PRIVACY POLICY (GDPR + GLOBAL)

Last updated: December 3rd, 2025

1. Controller & Contact Information

The controller responsible for data processing on this website is:

ease.day GmbH
Neuhäuser Straße 3/1
70794 Filderstadt
Germany

Email: [email protected]
Managing Directors: Aydin Nas, Serhat Nas

For all questions regarding privacy and data protection, contact us at the above email address.

2. Overview of Personal Data We Process

We process the following categories of personal data:

  • Identification data: name, email address

  • Usage data: page views, interactions, clicks, scroll depth, session duration

  • Technical data: IP address, device information, browser type, operating system

  • Marketing & analytics data: behavior, conversions, ad interactions

  • Payment-related data: billing address, partial card details (processed by Stripe/PayPal, not stored by us)

  • Form data: messages, survey responses, support requests

  • Server log data: IP address, timestamp, accessed URL, referrer

3. Purposes of Processing

We process personal data for:

  • Delivering our digital products, services, and coaching programs

  • Managing user accounts and course access

  • Handling payments, billing, and accounting

  • Email marketing and communication

  • Performance analytics & website optimization

  • Advertising (Google Ads, Meta Ads)

  • Fraud detection and security

  • Legal compliance

4. Legal Bases (GDPR Article 6)

We process data under the following legal bases:

  • Consent (Art. 6(1)(a)) for analytics, advertising, tracking cookies

  • Contract performance (Art. 6(1)(b)) for course access, digital products, orders

  • Legal obligation (Art. 6(1)(c)) for invoicing and tax retention

  • Legitimate interest (Art. 6(1)(f)) for security, server logs, essential analytics

Where we rely on consent, you may withdraw it at any time.

5. Hosting & Platform (GoHighLevel)

Our website, funnels, landing pages, forms, and email automation are hosted by GoHighLevel, operated by LeadConnector / HighLevel LLC (USA).
A Data Processing Agreement (DPA) is in place ensuring GDPR compliance.

Data processed by GHL includes:

  • Contact details

  • Form submissions

  • Funnel interactions

  • Emails, tags, automation events

  • Technical metadata (IP, device)

Transfers to the USA occur under Standard Contractual Clauses (SCCs).

6. Payment Processing (Stripe & PayPal)

We use third-party processors to handle payments securely.

Stripe

Provider: Stripe, Inc., Stripe Payments Europe Ltd.
Data processed: email address, billing details, IP address, device data, payment tokens.
We do not store or see your full credit card number.

PayPal

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A.
Data processed: billing information, transaction details, IP address, device metadata.

Both providers comply with PCI-DSS security standards.

7. Analytics & Tracking Technologies

7.1 Google Analytics

Used for website performance and behavior analysis.
Data may be transferred to the USA under SCCs.
Processing occurs only with user consent.

7.2 Google Ads Conversion Tracking

Used to measure advertising performance.
Cookies are set only with consent.

7.3 Meta Ads (Meta Pixel)

Used for ad optimization and audience building on Facebook/Instagram.
Transfers to the USA occur under SCCs.
Processing occurs only if cookie consent is given.

8. Forms, Checkouts & Email Marketing

When you submit a form or make a purchase, we store:

  • Name

  • Email

  • Message or answers

  • Product purchased

  • Marketing preferences

Email communication is delivered through GoHighLevel.
You may unsubscribe anytime.

9. Server Logs

For security reasons, our servers automatically store:

  • IP address

  • Timestamp

  • Accessed page

  • Referrer

  • Browser type

This is processed on the basis of legitimate interest (Art. 6(1)(f)).

Logs are deleted automatically after 14–30 days unless required for security investigations.

10. Retention Periods

We store data only as long as necessary:

  • Contractual data: 10 years (tax law)

  • Course access / account data: as long as account exists

  • Analytics data (Google/Meta): as configured (typically 3–26 months)

  • Email marketing: until you unsubscribe

  • Server logs: 14–30 days

11. International Data Transfers

When tools transfer data outside the EU/EEA (e.g., to the USA), this occurs under:

  • Standard Contractual Clauses (Art. 46 GDPR)

  • Adequacy decisions

  • Additional safeguards

12. Rights of Data Subjects

Under GDPR you have the right to:

  • Access your data (Art. 15)

  • Correct inaccurate data (Art. 16)

  • Request deletion (Art. 17)

  • Restrict processing (Art. 18)

  • Object to processing (Art. 21)

  • Data portability (Art. 20)

  • Withdraw consent at any time (Art. 7(3))

To exercise your rights, email: [email protected]

13. Children’s Data

Our services are not intended for individuals under 16 years old.
We do not knowingly collect children’s data.

14. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted transmission (SSL/TLS)

  • Access controls

  • Regular audits

  • Server-level firewall systems

15. Cookie Notice

We use cookies to operate the website and provide analytics and marketing features.

Categories:

  • Essential cookies (required for website functioning)

  • Analytics cookies (Google Analytics)

  • Marketing cookies (Meta Pixel, Google Ads)

  • Functionality cookies

You may manage or withdraw consent at any time via the cookie banner.