Privacy Policy (GDPR-Compliant)

Effective date: 20 October 2025
Last updated: 20 October 2025
Version: 1.0

1 · Controller and Contact Information

Controller: Jon V. Bjarnason
Postal address: P.O. Box 352, 262 Iceland
Email: [email protected]

For all privacy-related matters, please contact the Controller at the address or email above.

2 · Scope and Purpose

This policy explains how RichestMan.org (the “Site”) collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR (EU) 2016/679) and Icelandic data-protection law.

By using this Site, signing up to a mailing list, downloading content, or purchasing products or services, you agree to the terms of this Privacy Policy.

3 · How We Collect Personal Data

We collect information about you in the following ways:

Direct interactions – when you:

  • order products or services;

  • subscribe to emails or publications;

  • request resources, support, or marketing materials;

  • complete a form, survey, or questionnaire; or

  • communicate with us by email, phone, or post.

Automated technologies – we use cookies and similar tools to collect technical data about your device, browsing actions, and usage. See our Cookie Policy.

Third-party sources – we may receive limited personal data from:

  • analytics providers such as Google Analytics;

  • advertising platforms such as Meta (Facebook/Instagram);

  • payment and fulfilment processors such as PayPal, Stripe, or Kajabi;

  • publicly available sources such as business registries.

4 · Personal Data We Collect

Depending on your interaction with the Site, we may collect:

  • Identity data: name or username.

  • Contact data: email address, postal address, phone number.

  • Transaction data: payments, orders, and billing details (handled by secure payment providers).

  • Technical data: IP address, browser type, operating system, time zone, referring URLs.

  • Profile and usage data: preferences, interests, responses, and engagement with our content.

We do not collect sensitive or special-category data.

5 · Legal Bases for Processing

We process your personal data on one or more of the following lawful grounds:

  1. Contract – to perform or prepare a contract with you.

  2. Consent – where you have clearly agreed (e.g., email marketing).

  3. Legitimate interests – to manage our business, improve services, prevent fraud, and communicate with subscribers.

  4. Legal obligation – to comply with tax, accounting, or regulatory requirements.

6 · Purposes of Processing

Purpose Lawful basis Legitimate interest (where applicable)
Registering you as a customer or subscriber Contract
Processing and delivering orders Contract / Legitimate interest Recover debts owed
Sending requested content or newsletters Consent / Legitimate interest Provide useful resources
Managing our relationship and updates Contract / Legal obligation / Legitimate interest Keep records current
Conducting surveys or promotions Consent / Legitimate interest Improve products and engagement
Administering and protecting the Site Legal obligation / Legitimate interest Network and data security
Analysing usage and improving content Legitimate interest Develop business and marketing strategy
Marketing similar goods or services Consent / Legitimate interest Grow business responsibly

You may withdraw consent at any time by using the unsubscribe link in emails or by contacting [email protected].

7 · Marketing and Communications

You will receive marketing messages only if you have:

  • opted in, or

  • previously purchased from us and not opted out.

You can unsubscribe at any time via the link in any email or by emailing [email protected].
We do not sell your personal data.

8 · Disclosures and Processors

We share limited data only with trusted service providers (processors) who act under written agreements:

  • Website and email hosting (e.g., Kajabi)

  • Payment processors (e.g., PayPal, Stripe)

  • Analytics (e.g., Google Analytics)

  • Professional advisers (lawyers, accountants, insurers)

  • Authorities, if legally required

Each processor is bound by confidentiality and data-processing agreements.

We may transfer data in connection with a merger, sale, or business reorganisation. You will be notified and may unsubscribe before and after any such transfer.

9 · International Transfers

Some service providers are located outside the European Economic Area (EEA). When transferring personal data internationally, we use one or more of the following safeguards:

  • Adequacy decisions by the European Commission;

  • EU Standard Contractual Clauses (SCCs) and, where required, the UK Addendum;

  • For US-based providers, participation in the EU–US Data Privacy Framework.

To learn more about specific safeguards, contact [email protected].

10 · Retention Periods

Category Retention
Newsletter & marketing data Until you unsubscribe or after 24 months of inactivity
Customer account data While the account remains active; deleted 24 months after inactivity
Orders, invoices & financial records 6 years (from final transaction) – tax/legal requirement
Support correspondence 24 months after resolution
Analytics & website logs 14–26 months (then anonymised)

We may retain anonymised data indefinitely for statistical purposes.

11 · Cookies

This Site uses essential cookies and, with your consent, analytics or advertising cookies.
You can manage preferences at any time through our Cookie Policy and banner controls.

12 · Security

We employ appropriate technical and organisational measures, including:

  • Encryption (TLS) for data in transit;

  • Access controls and least-privilege permissions;

  • Multi-factor authentication for admin systems;

  • Regular security reviews and vendor DPAs.

No online system is completely secure, but we strive to protect your data from loss, misuse, or unauthorised access.

13 · Data Subject Rights

You have the right to:

  1. Receive clear information about how we use your data.

  2. Access your personal data.

  3. Correct inaccuracies.

  4. Request erasure (“right to be forgotten”).

  5. Restrict or object to processing.

  6. Data portability (receive your data in a structured, commonly used format).

  7. Withdraw consent at any time.

  8. Lodge a complaint with a supervisory authority.

Response time: We will reply within one month of verifying your identity; this may be extended by up to two months for complex cases. Requests are free of charge unless manifestly unfounded or excessive.

To exercise any right, contact [email protected].

14 · Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with:

Persónuvernd – The Icelandic Data Protection Authority
Rauðarárstígur 10, 105 Reykjavík, Iceland
Website: www.personuvernd.is
Email: [email protected]

You may also contact your local supervisory authority within the EEA/UK.

15 · Children

Our services are not directed to children.
If you are under 16 (or under the age applicable in your country), do not provide personal data without parental consent.
If we learn that we hold data from a minor without consent, we will delete it promptly.

16 · Profiling and Automated Decision-Making

We use analytics and audience segmentation to understand performance and tailor communications.
This does not involve automated decision-making that produces legal or similarly significant effects under Article 22 GDPR.
You may object to direct-marketing-related processing at any time.

17 · Links to Other Sites

Our Site may include links to external websites, plug-ins, or applications.
We are not responsible for their privacy practices.
When you leave our Site, please review the privacy policy of any site you visit.

18 · Data Breach Procedures

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify both you and the appropriate supervisory authority as required by law.

19 · Business Transfers

Customer lists and related data may be treated as business assets.
If we merge, sell, or transfer assets, your personal data may be included, subject to the same protections and with advance notice.

20 · Changes to This Policy

We may update this Privacy Policy occasionally.
The latest version will always appear on this page with a revised “Last updated” date.
Material changes will be announced via website notice and/or email where appropriate.

21 · Acceptance

By using RichestMan.org, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
If you do not agree, please discontinue use of the Site and contact us with any concerns.