_edited.png){kind=small}
PRIVACY POLICY
Last updated: June 19th, 2026
This Privacy Policy explains how María Alviz Hernando, trading as The Sibyl’s Tarot, collects, uses, stores, and protects your personal data when you visit this website, book a tarot reading, purchase a mentoring session, subscribe to the newsletter, contact me, or otherwise use my services.
This policy is written in accordance with the General Data Protection Regulation, Regulation (EU) 2016/679, and applicable Spanish data protection law.
1. Data Controller
The data controller responsible for your personal data is:
Business name: The Sibyl’s Tarot / María Alviz Hernando
Website: https://www.thesibylstarot.com
Email: thesibyl@thesibylstarot.com
Location: Spain
For any privacy-related question, you can contact me at: thesibyl@thesibylstarot.com
2. What Personal Data I Collect
Depending on how you interact with this website and my services, I may collect the following personal data:
Contact data: your name, email address, social media handle, or any other contact details you provide.
Booking and service data: information related to the tarot reading, mentoring session, class, workshop, or other service you purchase or inquire about.
Payment and transaction data: details necessary to process your purchase, such as the service purchased, date of purchase, amount paid, billing information, and payment confirmation. I do not directly store full card numbers or banking details. Payments are processed by third-party payment providers such as PayPal, Wix Payments or Apple Pay.
Newsletter data: your name, email address, subscription status, preferences, and engagement information such as whether you open emails or click links, if this is tracked by the newsletter platform.
Communication data: any information you send through contact forms, emails, booking forms, consultation forms, comments, replies, or direct messages.
Website usage data: technical information such as IP address, browser type, device information, pages visited, approximate location, referral source, and cookie data, where applicable.
Sensitive or personal information voluntarily provided by you: because tarot readings and mentoring sessions can involve personal questions, you may choose to share information about relationships, work, family, emotional circumstances, health, beliefs, or other private matters. I only process this information for the purpose of providing the service you requested.
3. How I Collect Your Data
I collect personal data when you:
book or purchase a tarot reading, mentoring session, class, or workshop;
subscribe to my newsletter;
fill out a contact form, intake form, booking form, or questionnaire;
send me an email or message;
leave comments, reviews, or feedback;
browse the website, if cookies or analytics tools are active;
interact with my content, links, or embedded third-party services.
Some data is collected directly from you, and some may be collected automatically through website tools, cookies, analytics, or third-party platforms.
4. Why I Use Your Personal Data
I use your personal data for the following purposes:
to provide tarot readings, mentoring sessions, classes, workshops, and other services you have requested;
to manage bookings, appointments, payments, cancellations, rescheduling, and delivery of services;
to respond to emails, inquiries, messages, and support requests;
to send newsletters, updates, educational content, offers, and marketing emails when you have subscribed or consented to receive them;
to manage my business records, invoices, accounting, and tax obligations;
to improve my website, services, content, and client experience;
to protect the security of my website and business;
to comply with legal obligations.
I do not sell your personal data.
5. Legal Bases for Processing
Under the GDPR, I rely on the following legal bases:
Contract: when processing your data is necessary to provide a service you have requested or purchased, such as a reading, mentoring session, class, workshop, or digital product.
Consent: when you subscribe to the newsletter, accept non-essential cookies, or voluntarily provide certain information for a specific purpose.
Legal obligation: when I need to keep records for tax, accounting, consumer protection, or legal compliance.
Legitimate interest: when necessary to operate and improve my business, respond to inquiries, prevent fraud, maintain website security, and keep basic records of communications, provided your rights and freedoms do not override those interests.
6. Newsletter and Marketing Emails
If you subscribe to my newsletter, I will use your email address to send you emails that may include tarot education, personal reflections, updates, offers, launches, promotions, and information about my services.
You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any newsletter email or by contacting me at thesibyl@thesibylstarot.com
Newsletter emails may be managed through GetResponse. This provider may process your name, email address, subscription status, and email engagement data on my behalf.
7. Tarot Readings, Mentoring, and Client Confidentiality
When you book a tarot reading, mentoring session, or similar service, you may choose to share personal details relevant to your question or situation.
I use this information only to provide the service requested, communicate with you about the service, keep appropriate business records, and comply with legal obligations.
I treat client information as confidential. I do not publish, share, or disclose any personal, identifiable details of your reading or mentoring session unless:
you give explicit permission;
it is necessary to provide the service through a tool or platform you have chosen to use;
I am legally required to do so;
it is necessary to protect my legal rights, safety, or the safety of others.
Testimonials or reviews will only be published with your permission or when you have submitted them publicly through a review platform.
8. Payments
Payments are processed by third-party providers such as PayPal, Wix Payments or Apple Pay.
I may receive confirmation of your payment, transaction ID, amount paid, billing details, and purchase information, but I do not directly receive or store your full card number or banking credentials.
Your payment provider processes your payment data according to its own privacy policy and legal obligations.
9. Cookies and Analytics
This website may use cookies and similar technologies to make the site function properly, improve user experience, understand website traffic, remember preferences, or support marketing.
Cookies may include:
Essential cookies: necessary for the website to work.
Analytics cookies: used to understand how visitors use the website.
Marketing cookies: used to measure advertising or personalize content, if applicable.
Where required, non-essential cookies will only be used with your consent. You can manage or withdraw cookie consent through the cookie banner or your browser settings. Spanish AEPD guidance states that users should be able to withdraw cookie consent easily, and the withdrawal method should be as easy as the method used to give consent. (Agencia Española de Protección de Datos)
A separate Cookie Policy may be provided if this website uses analytics, advertising pixels, embedded third-party content, or other non-essential cookies.
10. Third-Party Service Providers
I may use trusted third-party service providers to run this website and provide my services. These may include:
website hosting and website builder: Wix.
payment processors: PayPal, Wix Payments, Apple Pay.
email newsletter provider: Get Response.
booking or scheduling tools: Wix Bookings.
video call tools: Zoom.
analytics tools: Google Analytics, Wix Analytics.
email and cloud storage: iCloud, Webmail.
These providers may process personal data on my behalf or as independent controllers, depending on the service. I only use providers that are reasonably necessary for the operation of my business and services.
11. International Data Transfers
Some third-party providers may process or store personal data outside the European Economic Area.
Where this happens, I rely on appropriate safeguards required under GDPR, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms. The European Commission identifies adequacy decisions and Standard Contractual Clauses as safeguards for transfers of personal data outside the EU. (European Commission)
12. How Long I Keep Your Data
I keep personal data only for as long as necessary for the purpose for which it was collected, including legal, accounting, tax, contractual, and business record obligations.
In general:
inquiry emails and contact form messages may be kept for up to [12–24 months];
client and booking records may be kept for up to [5–6 years] for tax, accounting, and legal record purposes;
newsletter data is kept until you unsubscribe or request deletion;
payment and invoice records are kept for the legally required accounting and tax period;
reading or mentoring notes, if kept, are retained only for as long as necessary to provide the service, manage follow-up, or maintain business records.
When data is no longer needed, it will be deleted, anonymized, or securely archived.
13. Your Rights Under GDPR
You have the right to:
access the personal data I hold about you;
request correction of inaccurate or incomplete data;
request deletion of your personal data;
request restriction of processing;
object to processing based on legitimate interests or direct marketing;
request data portability, where applicable;
withdraw consent at any time, where processing is based on consent;
lodge a complaint with a data protection authority;
not be subject to automated decision-making, where applicable.
In Spain, you can contact the Agencia Española de Protección de Datos, the AEPD, if you believe your data protection rights have been violated. The AEPD provides channels for exercising data protection rights and filing complaints. (Agencia Española de Protección de Datos)
To exercise your rights, contact me at: thesibyl@thesibylstarot.com
I may need to verify your identity before responding to your request.
14. Security
I take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.
However, no online transmission or storage system can be guaranteed to be completely secure. You are responsible for using secure devices, private networks, and appropriate caution when sharing personal information online.
15. Children’s Privacy
My services are intended for adults. I do not knowingly collect personal data from children under the age of 18.
If I become aware that a minor has provided personal data without appropriate consent, I will delete the information where required.
16. Automated Decision-Making
I do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
17. Changes to This Privacy Policy
I may update this Privacy Policy from time to time to reflect changes in my services, website tools, legal obligations, or business practices.
The latest version will always be available on this page, with the “Last updated” date shown at the top.
18. Contact
For any questions about this Privacy Policy or how your personal data is handled, contact:
The Sibyl’s Tarot / [LEGAL NAME]
Email: thesibyl@thesibylstarot.com
Website: https://www.thesibylstarot.com
Location: Spain