Back to Site Garrett Advisory LLC

Last updated: June 2026

Privacy Policy

1. Controller Information

The responsible party (controller) for data processing on this website is:

Garrett Advisory LLC

7901 4th St N Ste 300

St. Petersburg, FL 33702

United States of America

Email: leonie@garrettadvisory.com

2. Collection and Processing of Personal Data

We process personal data only to the extent necessary to provide a functional website and our services. Personal data means any information relating to an identified or identifiable natural person.

When you visit our website, the following data is automatically collected by our web server:

  • IP address (anonymized)
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Volume of data transferred
  • Website from which the request originates (referrer)
  • Browser type, version, and operating system

This data is processed for the purpose of ensuring the security and stability of the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

3. Contact Form & Email Communication

When you contact us via email or contact form, the data you provide (name, email address, message content) will be stored and processed for the purpose of handling your inquiry and any follow-up communication. The legal basis is Art. 6(1)(b) GDPR (contractual necessity / pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

This data will be deleted once it is no longer required for the purpose for which it was collected, unless statutory retention obligations apply.

4. Blog & Admin System

Our blog system uses Supabase for authentication and data storage. Blog posts and associated metadata are stored on Supabase servers. No personal reader data is collected beyond what is technically necessary to display the blog content.

Administrator login credentials are protected via Supabase Auth with encrypted password storage. We do not share administrator data with third parties.

5. Cookies & Tracking Technologies

This website uses the following categories of cookies:

Essential Cookies

Necessary for the website to function properly. These include session storage for authentication and localStorage for blog data. These do not require consent under GDPR Art. 6(1)(f).

Functional Cookies (Google Fonts)

We load fonts from Google Fonts CDN (fonts.googleapis.com). Google may collect usage data. You can manage this preference in our cookie settings.

CDN & External Resources

We use Tailwind CSS CDN and esm.sh for JavaScript module delivery. These services may log requests for security purposes. Images are served from Unsplash and Google Cloud Storage.

See our Cookie Policy for details on managing your preferences.

6. Third-Party Services

Supabase

Backend infrastructure for blog and authentication. Data stored on Supabase servers. Supabase Privacy Policy.

Google Fonts

Typography delivery. Google may process IP addresses. Google Privacy Policy.

LinkedIn

Links to LinkedIn profiles are provided. Clicking these links directs you to LinkedIn, which operates under its own privacy policy.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access — Art. 15 GDPR: You may request information about your personal data processed by us.
  • Right to Rectification — Art. 16 GDPR: You may request correction of inaccurate personal data.
  • Right to Erasure — Art. 17 GDPR: You may request deletion of your data ("right to be forgotten").
  • Right to Restriction — Art. 18 GDPR: You may request restriction of processing.
  • Right to Data Portability — Art. 20 GDPR: You may receive your data in a structured, machine-readable format.
  • Right to Object — Art. 21 GDPR: You may object to processing based on legitimate interests.
  • Right to Withdraw Consent — Art. 7(3) GDPR: You may withdraw consent at any time.
  • Right to Lodge a Complaint — Art. 77 GDPR: You may file a complaint with a supervisory authority.

8. Data Security

We implement technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments. All data transmission is encrypted via TLS (HTTPS).

9. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Server logs are retained for a maximum of 30 days. Communication records are deleted after the inquiry has been fully resolved, unless legal retention obligations apply.

10. International Data Transfers

Our website is hosted on Netlify (USA) and uses Supabase (USA) for backend services. Both providers participate in the EU-US Data Privacy Framework and offer Standard Contractual Clauses (SCCs) to ensure adequate protection for international data transfers under GDPR Chapter V.

11. California Privacy Rights (CCPA/CPRA)

This section applies to residents of California, USA, pursuant to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Right to Know

You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.

Right to Delete

You may request deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations, ongoing business transactions).

Right to Correct

You may request correction of inaccurate personal information we hold about you.

Right to Opt Out of Sale / Sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. No opt-out is required because no sale or sharing occurs.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your CCPA rights, contact us at leonie@garrettadvisory.com. We will verify your identity before processing your request, as required by law. Response time: within 45 days (CCPA § 1798.130).

Categories of personal information collected in the last 12 months: identifiers (name, email), internet activity (IP, browser data via server logs). Sources: directly from you (contact form), automatically (server logs). Purpose: service delivery, communication, site security. See §2–§6 for details.

12. Brazil — LGPD Rights (Lei Geral de Proteção de Dados)

This section applies to individuals located in Brazil, pursuant to Law No. 13.709/2018 (Lei Geral de Proteção de Dados Pessoais — LGPD).

Under the LGPD, you have the following rights regarding your personal data (Art. 18):

  • Confirmação da existência de tratamento — Confirmation of the existence of data processing
  • Acesso aos dados — Access to your personal data
  • Correção de dados incompletos, inexatos ou desatualizados — Correction of incomplete, inaccurate or outdated data
  • Anonimização, bloqueio ou eliminação — Anonymization, blocking, or deletion of unnecessary or excessive data
  • Portabilidade dos dados — Data portability to another service provider
  • Eliminação dos dados tratados com consentimento — Deletion of data processed with consent
  • Revogação do consentimento — Withdrawal of consent at any time

Our Data Protection Officer (DPO) for LGPD purposes is Leonie Garrett. Contact for LGPD requests: leonie@garrettadvisory.com. The Brazilian National Data Protection Authority (ANPD) is the supervisory authority for LGPD compliance.

13. Latin America — ARCO Rights

For individuals in Latin American jurisdictions, including Mexico (LFPDPPP), Argentina (PDPA — Law 25.326), Colombia (Law 1581/2012), Chile (Law 19.628), and Peru (Law 29733), the following ARCO rights are recognized:

Acceso (Access)

Right to access your personal data held by us.

Rectificación (Rectification)

Right to correct inaccurate or incomplete data.

Cancelación (Cancellation)

Right to request deletion when data is no longer needed.

Oposición (Opposition)

Right to object to processing for specific purposes.

To exercise your ARCO rights, contact leonie@garrettadvisory.com with subject line "ARCO Request — [Your Country]". We will respond within the timeframe required by your local legislation (typically 20–30 business days).

Applicable laws: Mexico LFPDPPP (2010) · Argentina PDPA Law 25.326 (2000) · Colombia Law 1581 (2012) · Chile Law 19.628 (1999, amended 2024) · Peru Law 29733 (2011).

14. Contact for Data Protection

For any questions regarding data protection or to exercise your rights, please contact:

Leonie Garrett

Managing Director, Garrett Advisory LLC

Email: leonie@garrettadvisory.com

Response time: Within 30 days per GDPR Art. 12(3)