⚠ Informational directory. Verify everything directly with providers and a
qualified professional before acting. This is not medical advice.
# Privacy Policy
_Last updated: 2026-06-01 · Version 1.0_
520888.net is committed to **data minimization**: we collect as little personal data as
possible. This policy explains what we collect, why, and your rights under the EU General Data
Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
## Who we are (Data Controller)
[OPERATOR LEGAL NAME], [ADDRESS], contact: privacy@520888.net.
_(Complete before going live — see IMPRINT.md.)_
## What we collect
| Data | Why | Legal basis | Retention |
|------|-----|-------------|-----------|
| Newsletter email (optional) | Send updates you asked for | Consent (GDPR Art.6(1)(a)) | Until you unsubscribe |
| Review text + optional contact email | Publish moderated user experiences | Consent | Until you request erasure |
| Server/CDN access logs (by our host) | Security, abuse prevention | Legitimate interest (Art.6(1)(f)) | Per host policy (short) |
We do **not** collect: medical records, health conditions, payment data, names, or precise
location. We do **not** sell personal data. We do **not** use advertising or cross-site
tracking cookies. We do **not** create user accounts.
## Cookies & tracking
By default this site sets **no tracking cookies**. Any analytics, if enabled, is privacy-
preserving and cookieless. See [Cookie Notice](COOKIES.md).
## Processors we use
- Static hosting / CDN provider (serves the site, keeps short access logs)
- Email/newsletter provider (stores your email if you opt in, with double opt-in)
A current list is maintained in our internal data map (GDPR Art.30).
## Your rights
**GDPR (EU/EEA/UK):** access, rectification, **erasure (Art.17 — "right to be forgotten")**,
restriction, portability, objection, and the right to withdraw consent at any time. You may
also lodge a complaint with your supervisory authority.
**CCPA (California):** right to know, delete, and opt out of "sale" (we do not sell data), and
the right to non-discrimination for exercising your rights (§1798.100 et seq.).
To exercise any right, email **privacy@520888.net**. We will respond within the statutory time
limits (GDPR: 1 month; CCPA: 45 days).
## International transfers
Data may be processed in the US/EU depending on our hosting and email providers. Where required,
appropriate safeguards (e.g. Standard Contractual Clauses) are applied.
## Changes
We will post updates here with a new version number and date.