Privacy Policy

§1 Introduction

We at PPPM Academy (“we”, “our”, “us”) are committed to protecting and respecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under the General Data Protection Regulation (GDPR) and other applicable laws. By using our website pppmacademy.com (the “Website”), you agree to the terms described in this Privacy Policy.

§2 Data Controller

The data controller responsible for your personal data is:

PPPM Academy
Abt-Karlgasse 25/6
A-1180 Vienna
Austria

Email: mark@pmcowboy.com

Phone: +43 664 415 5115

§3 Data We Collect

  • Directly provided data: Information you give when registering, purchasing, or contacting us (e.g., name, email, billing data).
  • Automatically collected data: IP address, browser, device information, and pages visited.
  • Cookies: See our Cookie Policy for details.

We do not knowingly collect data from children under 16 years of age.

§4 Legal Basis for Processing

We process your data based on the following GDPR legal grounds:

  • Contractual necessity: To provide our services to you.
  • Consent: For newsletters, non-essential cookies, etc.
  • Legal obligation: To comply with legal or tax requirements.
  • Legitimate interest: To improve services and secure the website, where not outweighed by your rights.

§5 How We Use Your Data

  • To manage accounts, purchases, and course access.
  • To process transactions and deliver invoices.
  • To send service-related updates and notifications.
  • To improve the Website, analyze usage, and optimize user experience.
  • To send marketing content with your consent.

§6 Sharing of Data

We only share your data when necessary, including with:

  • Service providers (e.g., payment processors, email providers, cloud hosting).
  • Analytics tools (e.g., Matomo - only with your consent).
  • Legal authorities if required by law.

We never sell your data.

§7 Cookies and Tracking Technologies

We use cookies to enhance your experience, analyze traffic, and personalize content. Essential cookies are always active. For others, we ask for your consent.

See our full Cookie Policy for more details.

§8 Data Retention

We retain personal data only as long as necessary or required by law:

  • Accounts: while active, or until requested to be deleted.
  • Billing data: typically retained for 7 years for tax purposes.
  • Marketing: until you unsubscribe or withdraw consent.

§9 Data Security

We implement technical and organizational security measures to protect your data against unauthorized access, loss, or misuse, including encryption, secure servers, and restricted access.

§10 International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions as defined by the European Commission.

§11 Payments via Stripe

We process online payments through the service provider Stripe. The relevant entities are Stripe Payments Europe, Ltd. (Ireland) and, where applicable for support/processing, Stripe, Inc. (USA) (“Stripe”). When you pay for an order, your payment data is transmitted directly to Stripe; we do not store full card numbers on our systems.

Categories of Data

Billing name, email address, billing address, order ID, partial card details (e.g., last 4 digits, brand), transaction identifiers, and anti-fraud signals (IP address, device/browser information, and risk scores).

Purpose and Legal Bases (GDPR)

  • Art. 6(1)(b) GDPR - Contract: to take payment and fulfill your order.
  • Art. 6(1)(f) GDPR - Legitimate Interests: secure and efficient payment processing and fraud prevention.
  • Art. 6(1)(c) GDPR - Legal Obligation: compliance with bookkeeping, tax, and anti-fraud requirements.

Recipients and International Transfers

Data is shared with Stripe as an independent service provider. Depending on your location and transaction routing, data may be transferred outside the EEA (e.g., to the USA). Stripe uses safeguards recognized by the GDPR (e.g., Standard Contractual Clauses) and implements additional security measures. Details: https://stripe.com/privacy.

Retention

We retain invoice and payment records for up to 7 years (or as required by law). Stripe defines its own retention periods; see Stripe’s Privacy Policy.

Fraud Prevention and Security

Stripe may use risk-based screening and technical identifiers (including cookies or similar technologies) to help detect and prevent fraudulent activity and to ensure secure transactions.

§12 Your Rights under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of your data.
  • Rectification: Correct any incorrect or incomplete data.
  • Erasure: Request deletion of your data.
  • Restriction: Request that we limit how we use your data.
  • Portability: Receive your data in a structured format to transfer to another provider.
  • Objection: Object to processing based on legitimate interest or direct marketing.
  • Withdraw consent: At any time, where processing is based on consent.

To exercise any of these rights, contact us at mark@pmcowboy.com. You may also lodge a complaint with your national Data Protection Authority.

§13 Third-Party Links

Our Website may include links to external sites. We are not responsible for the privacy practices or content of those third-party websites.

§14 Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. The latest version will always be available on this page.

Last updated: November 10th, 2025