Privacy Policy

This privacy policy explains how erikbernath.com ("we", "us", "the website") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable French data protection law.

1. Data Controller

The data controller responsible for this website is:

Erik Bernath
Strasbourg, France
Email: privacy@erikbernath.com

2. What Data We Collect

We may collect the following personal data:

• Email address — when you subscribe to the waitlist or newsletter
• Name and email — when you use the contact form
• Payment information — processed securely by third-party providers (Stripe, Mollie) when you make a purchase. We do not store your payment card details.
• Usage data — anonymized analytics data (pages visited, referring sites, device type) collected via Google Analytics with IP anonymization enabled
• Cookies — as described in our Cookie Policy

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Consent (Art. 6(1)(a)) — for email subscriptions, analytics cookies, and marketing communications
• Contractual necessity (Art. 6(1)(b)) — for processing book purchases
• Legitimate interest (Art. 6(1)(f)) — for website security and fraud prevention

4. How We Use Your Data

• To send you book launch updates and newsletters (only with your consent)
• To process book purchases through our payment partners
• To respond to your inquiries via the contact form
• To analyze website traffic and improve the user experience (anonymized)

5. Third-Party Services

We use the following third-party services that may process your data:

• Stripe (payments) — Stripe Privacy Policy
• Mollie (payments) — Mollie Privacy Policy
• Google Analytics (analytics) — with IP anonymization enabled. Google Privacy Policy
• Hostinger (hosting) — Hostinger Privacy Policy

6. Data Retention

• Email subscriptions: retained until you unsubscribe
• Contact form messages: retained for up to 12 months
• Payment records: retained as required by French tax law (typically 10 years)
• Analytics data: anonymized and retained for up to 26 months

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Access — request a copy of your personal data
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request restriction of processing
• Portability — receive your data in a structured, commonly used format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@erikbernath.com. We will respond within 30 days.

8. International Data Transfers

Some of our third-party providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Data Security

We take appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, secure hosting, and limited access to personal data.

10. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr

11. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top reflects the most recent revision.