GDPR Rights

Last updated:

1. Data we collect

We only collect data necessary to operate the ebook storefront and process payments:

• Email address — provided during checkout for order confirmation and receipts.
• Order details — items, prices, and timestamps to fulfill purchases.
• Payment metadata — minimal identifiers from payment providers for transaction matching.
• Basic analytics — page views and clicks to improve the site (optional, via cookies).

2. Legal basis for processing

• Contract performance — to process and deliver your ebook orders.
• Legitimate interest — to improve site performance and prevent fraud.
• Consent — for non-essential analytics and marketing cookies.

3. Your GDPR rights

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure (“right to be forgotten”) — request deletion of your data.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest.
• Restrict — limit processing in certain circumstances.

4. How to exercise your rights

Email us at the address shown on the website with “GDPR Request” in the subject. We will respond within 30 days and may request verification to protect your privacy.

5. Data retention

• Order data — retained for 7 years for accounting and legal compliance.
• Analytics data — retained for 13 months (cookies) or 24 months (server logs).
• Email marketing — until you unsubscribe.

6. International transfers

Our service providers may process data outside the EU. We ensure appropriate safeguards via standard contractual clauses and, where required, explicit consent.

7. Cookies and tracking

• Essential cookies — required for site operation (e.g., cart persistence).
• Analytics cookies — optional, used to understand site usage.
• You can manage preferences via the consent banner or browser settings.

8. Data breaches

If a breach occurs that may affect your rights and freedoms, we will notify you without undue delay and in line with legal requirements.

9. Supervisory authority

If you believe your rights are not respected, you may lodge a complaint with your local data protection authority.

10. Contact

For GDPR questions or requests, contact us using the email provided on this website.