Legal Information

Privacy Policy

Last updated: June 2026
This Privacy Policy explains what personal data we collect when you visit herlifeatelier.com or use our services, for what purposes we process it, and what rights you have. We are committed to handling your data transparently and in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TDDDG).

1. Controller

The controller responsible for data processing on this website is:

Alexandra Friedrich
Her Life Atelier
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany
Email: info@herlifeatelier.com

2. Data Protection Officer

We are not legally required to appoint a Data Protection Officer and have not done so. For all data protection enquiries, please contact us directly at info@herlifeatelier.com.

3. General Information on Data Processing

We process personal data only where this is necessary to provide a functioning website, to deliver our services, to fulfil a contract, to comply with a legal obligation, or on the basis of your freely given consent. Where we rely on legitimate interests (Art. 6(1)(f) GDPR), we specify those interests in the relevant section below.

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

4. Hosting and Server Log Files

Our website is hosted by Namecheap, Inc. (4600 East Washington Street, Suite 305, Phoenix, Arizona 85034, USA) via the server premium142.web-hosting.com. When you access the website, your browser automatically transmits technical data to our server, including your IP address, date and time of access, browser type, operating system, referring URL, and pages visited.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest is the secure and stable operation of this website. Server log files are retained only as long as required for security purposes and are then deleted or anonymised.

Namecheap is based in the United States. Data transfers to the USA are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Namecheap acts as a data processor under a Data Processing Agreement (Art. 28 GDPR). For further information, see Namecheap's privacy policy at namecheap.com.

5. Web Fonts

This website uses the typefaces Cormorant Garamond and Jost. Both fonts are hosted locally on our own server. No connection to Google servers or any external font provider is established when you visit this website. No data — including your IP address — is transmitted to third parties in connection with font loading.

6. Cookies and Consent Management

Our website uses cookies and similar technologies. We distinguish between:

  • Technically necessary cookies: required to operate the website and its core functions (e.g. login session, shopping cart). Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing a functioning website. No consent required.
  • Non-essential cookies (e.g. analytics, fonts, marketing): used only with your explicit prior consent via our cookie banner. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You may withdraw consent at any time via the cookie settings in the footer of this website.

7. Contact

When you contact us by email or via our contact form, we process the data you provide (name, email address, message content) for the purpose of handling your enquiry and any follow-up communication.

Legal basis: Art. 6(1)(b) GDPR where your enquiry relates to a contract or pre-contractual measures; otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to customer enquiries). Data is deleted once your enquiry has been fully resolved and no statutory retention obligations apply.

8. Newsletter via MailerLite

If you subscribe to our newsletter, we process your email address and any additional data you voluntarily provide for the purpose of sending you our newsletter. We use a double opt-in procedure: your subscription is only activated after you confirm your email address via a confirmation link.

Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time via the unsubscribe link in any email, without affecting the lawfulness of prior processing.

We use MailerLite (UAB "MailerLite", Gedimino ave. 44A, Vilnius LT-01110, Lithuania) as our email service provider, acting as a data processor under a Data Processing Agreement. Any transfer outside the EEA is covered by Standard Contractual Clauses. Privacy policy: mailerlite.com.

9. Digital Products — One-Time Purchases

We offer the following digital products as one-time purchases with immediate digital delivery:

  • Workbooks — downloadable PDF guides, journals, and workbooks.
  • Self-Study Courses — each course consists of a course book and an accompanying workbook, delivered as digital downloads. No live component, no ongoing support obligation. Treated legally as digital content under Art. 2(1) of Directive 2019/770/EU.

We process your name, email address, billing address (where applicable), and payment data for the purposes of contract fulfilment and digital delivery. Legal basis: Art. 6(1)(b) GDPR. Invoice and transaction data is retained for up to 10 years to comply with tax and commercial law obligations (Art. 6(1)(c) GDPR).

Our shop runs on WordPress with WooCommerce, an e-commerce plugin provided by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). WooCommerce handles product display, the shopping cart, the checkout process, order management, and digital product delivery. Order and customer data is stored on our own hosting server. Depending on the functions used, WooCommerce may set technically necessary cookies (e.g. for the shopping cart and checkout session). For further information, see the Automattic privacy policy at automattic.com/privacy.

9a. Right of Withdrawal for Digital Products

Under EU consumer law (Directive 2011/83/EU), you have a 14-day right of withdrawal for distance contracts. However, for digital content not supplied on a tangible medium, this right does not apply if performance has begun with your prior express consent and your acknowledgement that you thereby lose your right of withdrawal.

At checkout, you will be asked to actively tick a checkbox confirming:

"I expressly consent to the immediate delivery of the digital content and I acknowledge that I lose my right of withdrawal upon commencement of delivery."

By ticking this checkbox, you provide the express consent required under Art. 16(m) of Directive 2011/83/EU and § 356(5) BGB. Exception: if the download link provided is faulty or non-functional, your right to remedy (replacement delivery or refund) remains unaffected. Please contact us at info@herlifeatelier.com. Full cancellation policy is available in our Terms & Conditions.

10. Her Edit — Subscription

Her Edit is a recurring subscription providing weekly editorial content, full blog archive access, early access to new releases, and subscriber-only extras.

Key subscription terms:

€9 per month or €74 per year · Automatic renewal at end of each billing period · Cancel at any time; access continues until end of paid period · No pro-rata refunds · Price changes notified at least 30 days before next renewal.

We process your email address, name or username, login credentials, subscription status, billing period, and payment history for the purpose of contract performance. Legal basis: Art. 6(1)(b) GDPR.

Right of withdrawal for subscriptions: For subscription agreements concluded at a distance, you have a 14-day right of withdrawal from the date of conclusion of the contract. After expiry of the withdrawal period, you may cancel at any time with effect from the end of the current billing period. Full withdrawal instructions are in our Terms & Conditions.

Cancellation: You can cancel your subscription or exercise your right of withdrawal directly via your account dashboard or by emailing info@herlifeatelier.com. A cancellation function is available in your account settings in accordance with applicable consumer protection requirements.

11. Payment Processing via WooCommerce Payments

All payments — both one-time purchases and recurring subscription charges — are processed through WooCommerce Payments (WooPayments), the payment service integrated into WooCommerce and operated by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). WooPayments offers card payments, PayPal, and other common payment methods within a single checkout flow.

For the technical processing of card payments, WooPayments uses Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland) as its underlying payment infrastructure. When you complete a payment, the payment data you enter (e.g. card number, name, billing address, email address, transaction amount) is transmitted directly to and processed by Automattic and Stripe for the purpose of executing the payment, fraud prevention, and compliance with statutory obligations.

We ourselves receive only the information necessary to confirm payment and fulfil the order. We do not store full card numbers or other sensitive payment credentials. Legal basis for our processing: Art. 6(1)(b) GDPR (contract performance); for fraud prevention, the legitimate interests of the payment providers (Art. 6(1)(f) GDPR) also apply.

Automattic is based in the USA; data transfers to the USA in connection with WooPayments are covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR) or another appropriate safeguard. For further information, see the privacy policies of Automattic, WooPayments, and Stripe.

12. WooCommerce.com Connection and Usage Tracking

WooCommerce can optionally transmit usage and diagnostic data to WooCommerce.com / Automattic (e.g. store statistics, active extensions, technical environment) and may establish a connection to WooCommerce.com for extension management, updates, and licensing.

We have deactivated non-essential usage tracking in our WooCommerce settings. A connection to WooCommerce.com / Automattic is established only where technically necessary — for example to manage and update the WooPayments and WooCommerce extensions we use. In that context, technical data (such as our server's IP address and licence information) may be transmitted to Automattic in the USA, covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in maintaining and securing the shop infrastructure.

13. Data Processors and Recipients

The following service providers process personal data on our behalf as data processors (Art. 28 GDPR):

Processor Purpose Legal basis Location
Namecheap, Inc.
Phoenix, Arizona, USA
Website hosting, server infrastructure, log files Art. 6(1)(f) GDPR — legitimate interest in secure operation USA — SCCs in place
MailerLite
UAB "MailerLite", Vilnius, Lithuania
Newsletter delivery and subscriber list management Art. 6(1)(a) GDPR — consent EEA / SCCs where applicable
WooCommerce / Automattic Inc.
San Francisco, California, USA
Shop functionality, cart, checkout, order management, digital product delivery; payment processing via WooPayments Art. 6(1)(b) GDPR — contract performance Order data on our server; WooPayments transfers to USA — SCCs
Stripe
Stripe Payments Europe, Ltd., Dublin, Ireland
Technical payment infrastructure underlying WooPayments (card processing, fraud prevention) Art. 6(1)(b) GDPR — contract performance; Art. 6(1)(f) GDPR — fraud prevention EEA / USA — SCCs where applicable
Paid Member Subscriptions (PMS)
Plugin by Cozmoslabs
Members area access management, subscription status, login authentication Art. 6(1)(b) GDPR — contract performance; Art. 6(1)(f) GDPR — security Data stored on our own hosting server (USA via Namecheap)

All transfers to third countries outside the EEA are covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR) or another appropriate safeguard. WooCommerce order data is stored on our own hosting server; transmission to Automattic occurs only in connection with WooPayments and extension/licence management as described in Sections 11 and 12.

14. Members Area

Her Edit subscribers receive access to a password-protected members area managed via Paid Member Subscriptions (PMS). We process your email address, name or username, hashed login credentials, subscription status, and technical access logs.

Legal basis: Art. 6(1)(b) GDPR (contract performance) for account data; Art. 6(1)(f) GDPR (security and misuse prevention) for technical logs. Account data is retained for as long as the account is active and thereafter only to the extent legally required.

15. Analytics

We do not currently use any web analytics tools on this website. No behavioural tracking or profiling of visitors takes place beyond what is strictly necessary for technical operation.

Should we introduce an analytics tool in future, we will do so exclusively on the basis of your prior explicit consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG) and will update this Privacy Policy before activation. You will be asked for consent via our cookie banner.

16. Email Communication and Transactional Emails

We process your email address and the content of communications when you contact us or when we send transactional emails as part of contract fulfilment (e.g. order confirmations, download delivery, subscription renewal notices). Legal basis: Art. 6(1)(b) GDPR (contract performance); Art. 6(1)(f) GDPR for support communication.

17. Disclosure of Data to Third Parties

We do not sell your personal data. Disclosure to third parties occurs only where required for contract fulfilment, mandated by law, based on your consent, or necessary to protect legitimate interests — provided your rights do not override this.

18. Retention Periods

  • Contract, order, and invoice data: up to 10 years (§ 147 AO, § 257 HGB)
  • Contact and support enquiries: until fully resolved; deleted thereafter unless statutory retention applies
  • Newsletter subscriber data: until withdrawal of consent
  • Members area account data: for as long as the account is active; thereafter only as legally required
  • Subscription billing records: up to 10 years
  • Server log files: typically 7–30 days, then deleted or anonymised

19. Your Rights

Right of access (Art. 15 GDPR): You may request confirmation of whether we process data about you and, if so, a copy of that data and information about the processing.

Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.

Right to erasure (Art. 17 GDPR): You may request deletion of your data where it is no longer necessary, where you have withdrawn consent, or where processing was unlawful — subject to statutory retention obligations.

Right to restriction (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.

Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR): Where we process your data on the basis of legitimate interests, you may object at any time on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent at any time with effect for the future. Withdrawal does not affect the lawfulness of prior processing.

Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with the competent supervisory authority: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, Germany — baden-wuerttemberg.datenschutz.de

To exercise any right, contact us at info@herlifeatelier.com. We will respond within one month; this may be extended by a further two months where necessary.

20. Minors

Our services are directed exclusively at adults aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.

21. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal changes or changes to our services. The current version is always available at herlifeatelier.com. We will notify you of material changes where required by law.

Her Life Atelier
Design Your Life, Beautifully

Premium digital tools for modern women building intentional, beautiful lives — one thoughtful resource at a time.

Shop
  • Love Pattern Decoder
  • Her Dating Standards
  • Her Money Era
  • In Her Era
  • Her Reset Collection
Company
  • Home
  • Her Edit
  • Shop
  • Contact
Legal
  • FAQ
  • How to Download
  • Terms & Conditions
  • Privacy Policy
  • Impressum
  • Refund Policy

© 2026 Her Life Atelier · herlifeatelier.com · All rights reserved.

Instagram Pinterest TikTok