0

Privacy Poilcy

Last updated: January 30, 2026

We appreciate your interest in our website and digital products. Protecting your privacy is very important to us. This Privacy Policy explains how we collect, use, and share personal data when you visit promptyouravatar.com and when you purchase and access our digital products (PDF downloads).

0. Controller responsible for data processing (Art. 4(7) GDPR):

Christopher Köhler
Pariser Straße 20
10707 Berlin
Deutschland

Email: contact@promptyouravatar.com

If you have questions about this Privacy Policy, you can contact us at the email address above.

1. Access Data and Hosting

1.1 Visiting our website (server log files)

You can visit our website without actively providing personal data. Whenever you access a page, the web server automatically stores data in so-called server log files, such as:

  • the requested page/file name

  • your IP address

  • date and time of access

  • transmitted data volume

  • requesting provider (access data)

We process this data only to ensure the secure and stable operation of the website and to improve our offering. This is based on our legitimate interests (Art. 6(1)(f) GDPR). Log data is deleted after a reasonable retention period (typically a few days) unless continued storage is required for security reasons (e.g., investigation of abuse).

1.2 Hosting via all-inkl.com

Our website is hosted by ALL-INKL.COM – Neue Medien Münnich, Germany (commonly referenced as “all-inkl.com”). Hosting involves processing access data and all data transmitted via the website as part of providing hosting services. all-inkl provides privacy information regarding their services.

Privacy-Policy: https://all-inkl.com/datenschutz/

2. Data Processing for Contract Performance and Contact

We process personal data primarily when you purchase a digital product, create/use a customer account, or contact us.

2.1 Processing for digital product orders (WooCommerce)

We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g., by contact form or email). Mandatory fields are marked as such because in these cases we need the data to process the contract or your request; without it you cannot complete the order or send the inquiry.

Which data is collected can be seen from the respective input forms. Typically, this may include:

  • Name

  • Email address

  • Billing address (for invoicing / legal retention requirements)

  • Company name and VAT ID (if provided / B2B)

  • Order and product information

  • Technical order data (order number, timestamps)

  • Payment status and transaction references

We use the data provided by you for contract performance and processing your requests (including inquiries about and handling of any warranty claims, service disruption claims, and any statutory update obligations where applicable) in accordance with Art. 6(1)(b) GDPR.

2.2 Digital delivery of PDFs (download link / email delivery)

If you purchase a digital product, we provide it electronically, typically by:

  • providing a download link (e.g., in your customer account and/or order confirmation page), and/or

  • sending the PDF by email or sending an email containing a download link to the email address you provided.

For this purpose, your email address is necessary to deliver the digital content and to resend access if needed.

After complete performance of the contract, your data will be restricted for further processing and deleted after the expiry of any retention periods under tax and commercial law pursuant to Art. 6(1)(c) GDPR, unless you have expressly consented to further use pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this Privacy Policy.

2.3 Customer account (optional)

If you create a customer account, we store the data you provide (e.g., email, login credentials in hashed form, order history) so you can manage purchases, download products, and update account data.

Legal basis: Art. 6(1)(b) GDPR.

2.4 Contacting us (email / contact forms)

If you contact us (e.g., by email or contact form), we process the personal data you provide to handle your request (e.g., name, email address, message content).

Legal basis: Art. 6(1)(b) GDPR (pre-contract/contract communication) or Art. 6(1)(f) GDPR (legitimate interest in responding efficiently).

After your request is fully handled, your data will be deleted unless storage is required to document business communication or legal claims.

3. No Shipping / Physical Delivery

We primarily sell digital products (PDFs). Therefore, we generally do not transfer data to shipping providers for physical delivery. If we ever offer physical products, we will process shipping data for fulfillment and update this Privacy Policy accordingly.

4. Payment Processing

When processing payments in our shop we work with partners: technical service providers, payment service providers, and credit institutions (where applicable).

4.1 Transaction Processing

Depending on the chosen payment method, we transmit the data necessary for processing the payment transaction to:

  • our technical service providers acting as processors, and/or

  • the selected payment service provider.

This serves contract performance pursuant to Art. 6(1)(b) GDPR.

In part, payment service providers collect the data required for payment processing themselves, e.g. on their own website or via technical integration in the checkout process. In this respect, the privacy policy of the respective payment service provider applies.

Payment providers used on this website may include (depending on your selection):

  • PayPal

  • Stripe

  • WooPayments (WooCommerce Payments)

  • Klarna (if enabled as payment method)

If you have questions about our partners for payment processing and the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

4.2 PayPal

If you choose PayPal, payment processing is carried out by PayPal. PayPal may process personal data (e.g., name, email address, payment details, transaction metadata, device and usage data) to complete the transaction and for their own compliance and security purposes. The applicable PayPal privacy information can be found in PayPal’s Privacy Statement. https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Legal basis: Art. 6(1)(b) GDPR (processing the payment as part of contract performance).

Fraud prevention / payment security: to the extent necessary, processing may also occur under Art. 6(1)(f) GDPR (legitimate interest in preventing fraud and securing transactions).

4.2 Stripe

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

5. Email Marketing / Newsletter (MailPoet)

5.1 Newsletter subscription

If you subscribe to our newsletter, we use the data you provide (usually your email address, optionally name) to send you email updates.

Legal basis: your consent (Art. 6(1)(a) GDPR).

You can unsubscribe at any time using the unsubscribe link in each email.

5.2 Newsletter delivery via MailPoet

We use MailPoet (WordPress plugin and/or related MailPoet services) to manage newsletter subscriptions and deliver emails. MailPoet provides a privacy notice through Automattic / MailPoet. 

Depending on your MailPoet setup, newsletter delivery may use MailPoet’s sending infrastructure or another configured sending provider (e.g., your host SMTP). In each case, only the data necessary for sending is processed.

Privacy-Policy: https://www.mailpoet.com/privacy-notice/

5.3 Newsletter tracking (opens/clicks) – only with consent (if enabled)

If you additionally consent to newsletter analytics, we may measure:

  • whether an email was opened (tracking pixel / similar technologies)

  • which links were clicked

  • technical metadata (time, device/browser type)

Legal basis: Art. 6(1)(a) GDPR (separate consent, if tracking is enabled).

You can withdraw consent at any time (e.g., by unsubscribing or contacting us).

6. Cookies and Consent Management (Complianz)

6.1 General information about cookies and similar technologies

We use cookies and similar technologies to:

  • provide essential site functions (login, cart, checkout, security)

  • remember preferences (language, consent choices)

  • comply with legal requirements (consent documentation)

Some cookies are deleted when you close your browser (session cookies). Others remain stored (persistent cookies) and allow your browser to be recognized later.

6.2 Complianz cookie banner / consent management

We use the Complianz plugin to inform users about cookies and manage and document consent where legally required. Complianz is designed as a GDPR/CCPA cookie consent solution for WordPress.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to manage/document consent where applicable), and Art. 6(1)(a) GDPR where consent is required for certain technologies.

You can change or withdraw your consent at any time via the cookie settings interface on our website.

7. WordPress, WooCommerce, Germanized, Elementor, Crocoblock

Our website runs on WordPress and uses WooCommerce to process digital product orders. We also use Germanized to support compliance-related checkout features (e.g., legal checkboxes, invoice/legal text handling) and Elementor and Crocoblock to build site layouts and dynamic functions. These tools process personal data only insofar as necessary to provide website functions (e.g., checkout, customer account, form submissions).

Legal basis: Art. 6(1)(b) GDPR (contract performance for shop functions) and Art. 6(1)(f) GDPR (legitimate interest in operating a stable, functional website).

8. Website Security (Really Simple Security)

We use Really Simple Security (WordPress security plugin) to protect the website from unauthorized access and malicious activity (e.g., hardening, login protection, security-related logging depending on configuration). The tool may process technical data such as IP addresses, timestamps, and security events where necessary to protect the website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security).

9. Google Services

9.1 Google reCAPTCHA

We use Google reCAPTCHA to protect our forms from misuse and spam (bots). reCAPTCHA may process technical and usage data (e.g., IP address, browser/device data, interaction patterns) and may transmit such data to Google. https://policies.google.com/privacy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing abuse and securing the website) and/or Art. 6(1)(a) GDPR where required by local interpretation and consent mechanisms.

Google’s Privacy Policy and Terms apply.

9.2 Google Fonts (stored locally)

We use Google Fonts stored locally on our server. This means that, to the best of our configuration, no connection to Google servers is required to load fonts, and no font-related data is transmitted to Google when you visit our site.

10. Social Media

10.1 Social buttons/links

Our website may contain links to our social media profiles (e.g., Facebook, Instagram). These are typically implemented as links, so that no data is transmitted to social networks merely by visiting our site. When you click a link, you leave our site and the respective platform’s privacy policy applies.

Privacy-Policy: https://www.facebook.com/privacy/policy/ and https://privacycenter.instagram.com/policy/

10.2 Our presence on Facebook and Instagram

We maintain online presences on Facebook and Instagram (Meta). When you visit those profiles, Meta processes personal data under its own responsibility (including for analytics and advertising). We may receive aggregated insights/statistics from Meta, but we generally do not receive personal data identifying you unless you actively interact (e.g., message, comment, purchase inquiry).

Legal basis (our side): Art. 6(1)(f) GDPR (legitimate interest in communication, brand presence and marketing).

11. Data Retention

We store personal data only as long as necessary for:

  • contract performance and customer support

  • legal obligations (e.g., tax/commercial retention periods)

  • security purposes (e.g., attack investigation)

Once the purpose ends and no legal obligation requires further storage, data is deleted or restricted from processing.

12. Recipients of Data / Processors

We may share personal data with:

  • hosting provider (all-inkl.com) for website operation 

  • payment provider (PayPal) to process payments 

  • newsletter provider (MailPoet / Automattic) to send newsletters 

  • technical service providers/processors supporting website operation and security (e.g., plugins and infrastructure services), only as necessary and under appropriate agreements where required

13. International Data Transfers

Some service providers (e.g., PayPal, Google, Meta, newsletter infrastructure depending on configuration) may process data outside the EU/EEA. Where applicable, transfers are based on recognized safeguards (e.g., Standard Contractual Clauses) or other legal mechanisms.

14. Your Rights (Data Subject Rights)

As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent at any time (Art. 7(3) GDPR), with effect for the future

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to object

Where we process data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you may object to processing for reasons arising from your particular situation. If your objection relates to direct marketing, you may object at any time, and we will stop processing for that purpose.

To exercise your rights, contact us using the email provided in Section 0.