PRIVACY POLICY

Last updated: 16/11/2025

  1. Controller (Verantwortliche Stelle)

The controller responsible for data processing on this website under the General Data Protection Regulation (GDPR) is:

Aleksandra Celic
Lauinger Str. 30
80997 Munich
Germany

Email: aleks@risewithher.com
Website: https://risewithher.com

 

  1. Overview of Data Processing Activities

This Privacy Policy explains:

  • what personal data we collect
  • how and why we process it
  • legal bases under the GDPR
  • how long we store data
  • your rights
  • with whom we share data

We take the protection of your data very seriously.

 

  1. Data Processing on This Website

3.1 Contact Form (Elementor)

If you contact us via form, we collect:

  • Name (optional)
  • Email address
  • Your message
  • Technical metadata (date/time, IP—anonymized if possible)

Purpose: Responding to your inquiry (Art. 6(1)(b) GDPR – contract or pre-contractual measures).
Retention: Up to 6 months unless needed longer for service communication.

We do not use this data for marketing without your explicit consent.

 

3.2 Newsletter (Substack)

We use Substack to send newsletters.
Provider:

Substack, Inc.
548 Market St PMB 72296
San Francisco, CA 94104-5401
USA

Website: https://substack.com
Privacy Policy: https://substack.com/privacy

When you subscribe, Substack processes:

  • Email address
  • Name (optional)
  • Date/time of signup
  • IP address (technical data)
  • Email engagement data (opens, clicks)

Purpose: Sending newsletters you subscribed to (Art. 6(1)(a) GDPR – consent).
You can withdraw consent at any time via the unsubscribe link.

Data Transfer to the USA

Substack processes data in the USA.
Transfers are based on the EU Standard Contractual Clauses (SCCs) and Substack’s internal safeguards.

 

3.3 Comments (WordPress Comments)

If visitors leave comments, WordPress collects:

  • Name
  • Email
  • Comment text
  • IP address (for spam protection)
  • Browser user agent

An anonymized string derived from your email may be sent to Gravatar to display your avatar.
Gravatar privacy policy: https://automattic.com/privacy/

Retention: Comments and metadata are stored indefinitely to recognize future comments automatically.

 

3.4 Media Uploads

If you upload images, avoid EXIF location data.
Visitors can download and extract this information.

 

3.5 Cookies & Consent (Complianz)

We use Complianz to manage cookie consent in the EU.
Complianz:

  • shows the consent banner
  • blocks scripts until you consent
  • anonymizes IP addresses
  • stores your consent log

Cookie categories and details are listed in the Cookie Policy.

 

3.6 Embedded Content (YouTube, Instagram, Pinterest, etc.)

Articles may include embedded content from third-party services (YouTube, Instagram, Pinterest).

These services may:

  • collect data
  • set cookies
  • track interactions
  • combine data with your existing profiles

We use Embed Privacy, which prevents external embeds from loading without your consent (compliant with TTDSG §25).

 

3.7 Hosting & Server Log Files

Our hosting provider automatically collects:

  • IP address
  • Browser type/version
  • Operating system
  • Referrer URL
  • Date/time of request
  • Pages accessed

Purpose: Technical operation and security (Art. 6(1)(f) GDPR).
Log files are stored temporarily and deleted regularly.

 

  1. Security & Anti-Spam Tools

4.1 Really Simple Security

Used to harden WordPress and detect vulnerabilities.
Processes technical data (e.g., IP addresses) only as needed for security.

 

4.2 Limit Login Attempts Reloaded

Blocks repeated login attempts for security.
Temporarily stores IP addresses and login timestamps.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in securing our site).

 

4.3 Akismet Anti-Spam

When you leave a comment, Akismet may collect:

  • IP address
  • User agent
  • Referrer
  • Name & email
  • Comment content

Used solely for spam detection.
Legal basis: Art. 6(1)(f) GDPR.

 

4.4 Antispam Bee

Processes comment data to block spam without storing personal data unnecessarily.
No data is transmitted outside the EU.

 

  1. Caching & Performance

LiteSpeed Cache / QUIC.cloud

We use LiteSpeed Cache to improve site performance.
Temporary caching may store:

  • IP addresses (usually anonymized)
  • Cached versions of pages

Cache files are temporary and never accessed by third parties except for support.

QUIC.cloud Privacy Policy: https://quic.cloud/privacy-policy/

 

  1. Analytics and Google Services (Future Use)

We plan to use Google Analytics (GA4) and/or Google Tag Manager via Site Kit.

Once activated, Google may process:

  • IP address (anonymized)
  • Device information
  • Browser information
  • Pages visited
  • Interaction data

Processing will ONLY occur after explicit consent via the cookie banner (Art. 6(1)(a) GDPR).

We will update this policy automatically once analytics is enabled.

 

  1. Who We Share Data With

We do not sell your data.

We share data only with:

  • Substack (newsletter)
  • Spam detection providers (Akismet, Antispam Bee)
  • Hosting provider
  • Google services (after consent & activation)
  • WordPress core plugins and integrators necessary for operation

All data transfers comply with GDPR safeguards.

 

  1. Data Retention
  • Contact form messages: up to 6 months
  • Newsletter data: until you unsubscribe
  • Comments: indefinitely
  • Server logs: short-term
  • Cookie consent logs: per Complianz retention schedule
  • Security logs: only as long as needed

 

  1. Your Rights Under GDPR

You have the right to:

  • Access your data (Art. 15)
  • Rectify (Art. 16)
  • Erase (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise your rights, contact:
aleks@risewithher.com

 

  1. Right to Complain to a Supervisory Authority

You have the right to lodge a complaint with a data protection authority, especially:

  • in Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
  • or the authority of your federal state
  • or any EU authority where you live or work

 

  1. Data Transfers to Third Countries

Some services (e.g., Substack, Google, YouTube, Instagram) may transfer personal data to the USA or other non-EU countries.

Transfers occur only based on:

  • Standard Contractual Clauses (SCCs)
  • Your explicit consent via the cookie banner
  • Adequate safeguards

 

  1. Automated Decision-Making

We do not use automated decision-making or profiling under Art. 22 GDPR.

 

  1. Updates to This Privacy Policy

We may update this policy as needed.
The current version is always available on this page.

you like me to generate your Impressum (required in Germany) next?