Privacy Policy

1. Data Controller

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

José Alberto Martinho Esteves
Am Fischstein 70
60487 Frankfurt am Main
E-Mail: moneynarrative@gmail.com

2. General Information

The protection of your personal data is important to us. We process personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

3. Collection and Storage of Personal Data, Type and Purpose of Use

a) When Visiting the Website

When you access our website, the following information is automatically transmitted to our server and temporarily stored in so-called log files:

• IP address of the requesting device  
• Date and time of access  
• Name and URL of the retrieved file  
• Website from which the access is made (Referrer URL)  
• Browser used and, if applicable, the operating system  
• Name of your internet service provider

This data is processed for the following purposes:

• Ensuring a smooth connection setup  
• Ensuring a comfortable use of the website  
• Evaluation of system security and stability  
• Other administrative purposes

Legal basis: Art. 6 Abs. 1 lit. f GDPR (legitimate interest)   No direct conclusions are drawn about your identity.

b) Contact Form

If you contact us via the contact form, we process the data you enter (e.g., name, email address, message) exclusively to handle your inquiry and for any follow-up questions.

Legal basis:  

• Art. 6 Abs. 1 lit. b GDPR (performance of a contract or pre-contractual measures), if your inquiry is aimed at concluding a contract  
• Art. 6 Abs. 1 lit. f GDPR (legitimate interest in efficient communication) in other cases

Storage period:  

• Deletion after final processing, at the latest after 6 months, provided there are no statutory retention obligations to the contrary

The data will not be passed on to third parties unless this is necessary for processing or required by law.

c) UTM Attribution (consent required)

We use an attribution cookie to store marketing parameters (e.g., utm_source, utm_medium, utm_campaign, utm_content, where applicable gclid/fbclid/msclkid) and associate them with a session. Collection only after your consent to “Analytics” via the cookie settings.

Processed data: UTM parameters (first and last touch), entry URL, timestamp, optional referrer domain.

Purposes: Measurement of the reach of different channels (e.g., Instagram bio, LinkedIn profile) and consistent attribution across subdomains (e.g., linktree.moneynarrative.org). Legal basis: Art. 6(1)(a) GDPR (consent).

Storage period: up to 180 days or until consent is withdrawn. Recipients/Categories: internal systems (own servers/Strapi, EU hosting). No merging with plain-identifiable data or profiling takes place; IP addresses are not stored in plain text.

d) Linktree click log (consent required)

When clicking on tiles in our link tree (e.g., from linktree.moneynarrative.org to moneynarrative.org), we store a privacy-friendly event record, provided you have accepted “Analytics”.

Processed data: tile ID/title, destination URL and host, source host/subdomain, language, attribution snapshot (see above), consent snapshot (time/source/version), user agent, referrer URL, server time, IP hash (SHA-256 of IP + salt; the IP itself is not stored).

Purposes: cross-channel success and error analysis (which tile leads where), abuse/error diagnostics.

Legal basis: Art. 6(1)(a) GDPR (consent); for minimal abuse prevention additionally Art. 6(1)(f) GDPR (legitimate interests) – without personal reference, since IP is hashed.

Storage period: automatic deletion after 180 days (daily cron job).
Transfers: no third-country transfer; stored on our servers (EU).

e) Newsletter Dispatch (MailerSend)

If you subscribe to our newsletter, we process your personal data for regular delivery by email.

Service provider (processor):  

• MailerSend (The Remote Company), using the EU-Region  
• Data processing agreement pursuant to Art. 28 GDPR; the Data Processing Addendum (DPA) is part of the contractual relationship (no separate signature required)  
• DPA: https://www.mailersend.com/legal/data-processing-addendum

Data processed:  

• Email address, if applicable, name  
• Time of registration and confirmation (Double-Opt-In)  
• Dispatch and delivery information (e.g., whether an email was delivered/opened or a link was clicked)  
• if applicable, technical log data to prove consent (e.g., timestamp, if applicable, IP address)

Purposes:  

• Management of subscriptions  
• Technical handling of email dispatch  
• Reach measurement/performance (open and click rates) to optimize the newsletter

Legal bases:  

• Art. 6 Abs. 1 lit. a GDPR (consent to receive the newsletter)  
• Art. 6 Abs. 1 lit. f GDPR (legitimate interest in logging DOI records)  
• Art. 28 GDPR (data processing)

Revocation/Unsubscription:  

• You can revoke your consent at any time with future effect (e.g., via the unsubscribe link in every newsletter email or by sending us an email, see Section 1). The lawfulness of the processing carried out until the revocation remains unaffected.

Storage period:  

• Subscriber data until the revocation of consent  
• DOI records and associated log data may be stored for up to 3 years (regular limitation period) to prove consent; subsequently deleted or anonymized

Place of processing/transfers:  

• Processing in MailerSend's EU-Region. Should a third-country transfer become necessary in exceptional cases, it will only take place in compliance with Art. 44 ff. GDPR (e.g., EU Standard Contractual Clauses).

Security/Sub-processors:  

• MailerSend uses appropriate technical and organizational measures (TOMs) and may use carefully selected sub-processors who are contractually bound in accordance with Art. 28 GDPR.

4. Use of Third-Party Tools

a) Google Analytics

This website uses Google Analytics (Google Ireland Limited) to analyze usage and improve our offer. Google Analytics uses cookies and similar technologies, among other things. This may result in the transfer of data to Google servers outside the EU.

Legal basis: Art. 6 Abs. 1 lit. a GDPR (consent)   You can revoke your consent at any time via the cookie settings.

More information:  

• https://marketingplatform.google.com/about/analytics/terms/us/  
• https://policies.google.com/?hl=en

b) TradingView

We integrate tools from TradingView Inc. to display interactive financial charts and data. Cookies and similar technologies may be used in this process.

Legal basis: Art. 6 Abs. 1 lit. a GDPR (consent)   You can revoke your consent at any time via the cookie settings.

More information:  

• https://www.tradingview.com/policies/  
• https://www.tradingview.com/privacy-policy/

c) YouTube

Our website embeds videos from YouTube (Google LLC) in the so-called “enhanced privacy mode.” When you visit a page with an embedded YouTube video, no cookies are set as long as you do not give your consent for it to be displayed. Only after active consent are contents loaded and cookies or similar technologies set by YouTube/Google; in this process, personal data (e.g., your IP address) may be transmitted to Google servers in the USA.

Legal basis: Art. 6 Abs. 1 lit. a GDPR (consent)   You can revoke your consent at any time via the cookie settings.

More information:  

• https://policies.google.com/privacy?hl=en  
• https://support.google.com/youtube/answer/2801895
• Google Analytics is loaded only after consent; there is no automatic pageview tracking. We send a manual page_view after setting anonymous user properties (e.g., channel attribution).
• Self-referrals are excluded (including moneynarrative.org, linktree.moneynarrative.org).

5. Rights of the Data Subjects

You have the right:

• Art. 15 GDPR: to request information about the personal data processed  
• Art. 16 GDPR: to request the rectification of inaccurate or completion of incomplete data  
• Art. 17 GDPR: to request the erasure of personal data  
• Art. 18 GDPR: to request the restriction of processing  
• Art. 20 GDPR: to receive your data in a portable format  
• Art. 7 Abs. 3 GDPR: to revoke consent at any time with future effect  
• Art. 77 GDPR: to lodge a complaint with a supervisory authority

6. Right to Object

If your data is processed on the basis of Art. 6 Abs. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing, provided there are grounds arising from your particular situation.

7. Data Security

We use SSL/TLS encryption (Secure Socket Layer/Transport Layer Security) at the highest level supported by your browser.

8. Validity and Changes to this Privacy Policy

This privacy policy is effective as of September 08, 2025.

It may be amended in the course of the further development of our website or due to changes in legal requirements.