Privacy Policy
Last updated: June 2026.
This policy explains what personal data we collect when you use ross-mercer.com and buy our digital products, and your rights under the GDPR. The controller is Norman Voellings, Armação de Pêra, Portugal (see Legal Notice).
What we collect and why
- Order & email: to process your purchase and deliver your download (legal basis: performance of a contract).
- Payment & billing data: processed by Stripe to take payment and calculate tax. We don’t store full card details.
- Server logs: kept briefly for security and to run the site (legitimate interest).
Processors we use
- Stripe Payments Europe Ltd. (Ireland) — payments and tax.
- Resend — sending your download and order emails.
- Cloudflare, Inc. (US) — CDN, TLS, and bot protection.
- Hosting provider — serving the website (servers in the EU).
Cookies
We don’t use analytics or marketing cookies, so no consent banner is required. Only strictly-necessary cookies may be set — for checkout security (Stripe) and bot protection (Cloudflare, e.g. __cf_bm).
These providers process data on our behalf and may transfer it outside the EU/EEA under appropriate safeguards (e.g. standard contractual clauses).
How long we keep data
Order records are kept as required by law (accounting retention). Download links expire after 30 days. Logs are kept only briefly.
Your rights
You can request access, correction, deletion, restriction, or portability of your data, and object to certain processing. To exercise any of these, email contact@ross-mercer.com. You also have the right to complain to a data protection authority — in Portugal, the CNPD (Comissão Nacional de Proteção de Dados).