Data controller
Whitesides GmbH
Keithstraße 2-4
10787 Berlin
Germany
Email: privacy@whitesides-publishing.com
Data protection officer
A formal Data Protection Officer is not required under §38 BDSG, as our regular data processing involving personal data is below the threshold. For all data protection inquiries, please contact privacy@whitesides-publishing.com.
What data we process
1. Server logs (when you visit this site)
Our hosting provider Cloudflare Pages (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA) records the following in server logs:
- IP address (anonymised after 24 hours)
- Date and time of access
- Requested URL and referrer URL
- User agent (browser, operating system)
Legal basis: Art. 6 (1) (f) GDPR. Legitimate interest: stable operation, attack protection. Retention: 30 days. Cloudflare is certified under the EU-US Data Privacy Framework.
2. Pre-order intent (Brevo newsletter)
When you sign up via /preorder/, we transfer your email
address (and optionally your name and country) to Brevo (Sendinblue
SAS), 106 boulevard Haussmann, 75008 Paris, France. Brevo processes
data exclusively on European servers. Brevo list: ai-coach-en (or
the corresponding language list, e.g. ai-coach-fr).
Legal basis: Art. 6 (1) (a) GDPR (consent). You can withdraw consent at any time via the unsubscribe link in any email or by writing to privacy@whitesides-publishing.com.
3. Pre-order checkout (Stripe — once active)
Once Stripe is configured, payment processing will be handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe receives payment data directly — we only see the last 4 digits of the card and the expiry date. Stripe is PCI-DSS Level 1 certified. Stripe’s privacy policy: stripe.com/en/privacy.
Note: Stripe is currently a stub. Once active, the data forwarding to Stripe will be based on Art. 6 (1) (b) GDPR (contractual necessity).
4. Email contact
If you write to us, we process your email address and the content of your message to respond to your inquiry (Art. 6 (1) (f) GDPR, legitimate interest). Retention: 6 months, unless contractual obligations result.
Cookies and tracking
This site sets no tracking cookies, no Google Analytics, no Meta Pixel, no advertising networks. There is no cookie banner because no consent-requiring cookies are set.
Once Stripe checkout is active, Stripe sets technically necessary session cookies on Stripe’s domain during the payment process. These are required under Art. 6 (1) (b) GDPR for contract fulfilment.
External fonts and scripts
We do not load external fonts (no Google Fonts), no external scripts, no external iframes. All fonts are self-hosted via Fontsource.
Your rights under GDPR
You have the following rights at any time:
- Right to information about your stored data (Art. 15)
- Right to rectification of inaccurate data (Art. 16)
- Right to erasure, where no retention obligations apply (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object to processing based on legitimate interest (Art. 21)
- Right to withdraw consent for the future (Art. 7 (3))
- Right to lodge a complaint with the supervisory authority. In our case: Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI), Friedrichstraße 219, 10969 Berlin, Germany (Art. 77).
Changes to this policy
We update this policy when our processing or the legal framework changes. Last updated: 10 May 2026.