Privacy Policy
FOR THE ADHD WRITING SOLUTIONS WEBSITE
Effective: 14th, November 2025
Table of Contents
PLEASE READ CAREFULLY
This Privacy Policy explains how ADHD Writing Solutions (“we”, “us”, “our”) collects, uses, stores, discloses and protects personal data when you visit or use our website or engage our coaching services (individual or B2B). It covers users in the EU/EEA, the United States (including California), Canada, and other jurisdictions.
We take your privacy and data protection seriously and are committed to handling your personal data responsibly, securely, and transparently. For any privacy-related inquiries, please contact us at susanne@passionatewritercoaching.com
1. What Is The Purpose Of This Policy?
This Privacy Policy describes how ADHD Writing Solutions collects, uses, and discloses your personal information when you visit, or use our services, available at https://adhdwritingsolutions.com and www.passionatewritercoaching.com (the “Site”) or otherwise communicate with us regarding the Site (collectively, the “Services”).
ADHD Writing Solutions process all User’s information in accordance with the Italian Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018) (EU 2016/679), and the EU Consumer Rights Directive (2011/83/EU).
a. Use our Website or service
b. Purchase our Writing Coaching service
c. Engage with us in any way
d. Communicate with us
Nothing in this policy affects your rights under applicable Data Protection Legislation.
2. Applicable Legal Framework
The applicable legal framework for our Privacy Policy procedure is the EU General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR and Data Protection Act 2018, and the Italian Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018).
Under the General Data Protection Regulation (EU) 2016/679 (“GDPR”), ADHD Writing Solutions is required to inform both website visitors and subscribers to our services (“Customer(s),” Client” “you,” or “your”) about how we collect, use, and protect your personal data. We take privacy and security seriously. Our internal policies, access controls, and security systems adhere to industry standard safeguards, including encryption, access limitation, and continuous monitoring. While no system is completely immune to risk, we regularly test and update our security measures to reduce the likelihood of unauthorized access or misuse.
3.Your Consent
In accordance with Article 9(2) (a) GDPR, and the Italian Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018) you hereby give your explicit and informed consent to the processing of any related personal data submitted through the Website.
This consent is given voluntarily and can be withdrawn at any time by emailing susanne@passionatewritercoaching.com. As a User of the Website, you accept the conditions and consent to the processing of your submitted data for the sole purpose of providing the service.
4. Data Controller
The ADHD Writing Solutions (“the Legal Entity”) owns and operate the Website located at https://adhdwritingsolutions.com and www.passionatewritercoaching.com with legal information defined below
ADHD Writing Solutions
Via Nazario Sauro 111
54013 Posara, MS
Italy
Email: susanne@passionatewritercoaching.com website: https://adhdwritingsolutions.com and www.passionatewritercoaching.com
For purposes of the data protection law, we are the “data controller”, meaning we are responsible for how we handle your data. If you are a California Citizen or you are accessing this website in a California region, please see our [California Privacy Notice] in section 17, which applies to California residents/Users.
5. What Data We Collect
When you use the ADHD Writing Solutions website. We only collect the information necessary to operate our platform, communicate with you, and improve our services. Below is the types of data we collect, how we collect it;
a. Contact & identity data: name, organisation, role, email, phone, billing address.
b. Service data: coaching notes, session recordings if consented, client materials you provide.
c. Payment data: invoicing information (we do not store full card numbers; payments processed by third-party processors).
d. Technical & usage data: IP address, browser, device, cookies and analytics for website performance and security.
e. Marketing preferences and communications consents.
This data collection framework ensures transparency, necessity, and proportionality, principles central to GDPR compliance’ while enabling ADHD Writing Solutions to deliver relevant services and maintain a secure, high-quality user experience.
6. How We Collect Your Personal Information
The information that we collect and use varies depending on how you interact with us. We may collect the following categories of personal data from you:
a. When you contact us; including your name, address, phone number, and email.
b. When you supply billing information: including your name, billing address, payment confirmation, email address, and phone number.
c. When you create an account: including your username, password, security questions and other information used for account security purposes.
d. To Ensure Data Security and Fraud Prevention: we monitor log analysis to detect suspicious behaviour.
We rely on legitimate interests as a legal basis, to ensure your interests are balanced against your privacy rights. So such collection or processing does not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see “Your Rights” section).
7. How We Use Your Information
We use your personal data only for clearly defined and lawful purposes that are necessary for the operation of our platform and the fulfilment of our relationship with you. We do not use your data for any unrelated or undisclosed purposes, and we do not sell your data to third parties.
a. To provide coaching and client support (contracts, scheduling, session notes);
b. To manage payments and invoices
c. We use your data to monitor usage patterns and collect analytics to ensure platform functionality and enhancing user experience.
d. If you have opted in to receive communications, we may use your contact details to send you product updates, new deals, and relevant offers. (You can withdraw your consent at any time).
e. We may process or disclose your personal information if required to comply with a lawful governmental, judicial, or regulatory order.
f. To pursue our legitimate business interests
Where required by law or where we rely on your consent, we will process your data only for the specific purposes outlined above. We will not use your personal data for any purposes beyond those listed above without first notifying you and, where required, obtaining your explicit consent.
8. Lawful Basis for Processing
We process your personal data based on one or more of the following lawful grounds:
|
Purpose |
Activities |
Legal Basis (GDPR Art. 6) |
Explanation / Notes |
|
To provide and operate our platform and services |
Account creation, login, and access to the service |
Performance of a contract (Art. 6(1)(b)) |
Necessary to deliver the services you request and maintain platform functionality |
|
To process transactions and manage billing |
Payments via Stripe or similar providers; sending invoices or receipts |
Performance of a contract / Legal obligation (Arts. 6(1)(b),(c)) |
Required to process payments and comply with financial/tax laws |
|
To communicate with you about your account or requests |
Responding to contact forms, support tickets, or feedback |
Legitimate interest (Art. 6(1)(f)) |
Necessary to respond to inquiries and maintain user relationships |
|
To send newsletters, and marketing offers |
Email campaigns, product recommendations, partner promotions |
Consent (Art. 6(1)(a)) |
Sent only if you have opted in; you can withdraw consent anytime |
|
To personalize and improve our website |
Analytics, A/B testing, optimizing layout or deal recommendations |
Legitimate interest / Consent (Arts. 6(1)(f),(a)) |
Our interest in maintaining system integrity and security outweighs minimal data impact |
|
To comply with legal obligations |
Record-keeping, responding to lawful requests from authorities |
Legal obligation (Art. 6(1)(c)) |
Required under EU and national laws (e.g., financial, tax, data protection) |
9. Cookie Policy
Like other websites, we use Cookies on our Site. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.
Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.
10. Who We Share Your Information With
At ADHD Writing Solutions, we value your privacy and handle your personal information responsibly. We do not sell, rent, or trade your personal data to third parties. We share your information only when necessary to operate our business, fulfil our obligations to you, comply with the law, or enhance our services always under strict data protection and confidentiality controls. All third parties that receive User submitted data act as independent data controllers under the GDPR.
We may share your data with:
|
Category |
Purpose/Function |
Example Providers |
|
Service Providers and Sub processors |
To support essential operations such as cloud hosting, analytics, payment processing, email delivery, and customer support. |
AWS, Google Analytics, Stripe, etc. |
|
Professional Advisors |
To obtain legal, accounting, or consulting services necessary for compliance and business operations |
Legal counsel, auditors, data protection advisors |
|
Business Partners and Vendors |
To deliver or promote specific Services that you access through ADHD Writing Solution. |
Verified vendors, affiliate networks |
|
Legal and Regulatory Authorities |
To respond to lawful requests, investigations, or court orders in accordance with applicable law. |
National or EU regulatory bodies, courts
|
|
Successors in Corporate Transactions |
To enable continuity of service if ownership of ADHD Writing Solutions or its assets changes. |
Acquiring or merging entities (subject to this Policy) |
All sub processors:
a. Are bound by written data processing agreements (DPAs);
b. Must act only on our documented instructions;
c. Are prohibited from using your data for their own purposes; and
d. Must maintain appropriate security and confidentiality standards.
A current list of our sub processors is available when you send us a message. We will provide advance notice of any new sub processors via email or account notification, as required under our DPA, before any change becomes effective. You agree to give your Consent for the
use and Sharing of your data, notwithstanding you reserve the right to revoke your consent by sending us an email.
11. International Transfers
Some of our processors are located, or may store data, outside the European Economic Area (EEA). In such cases, ADHD Writing Solutions ensures that appropriate safeguards are in place for international data transfers, including one or more of the following:
a. Standard Contractual Clauses (SCCs) approved by the European Commission or the Italian Information Commissioner’s Office (ICO);
b. Data Privacy Framework (DPF) participation, where applicable;
c. Binding Corporate Rules (BCRs) for intra-group transfers; or
d. Other mechanisms recognized under Articles 45–49 GDPR.
For further details on our transfer mechanisms, please see our Data Processing Addendum (DPA). ADHD Writing Solutions remains the Data Controller for personal data processed on its behalf and retains overall responsibility for ensuring that its sub processors comply with applicable data protection standards. We conduct periodic reviews and audits to verify compliance with our security and privacy requirements.
12. Security Measures
We maintain a comprehensive information security management framework that includes the following safeguards:
- Encryption. All data in transit is protected by TLS 1.2+ encryption, and all stored data is encrypted at rest using AES-256 or equivalent.
- Access Controls. Personal data access is strictly limited to authorised employees and service providers with a legitimate business need, protected through role-based access controls (RBAC) and multi-factor authentication (MFA).
- Data Minimisation and Pseudonymisation. We process only the personal data necessary for defined purposes and apply pseudonymisation or anonymisation techniques wherever feasible.
- Network and Infrastructure Security. ADHD Writing Solution employs secure cloud infrastructure hosted primarily on AWS and other certified environments compliant with ISO 27001, SOC 2, and GDPR Article 28 requirements.
- Vulnerability Management. Regular security audits, penetration testing, and continuous vulnerability scanning are conducted to identify and mitigate emerging risks.
- Employee Training. All staff undergo mandatory data protection and cybersecurity training as part of our compliance programme. Article 7(1) GDPR
If you have any further questions about our security and processing activities, please contact us via email.
13. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, and to protect our legitimate interests.
Retention periods are determined by considering
|
Category of Data |
Purpose of Processing |
Retention Period |
Legal Basis / Notes |
|
Account Data (User profiles, credentials) |
Service access and authentication |
Retained for the duration of the account and up to 12 months after closure |
Contractual necessity / legitimate interests |
|
Billing and Transaction Data |
Accounting and tax compliance |
7 years (EU legal requirement) |
Legal obligation |
|
Marketing and Communication Data |
Promotional communications and user engagement |
Until withdrawal of consent or 24 months after last interaction |
Consent / legitimate interests |
|
Support and Correspondence Logs |
Customer support records |
Up to 3 years after resolution |
Legitimate interests |
|
Technical and Log Data (IP, usage analytics) |
Security monitoring and service performance |
Up to 12 months, unless extended for security reasons |
Legitimate interests |
|
Backup and Archival Data |
Business continuity |
Maximum 90 days after deletion request |
Legal and operational necessity |
After these periods, personal data is securely deleted, anonymised, or aggregated for statistical purposes, ensuring it can no longer identify an individual.
14. Your Rights
Under the General Data Protection Regulation (EU) 2016/679 (GDPR), and other global data protection laws, you are recognised as a Data Subject and enjoy specific rights concerning your personal data. These rights apply irrespective of your nationality or place of residence, as long as your data is processed within the scope of applicable data protection laws. You can exercise any of your rights by contacting our Data Protection Officer (DPO) at susanne@passionatewritercoaching.com.
- Right to access: You have the right to obtain confirmation as to whether we process your personal data, and, where applicable, (art. 15 GDPR),
- Right to rectification: You may request correction or completion of any personal data that is inaccurate or incomplete. (art. 16 GDPR),
- Right to erasure: You have the right to request the deletion of your personal data (art. 17 GDPR),
- Right to restrict processing: You may request that we temporarily suspend the processing of your data (art. 18 GDPR),
- Right to object: You may object at any time to the processing of your personal data (art. 21 GDPR);
- Right to data portability: You may request a copy of your personal data that you have provided to us, in a structured, commonly used, and machine readable format (such as CSV or JSON) (art. 20 GDPR).
- Right to withdraw your consent: you can revoke your consent at any time by contacting us at susanne@passionatewritercoaching.com. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.
- Right to Lodge a Complaint. If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a Supervisory Authority in the country where you reside, work, or where the alleged infringement occurred.
List of links to lodge a complaint:
- For EU/EEA residents: see the list of national authorities at
https://edpb.europa.eu/about-edpb/board/members_en - For UK residents: contact the Information Commissioner’s Office (ICO)
https://ico.org.uk/make-a-complaint/ - For Swiss residents: contact the Federal Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/
Residents of California, Virginia, and other U.S. states can contact us to find additional appeal and complaint information.
15. California Privacy Notice (CCPA / CPRA)
This section applies only to residents of California, USA, in accordance with the California Consumer Privacy Act (CCPA) and the new California Privacy Rights Act (CPRA). It supplements, and does not replace, the general Privacy Policy of ADHD Writing Solution. We collect some personal information from you, in order to deliver and maintain our services, process transactions, improve and secure our services and comply with legal obligations
Your California Rights. As a California resident, you have the following rights:
- Right to Know and Access. Request details about the categories and specific pieces of personal information we have collected, used, or disclosed.
- Right to Delete. Request deletion of your personal information, subject to legal exceptions.
- Right to Correct. Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing. Request that we stop selling or sharing your personal data (we currently do not sell any data).
- Right to Limit Use of Sensitive Information. We do not process sensitive information for secondary purposes.
- Right to Non-Discrimination. You will not be discriminated against for exercising any of your rights under the CCPA/CPRA.
- Right to Appeal. If you disagree with our response, you may appeal by emailing susanne@passionatewritercoaching.com with “CCPA Appeal” in the subject line
How to Exercise Your Rights. To submit a verifiable request, you may contact us through: Email: susanne@passionatewritercoaching.com
16. Children's Privacy
Our services are not directed to children, and we do not knowingly collect or process personal information from anyone under the legal age of digital consent:
- EU: under 16 (may vary 13–16 by Member State)
- UK: under 13
- US (COPPA): under 13
If we discover that a child’s data has been collected without verified parental consent, we will delete or anonymise it within 30 days of notice, unless required by law to retain it. Parents or guardians who believe their child has shared personal data with us should contact susanne@passionatewritercoaching.com. We will verify the request and promptly erase the data.
Where age verification is required, we may use age-gating tools or parental consent workflows, ensuring no unnecessary data is collected. We comply with GDPR, Data Protection Act 2018, COPPA, and other global child privacy laws to maintain a safe, age-appropriate environment for all users.
17. Amendments and Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. The latest version will always be available on this page and marked with its last updated date.
If we make material changes that affect your rights or the way we process your personal data, we will notify you in advance by email, in product notice, or other reasonable means before the update takes effect. Your continued use of our website or services after any changes have been published means you accept the revised Policy. All modifications comply with GDPR, UK GDPR, CCPA/CPRA, and other applicable global data protection laws.
18. Supervisory authorities & further information
If you are in the EU/EEA and wish to file a complaint you may contact your local supervisory authority (for Italy: Garante per la protezione dei dati personali). For California residents see the California Attorney General guidance and for Canadians the Office of the Privacy Commissioner of Canada provides compliance guidance
For queries and complaints please Email: susanne@passionatewritercoaching.com