Privacy Policy
Last Updated: November 29, 2024
This Privacy Policy complies with the General Data Protection Regulation (GDPR) - EU Regulation 2016/679
🔒 Your Privacy Rights
Under GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.
1. Data Controller
LastingMastery
Email: [YOUR EMAIL]
Website: how-to-last-longer-in-bed.com
For any questions regarding this Privacy Policy or your personal data, please contact us at the above email address.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
- Contract Performance (Art. 6(1)(b)): Processing necessary to deliver the digital product you purchased
- Legitimate Interest (Art. 6(1)(f)): Improving our services, website analytics, fraud prevention
- Consent (Art. 6(1)(a)): Marketing communications, optional cookies
- Legal Obligation (Art. 6(1)(c)): Tax records, financial compliance
3. Personal Data We Collect
3.1 Data You Provide
- Purchase Information: Email address, name (optional)
- Payment Data: Processed by Stripe/PayPal (we do NOT store credit card details)
- Contact Form: Name, email, message content
3.2 Data Collected Automatically
- Technical Data: IP address, browser type, device information
- Usage Data: Pages visited, time spent, referring website
- Cookies: See our Cookie Policy
4. How We Use Your Data
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Deliver digital product | Contract | Email, name |
| Process payment | Contract | Payment info (via Stripe/PayPal) |
| Customer support | Contract | Email, message |
| Website analytics | Legitimate Interest | IP (anonymized), usage data |
| Marketing emails | Consent | |
| Tax compliance | Legal Obligation | Transaction records |
5. Data Retention
- Purchase Records: 7 years (tax/accounting requirements)
- Marketing Consent: Until you unsubscribe or withdraw consent
- Support Tickets: 3 years after resolution
- Analytics Data: 26 months (Google Analytics default)
- Account Deletion: Upon request, unless retention is legally required
6. Third-Party Data Processors
We share your data only with trusted service providers who process it on our behalf:
Stripe / PayPal
Purpose: Payment processing
Data: Payment information
Location: USA (Privacy Shield / Standard Contractual Clauses)
Policy: Stripe Privacy | PayPal Privacy
Google Analytics
Purpose: Website analytics (anonymized)
Data: IP address (anonymized), usage patterns
Location: USA (Privacy Shield / Standard Contractual Clauses)
Opt-out: Google Analytics Opt-out
Hostinger International Ltd.
Purpose: Web hosting, data storage, CDN services
Data: All website data, customer records, transaction logs
Location: Cyprus (EU) - Server located in France (Paris)
GDPR Compliance: Yes - Data Processing Agreement available
Contact: gdpr@hostinger.com
Policy: Hostinger Privacy | DPA
7. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
- Adequacy Decisions for countries deemed to provide adequate protection
Hosting - No Data Transfer
Our website is hosted by Hostinger International Ltd. (Cyprus, EU) with servers located in France (Paris). All customer data remains within the European Union, ensuring full GDPR compliance without requiring additional safeguards for international transfers.
Payment Processing - USA Transfers
Stripe and PayPal process payments and may transfer data to the USA. Both companies have implemented Standard Contractual Clauses and are certified under relevant international data transfer frameworks to ensure GDPR-compliant data protection.
Analytics - USA Transfers
Google Analytics may transfer anonymized analytics data to the USA. We use Google Consent Mode v2 and IP anonymization to minimize data transfer risks. Analytics cookies are only activated with your explicit consent.
8. Your GDPR Rights
Under the GDPR, you have the following rights:
Right of Access (Art. 15)
Request a copy of your personal data we hold
Right to Rectification (Art. 16)
Correct inaccurate or incomplete data
Right to Erasure / "Right to be Forgotten" (Art. 17)
Request deletion of your data (subject to legal retention requirements)
Right to Restriction (Art. 18)
Limit how we process your data
Right to Data Portability (Art. 20)
Receive your data in a machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent (Art. 7(3))
Withdraw consent for processing at any time (does not affect past lawful processing)
How to Exercise Your Rights
Email us at: [YOUR EMAIL]
We will respond within 30 days as required by GDPR.
You may be asked to verify your identity to protect your data.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption: HTTPS/SSL for all data transmission
- Access Controls: Restricted access to personal data
- Secure Storage: Data stored on secure EU servers
- Payment Security: PCI-DSS compliant processors (Stripe/PayPal)
- Regular Security Audits: Ongoing monitoring and updates
Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
10. Cookies
We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.
You can manage cookie preferences through our cookie banner or your browser settings.
11. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.
If we become aware that we have collected data from a minor, we will delete it immediately. If you believe we have such data, please contact us.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you (GDPR Art. 22).
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Provide information about the breach and mitigation measures
14. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority:
EU Supervisory Authorities: List of EU DPAs
Example (France): CNIL - Commission Nationale de l'Informatique et des Libertés
Website: www.cnil.fr
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will:
- Notify you of significant changes via email or website banner
- Update the "Last Updated" date at the top
- Obtain new consent if required by law
We encourage you to review this policy periodically.
16. Contact Us
Data Protection Contact
Email: [YOUR EMAIL]
Website: how-to-last-longer-in-bed.com
Response Time: Within 30 days