Privacy Policy
1. Data Protection
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data with which you can be personally identified. Detailed information on data protection can be found in the privacy policy outlined below this text.
Data Collection on this Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the “Notice Regarding the Responsible Party” section of this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This can include data you enter in a contact form.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This data mainly includes technical information (e.g., internet browser, operating system, or the time of the page visit). The collection of this data occurs automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient, and purpose of your stored personal data at any time free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to file a complaint with the relevant supervisory authority.For this purpose, and for any further questions on data protection, you can contact us at any time.
2. Hosting
We host the content of our website with the following provider:
webgo
The provider is webgo GmbH, Heidenkampsweg 81, 20097, Hamburg (hereafter referred to as “webgo”). When you visit our website, webgo collects various log files, including your IP addresses.
For more details, please refer to webgo’s privacy policy:
https://www.webgo.de/datenschutz/.
The use of webgo is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been requested, processing is carried out exclusively based on Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) under the TTDSG. Consent can be revoked at any time.
Contract for Data Processing
We have entered into a contract for data processing (AVV) for the use of the aforementioned service. This is a data protection agreement that ensures the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Notices
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.
When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We would like to point out that data transmission over the internet (e.g., communication by email) can have security vulnerabilities. Complete protection of data from third-party access is not possible.
Notice Regarding the Responsible Party
The responsible party for data processing on this website is:
Nadja Trunk
11642 Stockholm
Sweden
Email: contact@nadjatrunk.com
The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Retention Period
Unless a more specific retention period is mentioned within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for deletion or withdraw consent for data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur once these reasons no longer apply.
General Information on the Legal Bases for Data Processing on This Website
If you have consented to data processing, we process your personal data based on Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, if special categories of data as per Article 9(1) GDPR are processed. In the case of explicit consent for the transfer of personal data to third countries, data processing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent can be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation, based on Article 6(1)(c) GDPR. Data processing may also occur based on our legitimate interests according to Article 6(1)(f) GDPR. The specific legal bases applicable in each case will be detailed in the following sections of this privacy policy.
Notice on Data Transfer to Data Protection Unsafe Third Countries and Transfer to US Companies Not Certified under the DPF
We use, among other things, tools from companies based in data protection unsafe third countries as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We point out that no data protection level comparable to that of the EU can be guaranteed in data protection unsafe third countries. The USA, as a general rule, does not have a data protection level comparable to that of the EU. Data transfers to the USA are permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional safeguards. Information about transfers to third countries, including data recipients, can be found in this privacy policy.
Recipients of Personal Data
In the course of our business activities, we work with various external entities. This sometimes requires the transfer of personal data to these external entities. We only share personal data with external parties when it is necessary for fulfilling a contract, when we are legally obligated to do so (e.g., sharing data with tax authorities), when we have a legitimate interest in the transfer according to Article 6(1)(f) GDPR, or when another legal basis permits the data transfer. When using processors, we only transfer personal data of our customers based on a valid data processing agreement. In cases of joint processing, a joint processing agreement is established.
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can withdraw any consent already given at any time. The lawfulness of data processing carried out before the withdrawal remains unaffected by the withdrawal.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Article 21 GDPR)
IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(e) OR (f) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR A PARTICULAR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING PROTECTIVE REASONS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the location of the alleged infringement. This right to complain is without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to request that data we process automatically based on your consent or in the performance of a contract be provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Access, Correction, and Deletion
You have the right, within the framework of applicable legal provisions, to request free information about your stored personal data, including its origin, recipients, and the purpose of processing. You also have the right to request correction or deletion of this data. For these requests or any other questions regarding personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your stored personal data, we generally need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data is unlawful, you can request restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request restriction of processing instead of deletion.
If you have filed an objection under Article 21(1) GDPR, a balancing of interests between yours and ours must be conducted. While it is still undecided whose interests prevail, you have the right to request restriction of processing of your personal data.
If you have restricted the processing of your personal data, these data—apart from storage—may only be processed with your consent, to assert, exercise, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of significant public interest of the European Union or a member state.
4. Data Collection on This Website
Cookies
Our websites use so-called “cookies.” Cookies are small data packets and do not damage your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies can be set by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for payment processing). Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies may be used for analyzing user behavior or for advertising purposes.
Cookies necessary for carrying out electronic communication, providing specific functions requested by you (e.g., shopping cart functionality), or optimizing the website (e.g., cookies for measuring web audience) are stored based on Article 6(1)(f) GDPR, unless another legal basis is provided.
The website operator has a legitimate interest in storing necessary cookies to ensure technically error-free and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out solely based on this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be withdrawn at any time.
You can configure your browser to be informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can find information about which cookies and services are used on this website in this privacy policy.
Consent with Borlabs Cookie
Our website uses the consent technology from Borlabs Cookie to obtain your consent for storing certain cookies in your browser or for the use of certain technologies, and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser, which records the consents you have given or the withdrawal of those consents. This data is not shared with the Borlabs Cookie provider.
The collected data is stored until you request its deletion or you delete the Borlabs cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing by Borlabs Cookie can be found at
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
The use of Borlabs Cookie Consent technology is to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.
Analytics and Tracking with WP Statistics
This website uses WP Statistics to gather anonymized data on visitor interactions to better understand website performance and improve user experience. The provider of this plugin is VeronaLabs, located at Tornimäe 5, 10145, Tallinn, Estonia (hereinafter referred to as WP Statistics).
When you visit our website, WP Statistics collects anonymized data, including IP addresses (stored in truncated form), browser type, operating system, pages visited, and approximate location based on the anonymized IP. This information is processed directly on our server and is not shared with the plugin provider or third parties.
The collected data is stored on our server until it is no longer necessary for analytical purposes, or until you request its deletion. You can adjust your cookie settings at any time to disable analytics tracking.
The use of WP Statistics aligns with GDPR standards, providing us with the necessary insights for website optimization without compromising user privacy. The legal basis for using WP Statistics is Article 6(1)(f) GDPR, as it supports our legitimate interest in analyzing user behavior to improve our website.
Appointments and Scheduling with YouCanBook.me
This website uses YouCanBook.me, a booking tool that allows users to easily schedule appointments with us. The provider of this service is YouCanBook.me Limited, based at 38 Mill Street, Bedford, MK40 3HD, United Kingdom.
When booking an appointment through YouCanBook.me, the information you provide (such as name, email address, and time preferences) is processed to coordinate scheduling. YouCanBook.me also records the IP address at the time of booking for verification purposes. This data is stored securely on the provider’s servers and is used exclusively for managing appointments.
Your data will remain with YouCanBook.me until you request its deletion, or until the purpose for its storage no longer applies. You can find more information on YouCanBook.me‘s data processing policies at https://youcanbook.me/privacy.
Using YouCanBook.me is in line with Article 6(1)(b) GDPR, as it facilitates the fulfillment of appointments based on user requests.
5. Social Media
Social Media Elements with Shariff
This website uses elements from social media platforms (e.g., Facebook, X, Instagram, Pinterest, XING, LinkedIn, Tumblr).
The social media elements can generally be recognized by their respective social media logos. To ensure data protection on this website, we use these elements only in conjunction with the so-called “Shariff” solution. This application prevents the social media elements integrated into this website from transmitting your personal data to the respective provider upon your initial visit.
Only when you activate the respective social media element by clicking the associated button is a direct connection established to the provider’s server (consent). Once you activate the social media element, the provider receives the information that you visited this website with your IP address. If you are logged into your social media account (e.g., Facebook) at the same time, the provider can assign the visit to this website to your user account. Activating the plugin constitutes consent within the meaning of Article 6(1)(a) GDPR and § 25(1) TTDSG. This consent can be withdrawn at any time with effect for the future. The use of this service is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.
Instagram
This website integrates features from the Instagram service, which is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When the social media element is active, a direct connection between your device and the Instagram server is established. This allows Instagram to receive information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to this website with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how Instagram uses it. The use of this service is based on your consent according to Article 6(1)(a) GDPR and § 25(1) TTDSG. You can withdraw your consent at any time.
To the extent that personal data is collected on our website and transmitted to Facebook or Instagram using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook or Instagram. The processing carried out by Facebook or Instagram after transmission is not part of the joint responsibility. Our joint obligations have been recorded in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tools and for the data protection-compliant implementation of the tools on our website. Facebook is responsible for the data security of Facebook and Instagram products. Data subject rights (e.g., access requests) concerning data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert data subject rights with us, we are obligated to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381
Further information can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. More information can be obtained from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active
Pinterest
On this website, we use elements from the social network Pinterest, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. When you visit a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to Pinterest’s server in the USA. This log data may include your IP address, the address of the visited websites that also contain Pinterest features, browser type and settings, date and time of the request, your use of Pinterest, and cookies. The use of this service is based on your consent according to Article 6(1)(a) GDPR and § 25(1) TTDSG. You can withdraw your consent at any time.
For more information on the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options for protecting your privacy, please refer to Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy
6. Google AdSense
This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google AdSense, we can display targeted advertisements from third-party companies on our site. The content of these ads is based on your interests, which Google determines based on your previous usage behavior. Additionally, context information such as your location, the content of the visited website, or the Google search terms you entered is considered when selecting the appropriate advertisement.
Google AdSense uses cookies, web beacons (invisible graphics), and similar recognition technologies to evaluate information such as visitor traffic on these pages.
The information collected by Google AdSense about your use of this website (including your IP address) and the delivery of ad formats is transmitted to a server in the USA and stored there. This information may be shared by Google with its partners. However, Google will not merge your IP address with other data stored by you.
The use of this service is based on your consent according to Article 6(1)(a) GDPR and § 25(1) TTDSG. You can withdraw your consent at any time.
The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/
Google is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures adherence to European data protection standards for data processing in the USA. Each company certified under the DPF commits to following these data protection standards. For more information, you can visit the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
Newsletter – Performance Measurement
Our newsletters contain a so-called “web beacon,” which is a tiny file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. During this retrieval process, technical information such as browser details, your system information, IP address, and the time of retrieval are collected.
This information is used for the technical improvement of our services based on technical data or audience behavior. This includes the determination of open rates, the time newsletters are opened, and which links are clicked. Although these statistics can be technically linked to individual newsletter recipients, neither we nor, if applicable, the mailing service provider, aim to monitor individual users. Instead, these evaluations help us understand our users’ reading habits and tailor our content accordingly or send different content based on user interests.
7. Newsletter
Newsletter Data
To receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. Additional data is only collected on a voluntary basis. For processing the newsletters, we use newsletter service providers, which are described below.
With the following information, we inform you about the contents of our newsletters, the registration, dispatch, and statistical evaluation processes, as well as your rights to object. By subscribing to our newsletter, you consent to receiving it and to the described procedures.
Content of the Newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter referred to as “Newsletter”) only with the consent of the recipients or based on legal permission. If the content of the newsletter is specifically described during the registration process, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us.
Double-Opt-In and Logging: Subscription to our newsletter follows a double-opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Subscriptions to the newsletter are logged to demonstrate compliance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Registration Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a first name for personal addressing in the newsletter.
Sweden and Germany: The dispatch of the newsletter and the associated performance measurement is based on the consent of the recipients according to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG, or on the basis of legal permission according to § 7 para. 3 UWG. The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users, and allows us to prove consent.
Cancellation/Withdrawal: You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to be able to prove a previously given consent. The processing of this data is limited to the purpose of possibly defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is also confirmed.
Services and Service Providers Used:
Thrive Themes LLC, Website: https://thrivethemes.com
Privacy Policy: https://thrivethemes.com/privacy-policy/
Brevo
This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service that allows the organization and analysis of newsletters. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue GmbH’s servers in Germany.
Data Analysis by Brevo
With Brevo, we can analyze our newsletter campaigns. For example, we can see if a newsletter message was opened and which links were clicked. This allows us to identify which links are clicked most often.
Additionally, we can determine if certain predefined actions were taken after opening or clicking (conversion rate). For example, we can track if you made a purchase after clicking on the newsletter.
Brevo also enables us to segment newsletter recipients into various categories (“clustering”). Recipients can be segmented by age, gender, or location, allowing us to better tailor newsletters to specific target groups. If you do not want Brevo’s analysis, you must unsubscribe from the newsletter. We provide a link for unsubscribing in each newsletter.
8. Online Marketing and Affiliate Programs
Affiliate Programs on This Website
We participate in affiliate partner programs. In affiliate partner programs, advertisements from a company (advertiser) are placed on websites of other companies within the affiliate partner network (publisher). If you click on one of these affiliate advertisements, you will be redirected to the advertised offer. If you then complete a specific transaction (conversion), the publisher receives a commission. To calculate this commission, it is necessary for the affiliate network operator to track which advertisement led you to the offer and the completed transaction. This is achieved using cookies or similar recognition technologies (e.g., device fingerprinting).
The storage and analysis of data are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in accurately calculating their affiliate commission. If consent has been requested, the processing is carried out solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) according to TTDSG. Consent can be revoked at any time.
We participate in the following affiliate programs:
Amazon Partner Program
The provider is Amazon Europe Core S.à.r.l. For details, please refer to Amazon’s privacy policy at: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. For more information, see: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TOWQAA4&status=Active
Other Affiliate Partner Program:
Digistore24
Provider: Digistore24 MSLW Limited
The Black Church
St. Mary’s Place
D07 P4AX Dublin 7
Ireland
https://www.digistore24.com/
We are also participants in the Innertune Affiliate Partner Program:
Innertune Media Inc.
Innertune Media Inc. is a provider of the Innertune app, which supports well-being through tools like affirmations, meditation, and mindfulness. Innertune Media Inc. has identified itself as a trader for this app and confirmed that this product or service complies with European Union law.
Provider: Innertune Media Inc.
1245b Boul Jean-Baptiste-Rolland O,
Saint-Jerome, QC J7Y 4Y7, Canada
https://innertune.com/privacy-policy