The controller responsible for data processing on this website is:
We are not legally required to appoint a Data Protection Officer and have not done so. For all data protection enquiries, please contact us directly at info@herlifeatelier.com.
We process personal data only where this is necessary to provide a functioning website, to deliver our services, to fulfil a contract, to comply with a legal obligation, or on the basis of your freely given consent. Where we rely on legitimate interests (Art. 6(1)(f) GDPR), we specify those interests in the relevant section below.
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
Our website is hosted by Namecheap, Inc. (4600 East Washington Street, Suite 305, Phoenix, Arizona 85034, USA) via the server premium142.web-hosting.com. When you access the website, your browser automatically transmits technical data to our server, including your IP address, date and time of access, browser type, operating system, referring URL, and pages visited.
Legal basis: Art. 6(1)(f) GDPR — our legitimate interest is the secure and stable operation of this website. Server log files are retained only as long as required for security purposes and are then deleted or anonymised.
Namecheap is based in the United States. Data transfers to the USA are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Namecheap acts as a data processor under a Data Processing Agreement (Art. 28 GDPR). For further information, see Namecheap's privacy policy at namecheap.com.
This website uses the typefaces Cormorant Garamond and Jost. Both fonts are hosted locally on our own server. No connection to Google servers or any external font provider is established when you visit this website. No data — including your IP address — is transmitted to third parties in connection with font loading.
Our website uses cookies and similar technologies. We distinguish between:
When you contact us by email or via our contact form, we process the data you provide (name, email address, message content) for the purpose of handling your enquiry and any follow-up communication.
Legal basis: Art. 6(1)(b) GDPR where your enquiry relates to a contract or pre-contractual measures; otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to customer enquiries). Data is deleted once your enquiry has been fully resolved and no statutory retention obligations apply.
If you subscribe to our newsletter, we process your email address and any additional data you voluntarily provide for the purpose of sending you our newsletter. We use a double opt-in procedure: your subscription is only activated after you confirm your email address via a confirmation link.
Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time via the unsubscribe link in any email, without affecting the lawfulness of prior processing.
We use MailerLite (UAB "MailerLite", Gedimino ave. 44A, Vilnius LT-01110, Lithuania) as our email service provider, acting as a data processor under a Data Processing Agreement. Any transfer outside the EEA is covered by Standard Contractual Clauses. Privacy policy: mailerlite.com.
We offer the following digital products as one-time purchases with immediate digital delivery:
We process your name, email address, billing address (where applicable), and payment data for the purposes of contract fulfilment and digital delivery. Legal basis: Art. 6(1)(b) GDPR. Invoice and transaction data is retained for up to 10 years to comply with tax and commercial law obligations (Art. 6(1)(c) GDPR).
Our shop runs on WordPress with WooCommerce, an e-commerce plugin provided by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). WooCommerce handles product display, the shopping cart, the checkout process, order management, and digital product delivery. Order and customer data is stored on our own hosting server. Depending on the functions used, WooCommerce may set technically necessary cookies (e.g. for the shopping cart and checkout session). For further information, see the Automattic privacy policy at automattic.com/privacy.
Under EU consumer law (Directive 2011/83/EU), you have a 14-day right of withdrawal for distance contracts. However, for digital content not supplied on a tangible medium, this right does not apply if performance has begun with your prior express consent and your acknowledgement that you thereby lose your right of withdrawal.
At checkout, you will be asked to actively tick a checkbox confirming:
"I expressly consent to the immediate delivery of the digital content and I acknowledge that I lose my right of withdrawal upon commencement of delivery."
By ticking this checkbox, you provide the express consent required under Art. 16(m) of Directive 2011/83/EU and § 356(5) BGB. Exception: if the download link provided is faulty or non-functional, your right to remedy (replacement delivery or refund) remains unaffected. Please contact us at info@herlifeatelier.com. Full cancellation policy is available in our Terms & Conditions.
Her Edit is a recurring subscription providing weekly editorial content, full blog archive access, early access to new releases, and subscriber-only extras.
Key subscription terms:
€9 per month or €74 per year · Automatic renewal at end of each billing period · Cancel at any time; access continues until end of paid period · No pro-rata refunds · Price changes notified at least 30 days before next renewal.
We process your email address, name or username, login credentials, subscription status, billing period, and payment history for the purpose of contract performance. Legal basis: Art. 6(1)(b) GDPR.
Right of withdrawal for subscriptions: For subscription agreements concluded at a distance, you have a 14-day right of withdrawal from the date of conclusion of the contract. After expiry of the withdrawal period, you may cancel at any time with effect from the end of the current billing period. Full withdrawal instructions are in our Terms & Conditions.
Cancellation: You can cancel your subscription or exercise your right of withdrawal directly via your account dashboard or by emailing info@herlifeatelier.com. A cancellation function is available in your account settings in accordance with applicable consumer protection requirements.
All payments — both one-time purchases and recurring subscription charges — are processed through WooCommerce Payments (WooPayments), the payment service integrated into WooCommerce and operated by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). WooPayments offers card payments, PayPal, and other common payment methods within a single checkout flow.
For the technical processing of card payments, WooPayments uses Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland) as its underlying payment infrastructure. When you complete a payment, the payment data you enter (e.g. card number, name, billing address, email address, transaction amount) is transmitted directly to and processed by Automattic and Stripe for the purpose of executing the payment, fraud prevention, and compliance with statutory obligations.
We ourselves receive only the information necessary to confirm payment and fulfil the order. We do not store full card numbers or other sensitive payment credentials. Legal basis for our processing: Art. 6(1)(b) GDPR (contract performance); for fraud prevention, the legitimate interests of the payment providers (Art. 6(1)(f) GDPR) also apply.
Automattic is based in the USA; data transfers to the USA in connection with WooPayments are covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR) or another appropriate safeguard. For further information, see the privacy policies of Automattic, WooPayments, and Stripe.
WooCommerce can optionally transmit usage and diagnostic data to WooCommerce.com / Automattic (e.g. store statistics, active extensions, technical environment) and may establish a connection to WooCommerce.com for extension management, updates, and licensing.
We have deactivated non-essential usage tracking in our WooCommerce settings. A connection to WooCommerce.com / Automattic is established only where technically necessary — for example to manage and update the WooPayments and WooCommerce extensions we use. In that context, technical data (such as our server's IP address and licence information) may be transmitted to Automattic in the USA, covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in maintaining and securing the shop infrastructure.
The following service providers process personal data on our behalf as data processors (Art. 28 GDPR):
| Processor | Purpose | Legal basis | Location |
|---|---|---|---|
| Namecheap, Inc. Phoenix, Arizona, USA |
Website hosting, server infrastructure, log files | Art. 6(1)(f) GDPR — legitimate interest in secure operation | USA — SCCs in place |
| MailerLite UAB "MailerLite", Vilnius, Lithuania |
Newsletter delivery and subscriber list management | Art. 6(1)(a) GDPR — consent | EEA / SCCs where applicable |
| WooCommerce / Automattic Inc. San Francisco, California, USA |
Shop functionality, cart, checkout, order management, digital product delivery; payment processing via WooPayments | Art. 6(1)(b) GDPR — contract performance | Order data on our server; WooPayments transfers to USA — SCCs |
| Stripe Stripe Payments Europe, Ltd., Dublin, Ireland |
Technical payment infrastructure underlying WooPayments (card processing, fraud prevention) | Art. 6(1)(b) GDPR — contract performance; Art. 6(1)(f) GDPR — fraud prevention | EEA / USA — SCCs where applicable |
| Paid Member Subscriptions (PMS) Plugin by Cozmoslabs |
Members area access management, subscription status, login authentication | Art. 6(1)(b) GDPR — contract performance; Art. 6(1)(f) GDPR — security | Data stored on our own hosting server (USA via Namecheap) |
All transfers to third countries outside the EEA are covered by Standard Contractual Clauses (Art. 46(2)(c) GDPR) or another appropriate safeguard. WooCommerce order data is stored on our own hosting server; transmission to Automattic occurs only in connection with WooPayments and extension/licence management as described in Sections 11 and 12.
Her Edit subscribers receive access to a password-protected members area managed via Paid Member Subscriptions (PMS). We process your email address, name or username, hashed login credentials, subscription status, and technical access logs.
Legal basis: Art. 6(1)(b) GDPR (contract performance) for account data; Art. 6(1)(f) GDPR (security and misuse prevention) for technical logs. Account data is retained for as long as the account is active and thereafter only to the extent legally required.
We do not currently use any web analytics tools on this website. No behavioural tracking or profiling of visitors takes place beyond what is strictly necessary for technical operation.
Should we introduce an analytics tool in future, we will do so exclusively on the basis of your prior explicit consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG) and will update this Privacy Policy before activation. You will be asked for consent via our cookie banner.
We process your email address and the content of communications when you contact us or when we send transactional emails as part of contract fulfilment (e.g. order confirmations, download delivery, subscription renewal notices). Legal basis: Art. 6(1)(b) GDPR (contract performance); Art. 6(1)(f) GDPR for support communication.
We do not sell your personal data. Disclosure to third parties occurs only where required for contract fulfilment, mandated by law, based on your consent, or necessary to protect legitimate interests — provided your rights do not override this.
Right of access (Art. 15 GDPR): You may request confirmation of whether we process data about you and, if so, a copy of that data and information about the processing.
Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR): You may request deletion of your data where it is no longer necessary, where you have withdrawn consent, or where processing was unlawful — subject to statutory retention obligations.
Right to restriction (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to object (Art. 21 GDPR): Where we process your data on the basis of legitimate interests, you may object at any time on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent at any time with effect for the future. Withdrawal does not affect the lawfulness of prior processing.
Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with the competent supervisory authority: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, Germany — baden-wuerttemberg.datenschutz.de
To exercise any right, contact us at info@herlifeatelier.com. We will respond within one month; this may be extended by a further two months where necessary.
Our services are directed exclusively at adults aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
We reserve the right to update this Privacy Policy to reflect legal changes or changes to our services. The current version is always available at herlifeatelier.com. We will notify you of material changes where required by law.