses.

9. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, objection to processing based on legitimate interests, data portability and to withdraw consent at any time. You can complain to the CNPD at www.cnpd.pt or to your local EEA authority. To exercise your rights, contact me at hello@bymaria.pt. I may ask for proof of identity if needed.

10. Security

I use HTTPS and reasonable technical and organisational measures to protect personal data. No system is perfectly secure but I work to reduce risk.

11. Changes to this Policy

I may update this policy to reflect legal or operational changes. The version in force is shown at the top.

12. Contacts

Email: hello@bymaria.pt