PRIVACY POLICY (GDPR + GLOBAL)

Last updated: March 3rd, 2025

1. Controller & Contact Information

The controller responsible for data processing on this website is:

Serhat Nas

ease.day GmbH
Neuhäuser Straße 3/1
70794 Filderstadt
Germany

Email: [email protected]
Managing Directors: Aydin Nas, Serhat Nas

For all questions regarding privacy and data protection, contact us at the above email address.

2. Overview of Personal Data We Process

We process the following categories of personal data:

  • Identification data: name, email address

  • Usage data: page views, interactions, clicks, scroll depth, session duration

  • Technical data: IP address, device information, browser type, operating system

  • Marketing & analytics data: behavior, conversions, ad interactions

  • Payment-related data: billing address, partial card details (processed by Stripe/PayPal, not stored by us)

  • Form data: messages, survey responses, support requests

  • Server log data: IP address, timestamp, accessed URL, referrer

3. Purposes of Processing

We process personal data for:

  • Delivering our digital products, services, and coaching programs

  • Managing user accounts and course access

  • Handling payments, billing, and accounting

  • Email marketing and communication

  • Performance analytics & website optimization

  • Advertising (Google Ads, Meta Ads)

  • Fraud detection and security

  • Legal compliance

We do not sell, rent, or share your personal data with third parties for their own marketing or promotional purposes. Data is only shared with service providers necessary to operate our business (e.g., hosting, payment processing, analytics), as described in this policy.

4. Legal Bases (GDPR Article 6)

We process data under the following legal bases:

  • Consent (Art. 6(1)(a)) for analytics, advertising, tracking cookies

  • Contract performance (Art. 6(1)(b)) for course access, digital products, orders

  • Legal obligation (Art. 6(1)(c)) for invoicing and tax retention

  • Legitimate interest (Art. 6(1)(f)) for security, server logs, essential analytics

Where we rely on consent, you may withdraw it at any time.

5. Hosting & Platform (GoHighLevel)

Our website, funnels, landing pages, forms, and email automation are hosted by GoHighLevel, operated by LeadConnector / HighLevel LLC (USA).
A Data Processing Agreement (DPA) is in place ensuring GDPR compliance.

Data processed by GHL includes:

  • Contact details

  • Form submissions

  • Funnel interactions

  • Emails, tags, automation events

  • Technical metadata (IP, device)

Transfers to the USA occur under Standard Contractual Clauses (SCCs).

6. Payment Processing (Stripe & PayPal)

We use third-party processors to handle payments securely.

Stripe

Provider: Stripe, Inc., Stripe Payments Europe Ltd.
Data processed: email address, billing details, IP address, device data, payment tokens.
We do not store or see your full credit card number.

PayPal

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A.
Data processed: billing information, transaction details, IP address, device metadata.

Both providers comply with PCI-DSS security standards.

7. Analytics & Tracking Technologies

7.1 Google Analytics

Used for website performance and behavior analysis.
Data may be transferred to the USA under SCCs.
Processing occurs only with user consent.

7.2 Google Ads Conversion Tracking

Used to measure advertising performance.
Cookies are set only with consent.

7.3 Meta Ads (Meta Pixel)

Used for ad optimization and audience building on Facebook/Instagram.
Transfers to the USA occur under SCCs.
Processing occurs only if cookie consent is given.

8. Forms, Checkouts & Email Marketing

When you submit a form or make a purchase, we store:

  • Name

  • Email

  • Phone number (if provided)

  • Message or answers

  • Product purchased

  • Marketing preferences

Email and text message communication is delivered through GoHighLevel.
You may unsubscribe anytime.

9. Server Logs

For security reasons, our servers automatically store:

  • IP address

  • Timestamp

  • Accessed page

  • Referrer

  • Browser type

This is processed on the basis of legitimate interest (Art. 6(1)(f)).

Logs are deleted automatically after 14–30 days unless required for security investigations.

10. Retention Periods

We store data only as long as necessary:

  • Contractual data: 10 years (tax law)

  • Course access / account data: as long as account exists

  • Analytics data (Google/Meta): as configured (typically 3–26 months)

  • Email marketing: until you unsubscribe

  • Server logs: 14–30 days

11. International Data Transfers

When tools transfer data outside the EU/EEA (e.g., to the USA), this occurs under:

  • Standard Contractual Clauses (Art. 46 GDPR)

  • Adequacy decisions

  • Additional safeguards

12. SMS / Text Messaging

When you provide your phone number through our forms, booking pages, or opt-in processes, we may use it to send you text messages (SMS) related to appointment reminders, scheduling confirmations, and service-related communications. We collect phone numbers solely for the purposes described above and with your explicit consent at the point of collection. You must be 18 years of age or older to use our SMS service. By opting in to receive text messages, you confirm that you are at least 18 years old. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Text messaging originator opt-in data and consent will not be shared with any third parties, except for aggregators and providers of text messaging services. Message frequency varies. Message and data rates may apply. You may opt out of text messages at any time by replying STOP. For assistance, reply HELP or contact us at [email protected].

13. Rights of Data Subjects

Under GDPR you have the right to:

  • Access your data (Art. 15)

  • Correct inaccurate data (Art. 16)

  • Request deletion (Art. 17)

  • Restrict processing (Art. 18)

  • Object to processing (Art. 21)

  • Data portability (Art. 20)

  • Withdraw consent at any time (Art. 7(3))

To exercise your rights, email: [email protected]

14. Children’s Data

Our services are not intended for individuals under 16 years old.
We do not knowingly collect children’s data.

15. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted transmission (SSL/TLS)

  • Access controls

  • Regular audits

  • Server-level firewall systems

16. Cookie Notice

We use cookies to operate the website and provide analytics and marketing features.

Categories:

  • Essential cookies (required for website functioning)

  • Analytics cookies (Google Analytics)

  • Marketing cookies (Meta Pixel, Google Ads)

  • Functionality cookies

You may manage or withdraw consent at any time via the cookie banner.

© 2026 ease.day GmbH d/b/a Second Nature. All Rights Reserved.