Privacy statement

To be drafted. A GDPR-compliant privacy statement is required once the contact form, booking tool, newsletter or analytics go live. Points to cover: processing purposes, legal bases, retention periods, processors (form, mail, calendar, newsletter, analytics), and data-subject rights. Consider a privacy-friendly analytics option (e.g. Plausible/Matomo) to limit the cookie banner. [TO COMPLETE]