1. Controller

2. Principles of Data Processing

3. Hosting & Infrastructure

4. Email Collection & Contact Form

5. Purchase Processing & Payments

6. ManyChat & Social Media

7. Cookies & Tracking

8. International Data Transfers

9. Your Rights

10. Changes

The controller responsible for data processing on this website within the meaning of the GDPR is:

Sofija De Mitri

Heinrich-Marschner-Straße 25, 85591 Vaterstetten, Germany

Email: sofi@demitriproductions.com

I only process personal data where a legal basis exists or you have given your consent. The legal bases are:

• Art. 6(1)(a) GDPR – Consent (e.g. newsletter sign-up)

• Art. 6(1)(b) GDPR – Performance of a contract (e.g. course purchase)

• Art. 6(1)(f) GDPR – Legitimate interests (e.g. website security)

This website and the online course are hosted via systeme.io (Systeme.io SAS, France). When you visit the site, technical data is automatically collected including: IP address, date and time of access, pages visited, browser type and operating system. Legal basis: Art. 6(1)(f) GDPR.

Privacy policy of systeme.io: systeme.io/privacy-policy

When you sign up via the form on my landing page, I collect your name and email address.

Purpose

To send you course information, offer details, and relevant emails related to the course.

Consent & Double Opt-In

Processing is based on your active consent (Art. 6(1)(a) GDPR). After signing up, you will receive a confirmation email (double opt-in). You may withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting me directly.

Email Delivery

Emails are sent via the systeme.io email system. Your data is shared with systeme.io as a data processor.

When you purchase the course, the following data is collected: name, email, billing address (if required), and payment details. Payment data is processed directly and in encrypted form by the payment provider — it is not stored on my servers. Legal basis: Art. 6(1)(b) GDPR.

Stripe

Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Privacy policy: stripe.com/privacy

PayPal

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy policy: paypal.com/privacy

I use ManyChat (ManyChat Inc., San Francisco, CA, USA) for automated communication via Instagram and Facebook Messenger.

Data Processed

• Public profile information (name, profile picture)

• Messages and interactions with automated flows

Purpose & Legal Basis

Automated responses and communication with course prospects. Legal basis: Art. 6(1)(a) GDPR (consent through interaction) and Art. 6(1)(f) GDPR.

Data transfers to the USA are based on EU Standard Contractual Clauses. Privacy policy: manychat.com/privacy

Opt-Out

Send "STOP" in the messenger at any time to end communication with the bot and have your data deleted from ManyChat.

Necessary Technical Cookies (systeme.io)

Technically necessary cookies to ensure website functionality. No consent required.

Analytics Google Analytics / Google Tag Manager

Used for anonymised analysis of user behaviour (page views, session duration, bounce rate). IP addresses are anonymised. Data is stored on Google servers in the USA. Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

Opt-out: tools.google.com/dlpage/gaoptout · Google Privacy Policy: policies.google.com/privacy

Marketing Meta Pixel (Facebook/Instagram)

The Meta Pixel (Meta Platforms Ireland Limited, Dublin, Ireland) measures the effectiveness of ads and enables targeted advertising on Facebook and Instagram. It records page views, specific actions (e.g. purchase, form submission), and technical device data. Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

Opt-out: facebook.com/settings?tab=ads · Meta Privacy Policy: facebook.com/privacy/explanation

Cookie Consent

On your first visit, you will be asked to consent to non-essential cookies. You can withdraw this consent at any time.

We use certain service providers that are based in, or have affiliated companies in, third countries, in particular the United States. These may include providers such as Google, Meta, Manychat or Stripe.

In this context, personal data may be transferred to countries outside the European Union or the European Economic Area. Where a provider is certified under the EU-US Data Privacy Framework, the transfer is based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR.

Where a provider is not, or not fully, covered by the EU-US Data Privacy Framework, the transfer is based on appropriate safeguards, in particular the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and, where applicable, additional protective measures.

Despite these safeguards, it cannot be fully excluded that authorities in third countries may, under certain circumstances, access personal data without data subjects having the same legal remedies available as within the European Union.

Under the GDPR, you have the following rights:

• Access (Art. 15) · Rectification (Art. 16) · Erasure (Art. 17)

• Restriction of processing (Art. 18) · Data portability (Art. 20)

• Objection (Art. 21) · Withdrawal of consent (Art. 7(3))

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The authority responsible for Bavaria, Germany is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany

poststelle@lda.bayern.de · www.lda.bayern.de

For data protection requests, please contact: sofi@demitriproductions.com

I reserve the right to update this privacy policy if the legal situation or my services change. The current version is always available on this page. Last updated: June 2026