Privacy Policy

1. General Information

This Privacy Policy informs you, in accordance with the General Data Protection Regulation (GDPR), about the scope, purpose and legal basis of the processing of personal data on the website Valaros.com. It covers data processing related to the operation of the website, the online shop, digital products, advertising technologies and third-party services.

2. Controller

The controller within the meaning of Art. 4(7) GDPR is:

3. Privacy Contact

A formal Data Protection Officer is not legally required.

4. Hosting and Server Operations

Service providers:
Cloudways Ltd. (Malta) – Privacy Policy
Infrastructure provider: DigitalOcean LLC (USA) – Privacy Policy

Server locations:

• tarot-secret.com → Frankfurt (Germany / EU)
• valaros.com → New York (USA)

Processed data:

• IP address
• Date and time of access
• Browser and device information
• Operating system
• Requested pages
• Referrer URL
• Server and error logs

Data protection issue: Server logs typically include IP addresses and technical identifiers that may allow indirect identification. In addition, a transfer to a third country (USA) may occur for some services.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the website)

International transfer: For valaros.com, data may be transferred to the USA on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR.

Retention period: Server logs are stored for a maximum of 30 days.

5. Domain Registration

Service provider: Namecheap, Inc. (USA) – Privacy Policy

Processed data:

• Domain owner data (name, address, email address)
• Technical DNS data
• IP addresses during administrative access

Data protection issue: Domain administration may involve personal contact data. Since Namecheap is located in the USA, an international transfer may occur.

Legal bases: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (administration and security)

International transfer: Standard Contractual Clauses pursuant to Art. 46 GDPR.

6. Online Store (WooCommerce)

Service: WooCommerce (plugin) – Privacy Policy

Processed data:

• Name and address
• Email address
• IP address
• Order and invoice data
• Download history
• Login data (if a customer account is created)

Data protection issue: Purchase and usage data are particularly sensitive because they may reveal consumer behavior.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

Retention period: Up to 10 years where required by law (e.g. tax law and commercial retention obligations).

7. Payment Processing

WooPayments / Stripe: Privacy Policy
PayPal: Privacy Policy

Processed data:

• Transaction data
• Payment amount
• Masked payment data
• Billing data
• IP address and device information

Data protection issue: Payment data is sensitive. Payment providers may act as independent controllers. Transfers to third countries, especially the USA, cannot be ruled out.

Legal basis: Art. 6(1)(b) GDPR (contract / payment processing)

8. Amazon KDP

For purchases made via Amazon, the contract is concluded exclusively between the customer and Amazon. We do not receive personal purchaser data.

Amazon Privacy Policy: https://www.amazon.de/privacy

Data protection issue: Amazon processes personal data as an independent controller. Please refer to Amazon’s own privacy notice for details.

9. Digital Products

Processed data:

• Email address
• Order and download history
• IP address

Data protection issue: Download and access logs may permit conclusions about the timing and scope of use.

Legal basis: Art. 6(1)(b) GDPR

10. Physical Products / Shipping

Shipping provider: DHL Paket GmbH – Privacy Policy

Processed data: Name, address, phone number (optional)

Data protection issue: Address data is transferred to the shipping provider to enable delivery.

Legal basis: Art. 6(1)(b) GDPR (shipping / contract)

11. Google Analytics 4

Service provider: Google (in particular Google Ireland Limited) – Privacy Policy

Google Analytics 4 may be used with IP anonymization where technically available and configured.

Data protection issue: Analytics may involve device identifiers, usage data and possible transfers to third countries. Therefore, this service is only used on the basis of consent.

Legal basis: Art. 6(1)(a) GDPR (consent)

Retention period: 14 months

Consent may be withdrawn via the cookie settings.

12. Advertising (AdSense, AdMob, Mediavine)

Advertising services may be used for monetization, including Mediavine and, where applicable, additional partners such as Google.

Data protection issue: Advertising technologies may process cookies, identifiers, IP addresses and usage data in order to deliver personalized or non-personalized ads. Personalized advertising generally requires user consent.

Legal basis: Art. 6(1)(a) GDPR (consent), insofar as personalized advertising or tracking is used.

13. YouTube and Embedded Videos

When embedded videos are played, data may be processed by Google / YouTube.

Privacy Policy: https://policies.google.com/privacy

Data protection issue: Loading or playing embedded videos may involve the processing of IP addresses, device information and interaction data. A transfer to a third country cannot be ruled out.

Legal basis: Art. 6(1)(a) GDPR (consent), where YouTube content is loaded only after consent; otherwise Art. 6(1)(f) GDPR may apply only with privacy-friendly configuration.

14. AI Services (OpenRouter.ai)

If website features use AI services (for example for text processing), user input and technical metadata may be processed.

Data protection issue: User input may contain personal data. Depending on the provider setup, international transfers may also occur.

Legal basis: Art. 6(1)(a) GDPR (consent)

15. Newsletter via Mediavine Grow

Newsletter subscriptions are managed via Mediavine Grow (formerly “Grow by Mediavine”).

Provider: Mediavine, Inc. (USA) – Privacy Policy

Processed data:

• Email address
• IP address
• Time of sign-up
• Technical metadata (browser, device)

Purpose: Management and provision of newsletter registrations.

Data protection issue: Email marketing and newsletter tracking are sensitive by nature. In addition, a transfer to the USA may occur.

Legal basis: Art. 6(1)(a) GDPR (consent). Consent may be withdrawn at any time via the unsubscribe link in the newsletter.

International transfer: A transfer to the USA cannot be ruled out and is based, where applicable, on Standard Contractual Clauses pursuant to Art. 46 GDPR.

Mediavine Programmatic Advertising (Ver 1.1)

The Website works with Mediavine to manage third-party interest-based advertising appearing on the Website. Mediavine serves content and advertisements when you visit the Website, which may use first and third-party cookies. A cookie is a small text file which is sent to your computer or mobile device (referred to in this policy as a “device”) by the web server so that a website can remember some information about your browsing activity on the Website.

First party cookies are created by the website that you are visiting. A third-party cookie is frequently used in behavioral advertising and analytics and is created by a domain other than the website you are visiting. Third-party cookies, tags, pixels, beacons and other similar technologies (collectively, “Tags”) may be placed on the Website to monitor interaction with advertising content and to target and optimize advertising. Each internet browser has functionality so that you can block both first and third-party cookies and clear your browser’s cache. The “help” feature of the menu bar on most browsers will tell you how to stop accepting new cookies, how to receive notification of new cookies, how to disable existing cookies and how to clear your browser’s cache. For more information about cookies and how to disable them, you can consult the information at All About Cookies.

Without cookies you may not be able to take full advantage of the Website content and features. Please note that rejecting cookies does not mean that you will no longer see ads when you visit our Site. In the event you opt-out, you will still see non-personalized advertisements on the Website.

The Website collects the following data using a cookie when serving personalized ads:

• IP Address
• Operating System type
• Operating System version
• Device Type
• Language of the website
• Web browser type
• Email (in hashed form)

Mediavine Partners (companies listed below with whom Mediavine shares data) may also use this data to link to other end user information the partner has independently collected to deliver targeted advertisements. Mediavine Partners may also separately collect data about end users from other sources, such as advertising IDs or pixels, and link that data to data collected from Mediavine publishers in order to provide interest-based advertising across your online experience, including devices, browsers and apps. This data includes usage data, cookie information, device information, information about interactions between users and advertisements and websites, geolocation data, traffic data, and information about a visitor’s referral source to a particular website. Mediavine Partners may also create unique IDs to create audience segments, which are used to provide targeted advertising.

If you would like more information about this practice and to know your choices to opt-in or opt-out of this data collection, please visit National Advertising Initiative opt out page. You may also visit Digital Advertising Alliance website and Network Advertising Initiative website to learn more information about interest-based advertising. You may download the AppChoices app at Digital Advertising Alliance’s AppChoices app to opt out in connection with mobile apps, or use the platform controls on your mobile device to opt out.

For specific information about Mediavine Partners, the data each collects and their data collection and privacy policies, please visit Mediavine Partners.

17. Cookies and Consent Management

This website uses cookies and similar technologies to ensure the technical functionality of the website, provide content, store consent preferences and, depending on your choices, enable analytics, measurement and interest-based advertising.

Consent management is provided via Mediavine’s consent management tools. You can review, adjust or withdraw your consent at any time for the future via the “Privacy Settings” or “Manage Consent” link displayed on the website.

Data protection issue: Cookies and similar technologies may be used to recognize devices, analyze usage behavior, measure reach and personalize advertising. In this context, personal data such as IP addresses, browser information, device identifiers and interaction data may be processed. Non-essential cookies are only used on the basis of your consent.

Legal bases:

• Art. 6(1)(a) GDPR (consent), where cookies are used for analytics, marketing or personalized advertising
• Art. 6(1)(f) GDPR (legitimate interest), where technically necessary cookies are required for the secure and functional provision of the website

Additional details on advertising-related partner technologies used by Mediavine can be found in the section “Mediavine Programmatic Advertising” above.

18. RevenueCat (App Subscriptions / In-App Purchases)

Service provider: RevenueCat, Inc. (USA) – Privacy Policy

Processed data (typically): App and device identifiers, purchase and subscription status, usage and diagnostic data (depending on implementation).

Data protection issue: App subscriptions may involve processing of device-related identifiers and purchase history. A transfer to the USA may also occur.

Legal basis: Art. 6(1)(b) GDPR (contract / subscription management) and, where tracking or marketing functions are used, Art. 6(1)(a) GDPR (consent).

19. Your Rights

You have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent with effect for the future (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

20. Supervisory Authority

21. Data Security

We implement appropriate technical and organizational measures (such as SSL/TLS encryption, access controls and backups) to protect your data against loss, misuse and unauthorized access.

22. Changes

This Privacy Policy may be updated to reflect changes in legal requirements or changes to the services used on this website.