This site collects some data. Not to spy on you — to run a publication, deliver products, and occasionally tell Google Analytics how many people visited. Here is exactly what, why, and how long I keep it. If you have questions, you know where to find me.
01
Data Controller
The data controller responsible for your personal data is:
Burned Out Diaries
Klevstr. 8
53840, Troisdorf, Germany
Email: petrapiperati@burnedoutdiaries.com
As a business based in Germany, this Privacy Policy is written in compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
02
What Data I Collect and Why
I collect only what is necessary to run this publication and deliver products and services to you.
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Name & email address | Sending newsletters, updates, and product information via Substack | Consent (Art. 6(1)(a)) |
| Purchase data (name, email, billing country) | Processing payments for digital products (ebooks, courses) | Contract performance (Art. 6(1)(b)) |
| Usage data (pages visited, time on site, device type) | Understanding how visitors use this site via Google Analytics | Consent (Art. 6(1)(a)) |
| IP address (anonymised) | Server logs and security; Google Analytics (anonymised) | Legitimate interest (Art. 6(1)(f)) |
| Correspondence data (emails you send me) | Responding to inquiries and support requests | Legitimate interest (Art. 6(1)(f)) |
I do not collect sensitive personal data (health information, financial account numbers, etc.). I do not sell your data to third parties. Full stop.
03
Substack — Email & Subscription Data
This publication runs on Substack (Substack Inc., 250 Montgomery Street, Suite 800, San Francisco, CA 94104, USA). When you subscribe — free or paid — Substack collects and stores your name and email address on my behalf.
Substack acts as a data processor under a data processing agreement. Your data may be transferred to the United States. Substack relies on Standard Contractual Clauses (SCCs) as its transfer mechanism under GDPR.
For details on how Substack handles your data, see the Substack Privacy Policy.
You can unsubscribe at any time via the link at the bottom of every email. Your data will be removed from my mailing list within 30 days of your request.
04
Google Analytics
This website uses Google Analytics 4 (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics helps me understand which content resonates — so I can stop writing things nobody reads.
Google Analytics uses cookies to collect anonymous usage data. I have enabled IP anonymisation, which means your IP address is truncated before it leaves the EU. I do not use Google Analytics advertising features, remarketing, or demographic reporting.
Data collected via Google Analytics may be transferred to Google servers in the USA under Standard Contractual Clauses.
Google Analytics is only activated after you give explicit consent via the cookie banner. You can withdraw consent at any time via the cookie preferences link in the website footer.
You can also opt out globally using the Google Analytics Opt-out Browser Add-on.
05
Affiliate Links & Third-Party Products
Some links on this website and in the newsletter are affiliate links. This means if you click a link and make a purchase, I may earn a small commission — at no extra cost to you.
Affiliate links are always disclosed clearly at the top of any content that contains them. I only recommend products and services I have personally used or genuinely believe in. Commissions do not influence editorial decisions. If something is rubbish, I will say so.
When you click an affiliate link, the third-party website's own privacy policy applies. I have no control over what data those sites collect.
06
Digital Products
When you purchase a digital product (ebook, guide, course, etc.) from this site, I collect your name, email address, and billing country. This data is used solely to deliver your purchase and provide customer support.
Payment processing is handled by the relevant payment provider (e.g., Stripe). I do not store your full payment card details. Refer to your payment provider's privacy policy for details on how financial data is handled.
07
How Long I Keep Your Data
| Data | Retention Period |
|---|---|
| Newsletter subscription (name & email) | Until you unsubscribe or request deletion |
| Purchase records | 10 years (German commercial law — HGB §257) |
| Google Analytics data | 14 months (as configured in GA4) |
| Email correspondence | 3 years or until no longer needed |
08
Your Rights Under GDPR
You have the following rights regarding your personal data. These are real rights — not fine-print theatre.
To exercise any of these rights, contact me at petrapiperati@burnedoutdiaries.com. I will respond within 30 days.
You also have the right to lodge a complaint with the relevant data protection authority in Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) — www.bfdi.bund.de — or the authority in the German federal state where I am based.
09
External Links
This website contains links to external sites — Substack, social media platforms, affiliate partners. Once you leave this site, this Privacy Policy no longer applies. I am not responsible for the privacy practices of any third party. Check their policies before you hand over your data.
10
Changes to This Policy
I may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will change when I do. For material changes, I will notify subscribers via email. Continued use of this site after changes have been posted constitutes acceptance of the updated policy.
Questions?
Get in touch
If anything here is unclear, or you want to exercise your rights, write to me directly. No automated responses. No chatbots. An actual human — me — will reply.