top of page

Website Privacy Notice

Effective from 1 September 2024

Hi there!

 

Great to see that you're interested in seeing how your data is processed! As a general note please keep in mind that this text is written for my usual audience which is privacy professionals, and due to this the language is not the most simple there can be. However, if you have any questions, please use the contact form and I'll get back to you. 

The websites (collectively, www.privacycraft.pro, blog.privacycraft.pro, join.privacycraft.pro and courses.privacycraft.pro) are owned by, and the controller for the processing of your personal data is, me – Andreea Lisievici Nevin, with registered address at Smörgatan 18, 41276 Göteborg, Sweden, VAT number SE830614618701.

In this Privacy Notice you can find information on what personal data is processed when you browse these websites, why, for how long, who else has access to it, what rights you have under the EU General Data Protection Regulation and how to exercise them.

This Privacy Notice does not include information on the processing of personal data occurring when you purchase one of my courses or coaching products, or when you are a customer of my services. For those, please go to the Customer Privacy Notice.

When you browse my websites

privacycraft.pro is built on Wix, while blog.privacycraft.pro is built on Wordpress. My courses are delivered on courses.privacycraft.pro which is supported by Kajabi. Lastly, I use Thrivecart for checkout (join.privacycraft.pro). Each use cookies to deliver the website to you, and you can find the details of the cookies (names, duration, purpose) in the cookie banner. The cookie banner is provided by CookieYes and it is set to not drop any non-essential cookies before a choice is made.  There is also a button on every page so that you can revisit your choice.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

 

If you are using any other web browser, please visit your browser’s official support documents.

​I use Matomo analytics which is hailed as doing privacy well. Here are the privacy-preserving settings I made for Matomo:

  1. IP addresses are truncated by 2 bytes, which only allows me to process the country. 

  2. The User ID is replaced by a pseudonym using a salted hash function, which avoids processing direct identifiers but it's still just pseudonymization.

  3. All raw data older than 133 days (6 months) is automatically deleted.

The legal basis in processing the personal data through essential cookies and similar technologies is my legitimate interest to display the website to you (GDPR Art. 6.1.f) while processing through non-essential cookies and similar technologies is based on your consent (GDPR Art. 6.1.a).

When you subscribe to my newsletter

My newsletter includes articles I post on the blog, as well as information on my courses, discounts, and events and due to this it is considered marketing.

Subscribing to the newsletter means your name and email address that you provide will be stored in my CRM, which is my processor ActiveCampaign, and the storage location is the United States. This data is processed based on your consent (GDPR Art. 6.1.a), and the transfer to the United States is performed under the Data Privacy Framework (GDPR Art. 45).

 

The data is processed for as long as you are a subscriber. You can unsubscribe from each email and, if you do, your email address will be deleted within 5 business days unless it is needed for another purpose - such as when you have used the same email to purchase a product or contact me. In any case, after unsubscribing you will stop receiving the newsletter with immediate effect, but you will receive an email to confirm the change. 

When you use the contact form

When you send something through the contact form, all of the data you provide will be processed by Wix as my processor. The data is processed only to deliver the message to me, and any subsequent conversation will occur through emails. 

 

The legal basis for this processing is your consent, expressed by submitting the form. Wix is based in Israel, which is an adequate jurisdiction for transfers from the EU. They use a number of subprocessors, with which they conclude EU Standard Contractual Clauses. 

Your data is deleted after 5 years, unless during that time you become a customer with the same email address. If you do, the processing of your data will occur as explained in the Customer Privacy Notice

Who else has access to your data

Your personal data is processed through processors indicated in the relevant sections. All of such third parties are limited by contract in their ability to use your personal data for any purpose other than to provide services for me in compliance with each data processing agreement in place. Where the processing involves a transfer of data outside of the European Economic Area, this is performed under the EU-US Data Privacy Framework (if applicable) or the Standard Contractual Clauses approved by the European Commission.

Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.

Right to access your personal data: You may ask for information regarding personal data that I hold about you. A copy will be provided to you upon request.

Right to rectification: You can request rectification of incorrect or incomplete personal data concerning you.

Right to restriction: You can request restriction of processing of your personal data, if:
 

  1. you contest the accuracy of your personal data, for the period I need to verify the accuracy,

  2. the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,

  3. I no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims, or

  4. you object to the processing while I verify whether my legitimate grounds override yours.

Right to portability: You have the right to receive your personal data that you have provided to me and, where technically feasible, request that I transmit your personal data (that you have provided to me) to another organization, if:

  1. I process your personal data by automated means; and

  2. I base the processing of your personal data on your consent, or the processing of your personal is necessary for the execution or performance of a contract to which you are a party; and

  3. your personal data is provided by you; and

  4. your right to portability does not adversely affect the rights and the freedoms of other persons.

 

You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your right to have your personal data transmitted to another organization is a right you have if such transmission is technically feasible.

Right to erasure: You have the right to request that I delete the personal data I process about you, unless processing is necessary:

  1. for exercising the right of freedom of expression and information;

  2. for compliance with a legal obligation which requires processing by EU law or EU Member State law to which I am subject;

  3. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or

  4. for the establishment, exercise or defense of my legal claims.

Right to object: You may object at any time to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on my legitimate interests or those of a third party. In this event I shall no longer process your personal data, unless there are compelling legitimate grounds and an overriding interest for the processing, or for the establishment, exercise or defense of legal claims. 

You may always object to the processing of your personal data for direct marketing purposes.

Right to lodge a complaint: You can lodge a complaint to your local data protection supervisory authority or with any other data protection authority in the EU. However, I will appreciate if you first contact me to try and solve your problem – you can find the contact details above.

You made it to the end, rockstar!

Your Rights

As a data subject you have specific legal rights granted by the General Data Protection Regulation relating to the personal data we process about you. These are briefly explained below, and you can exercise them by sending an email to support[at]privacycraft.pro.

bottom of page