PRIVACY POLICY

1. Introduction

This Privacy Policy provides comprehensive information about how personal data is collected, processed, and protected when you access or interact with https://www.20kgateway.com (“Website”) or use any related services, including digital products, online workshops, course environments, and communication channels (collectively, the “Service”).

We understand the importance of your privacy and are committed to processing your data in a transparent, lawful, and secure manner. All processing activities are carried out in compliance with the General Data Protection Regulation (GDPR) and, where applicable, other international data protection standards.

This Privacy Policy applies regardless of whether you access the Website from within the European Union (“EU”) or from another jurisdiction. By using the Website or Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should discontinue use of the Website and the Service.

2. Controller and Contact Information

The party responsible for determining the purposes and means of processing your personal data (“controller”) is:

Name: Mads Rechenburg
Address: Navrsni 1342, 25168 Kamenice, Czech Republic
Email: support@20kgateway.com
Website: https://www.20kgateway.com

As the controller, I am responsible for ensuring that all personal data is processed in accordance with Article 5 GDPR (principles relating to processing), Article 13 GDPR (information obligations), and Article 24 GDPR (responsibility of the controller).

If you have questions, concerns, or wish to exercise your legal rights, you may contact me at any time using the details provided above.

3. Scope of This Privacy Policy

This Privacy Policy applies to all processing of personal data carried out in connection with the Website and the Service. Specifically, it governs:

• Data processed when you browse or interact with the Website.
• Data processed when you purchase, access, or participate in online workshops, digital products, or courses offered through platforms such as PayHip and Thinkific.
• Data processed when you complete checkout flows facilitated by third-party payment processors such as Stripe, PayPal, Mollie, and Thinkific Payments.
• Data processed when you communicate with us, submit forms, request support, or otherwise voluntarily interact with the Service.
• Data processed through analytics, advertising, and performance tools such as Matomo, Google Tag Manager, Google Analytics, Google Ads, YouTube Ads, and the Meta Pixel (Facebook & Instagram).
• Data processed by our hosting provider Webflow, which provides infrastructure required to operate the Website.

This Policy does not apply to third-party websites, platforms, or services that we do not control. If you access a third-party service (for example, by following an external link), the processing of your data is subject to that third party’s own privacy policy.

4. Categories of Personal Data We Collect

We may process several categories of personal data depending on how you interact with the Website and the Service. Each category reflects the nature of your interaction and the technical processes necessary to operate the Website and fulfil contractual obligations.

4.1 Data You Provide Voluntarily

When you engage directly with the Service, for example by purchasing a digital product, registering for a workshop, contacting support, or completing a form, you may provide personal data such as your name, email address, billing address, or other information required for the specific process.

If you create an account on PayHip or Thinkific, you will provide login details such as an email address and password. When participating in a digital workshop or course, you may voluntarily provide additional information through exercises, surveys, or uploads; such information is processed solely for the purpose of delivering the educational service you enrolled in.

Payment information—such as card numbers or banking data—is handled exclusively by certified third-party payment providers. We do not receive, process, or store your full payment card details.

4.2 Data Collected Automatically Through Website Use

When you access the Website, your browser automatically transmits certain technical information necessary for establishing a secure and functional connection. This includes your IP address, browser type and version, device characteristics, operating system, date and time of access, referrer URL, and data relating to the pages you view or actions you take on the Website.

This technical information is logged automatically by our hosting provider and is required for system security, error detection, fraud prevention, and ensuring the Website displays correctly across different devices. Depending on your cookie preferences, additional technical data may be collected through analytics or advertising tools described later in this Policy.

4.3 Data Collected Through Analytics, Advertising, and Tracking Technologies

If you provide consent through our cookie banner, the Website may use analytics and marketing technologies that collect information about your behaviour across pages and sessions. These technologies may involve cookies, pixel tags, device identifiers, or digital fingerprinting.

Depending on your choices, tools such as Google Analytics, Google Ads, YouTube Ads, Matomo, or the Meta Pixel may process data such as pseudonymous identifiers, device characteristics, actions taken on specific pages, advertising interactions, conversion metrics, and aggregated behavioural patterns.

This data enables us to measure website performance, understand user engagement, evaluate advertising campaigns, and improve the relevance and clarity of our content. Consent to these technologies may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

4.4 Data Generated Through Communication or Customer Support

If you contact us directly by email or through the support functions provided by PayHip or Thinkific, we may process the information you submit, such as your name, email address, message content, and any relevant attachments. This information is used exclusively to answer your inquiry, resolve issues with your purchase, or fulfil pre-contractual or contractual obligations.

5. How We Collect Personal Data

We collect personal data through both direct interactions initiated by you and automated processes necessary for the functioning and optimisation of the Website and the Service.

When you complete a purchase, register for a course, or enter information into any form, that data is transmitted to us or to one of our contracted service providers, depending on the nature of the interaction. For example, purchases processed through PayHip or Thinkific will result in your data being recorded in those platforms so that access to your purchased product can be granted, your order can be documented, and any applicable tax obligations can be fulfilled.

In addition, during every visit to the Website, technical information is automatically transmitted by your device to our hosting provider to ensure the Website can be displayed reliably, securely, and in a technically optimised manner. This includes server logs that are essential for detecting errors, mitigating threats, and analysing performance issues.

Personal data is also collected when you authorise the use of cookies and tracking tools through our cookie banner. These technologies enable certain features—such as analytics, A/B testing, conversion measurement, or retargeting advertisements—and only become active when you provide consent. Once consent is given, third-party tools may record your interactions across pages, gather pseudonymous identifiers, and transmit behavioural data that assists us in improving user experience and evaluating marketing activities.

Finally, personal data may be collected when you communicate with us, such as when you send an email or request support through the Website or via course platforms. In these cases, data is collected solely for the purpose of responding to your inquiry and ensuring the quality and continuity of the Service.

‍

6. Third-Party Tools

6.1 Hosting with Webflow

Our marketing website at https://www.20kgateway.com is hosted by Webflow, a service provided by Webflow, Inc., located at 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereafter referred to as "Webflow"). When you visit our website, Webflow logs various information, including your IP address.

Webflow is a platform for creating and hosting websites. It uses cookies and other recognition technologies that are necessary to display the site, provide certain website functions, and ensure security (necessary cookies). Please note that our courses and purchased materials are not hosted on Webflow. Webflow is used exclusively for our marketing website and public pages. For more information, please refer to Webflow's privacy policy:
Webflow Privacy Policy: https://webflow.com/legal/privacy
Webflow EU Privacy Policy: https://webflow.com/legal/eu-privacy-policy

The use of Webflow is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, data processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in accordance with the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. For more details, please refer to the Webflow EU Privacy Policy.

‍

6.2 Matomo

We use the web analytics service Matomo, provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (hereafter referred to as “Matomo”). Matomo helps us analyze the usage of our website and understand how visitors interact with our content. When you visit our website, Matomo processes certain information such as your shortened IP address, browser and device information, the pages you visit, and the actions you take on the site.

We use the cloud version of Matomo, which is hosted on servers located in Frankfurt, Germany. This ensures that all analytics data remains within the EU and is handled in accordance with European data protection standards. Matomo may use cookies or similar recognition technologies, depending on your consent settings. In our configuration, Matomo also uses a privacy-friendly “digital fingerprinting” method that creates a pseudonymised identifier based on technical characteristics of your device. This fingerprint is automatically renewed every 24 hours.

The use of Matomo is based on Article 6(1)(f) GDPR, as we have a legitimate interest in optimizing and improving the usability of our website. If Matomo uses cookies or similar technologies that require consent, data processing takes place exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TTDSG, provided that such technologies access or store information on your device. You may revoke your consent at any time via our cookie settings.

For more information on Matomo’s data practices, please refer to Matomo’s privacy policy:
https://matomo.org/privacy-policy/

6.3 Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager allows us to manage and implement tracking scripts and marketing tags on our website without editing the code directly. When you visit our website, Google Tag Manager may process your IP address and technical device information solely for the purpose of delivering and controlling tags. Google Tag Manager itself does not create user profiles or store cookies; it only enables other tools to be activated.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR, as we have a legitimate interest in the efficient and technically secure integration of analytics and marketing technologies. If tags managed through Google Tag Manager rely on cookies or consent-based tracking, data processing occurs exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.

For more information on data processing by Google, please refer to Google’s privacy policy:
https://policies.google.com/privacy

6.4 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics helps us understand how visitors use our website by processing information such as your IP address (shortened where possible), device and browser details, and on-site interactions. This information is used to measure website performance and improve user experience.

Depending on your consent settings, Google Analytics may use cookies or similar recognition technologies. Data may be transferred to Google servers in the USA. Such transfers are based on the EU Commission’s Standard Contractual Clauses.

The use of Google Analytics is based on Article 6(1)(a) GDPR and §25(1) TTDSG. You may withdraw your consent at any time via our cookie settings.

For more information, please refer to Google’s privacy policy:
https://policies.google.com/privacy

6.5 Google Ads (including YouTube Ads)

We use Google Ads and YouTube Ads (provided by Google Ireland Limited) to run advertising campaigns and measure their performance. When you interact with a Google or YouTube advertisement, Google processes information such as your IP address, the pages you visit on our website, and any actions you take after clicking an ad (e.g., purchases or sign-ups). These features help us optimize our advertising spends and reach users who are most likely to be interested in our services.

Google Ads may place cookies or similar recognition technologies on your device, depending on your consent preferences. Data may also be transferred to Google servers in the United States based on the EU Commission’s Standard Contractual Clauses.

The use of Google Ads is based on Article 6(1)(a) GDPR and §25(1) TTDSG. You can revoke your consent at any time.

Further information about Google’s advertising services can be found here:
https://policies.google.com/technologies/ads

6.6 Meta Pixel (Facebook & Instagram)

We use the Meta Pixel, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Meta Pixel enables Meta to process data such as your IP address, browser information, on-site actions, and pixel event data for the purpose of delivering personalized advertising, measuring conversions, and building audiences for advertising campaigns on Facebook and Instagram.

Meta may use cookies or similar technologies depending on your consent. Data may be transferred to Meta entities in the United States. Such transfers are based on the EU Commission’s Standard Contractual Clauses.

The use of Meta Pixel takes place exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TTDSG. You may revoke your consent at any time via our cookie settings.

For more information about Meta’s data processing, please refer to:
https://www.facebook.com/privacy/policy/

6.7 PayHip (Course Access & Checkout Processing)

For certain products and courses, we use PayHip, a service operated by PayHip Ltd., 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. When you make a purchase or register for a course via PayHip, PayHip processes information such as your name, email address, billing address, IP address, and purchase details in order to create your customer account, grant access to purchased content, and complete payment processing. PayHip also sends necessary transactional emails such as purchase confirmations and access notifications.

The use of PayHip is based on Article 6(1)(b) GDPR, as PayHip is required for contract performance and product delivery. PayHip may use cookies or device-based identifiers depending on your consent settings.

For more information, please refer to PayHip’s privacy policy:
https://payhip.com/privacy

6.8 Thinkific (Course Hosting & Student Accounts)

For certain workshops and courses, we use Thinkific, provided by Thinkific Labs Inc., 369 Terminal Avenue, Vancouver, BC, V6A 4C4, Canada. When you register for a course hosted on Thinkific, Thinkific processes personal data such as your name, email address, IP address, course progress, login details, and purchase information (when using Thinkific Payments).

Thinkific uses cookies and similar technologies to manage your account, maintain course access, and provide learning-related functionality. Data may be transferred to Canada and, where payments involve Stripe, to the USA. These transfers are based on the EU Commission’s Standard Contractual Clauses.

Processing through Thinkific is based on Article 6(1)(b) GDPR.

For more information, please refer to Thinkific’s privacy policy:
https://www.thinkific.com/privacy-policy/

6.9 Stripe

Payments for certain products are processed through Stripe, provided by Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe processes personal data such as your name, email address, billing address, transaction information, and partial card details to complete payments and comply with financial regulations.

Stripe may transfer data to the United States, based on the EU Commission’s Standard Contractual Clauses. Stripe is independently responsible for its own regulatory and fraud-prevention processing.

Stripe is used on the basis of Article 6(1)(b) GDPR.

Stripe’s privacy policy:
https://stripe.com/privacy

6.10 PayPal

Where available, payments may be processed via PayPal, operated by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. PayPal processes payment information, IP addresses, device data, and transaction details in order to complete your payment and comply with its regulatory obligations.

The use of PayPal is based on Article 6(1)(b) GDPR.

PayPal’s privacy policy:
https://www.paypal.com/webapps/mpp/ua/privacy-full

6.11 Mollie

Payments may also be processed by Mollie, operated by Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. Mollie processes your name, email address, billing information, payment details, and transaction metadata through the payment method selected (e.g., SEPA, SOFORT, iDEAL).

The use of Mollie is based on Article 6(1)(b) GDPR, as payment processing is necessary for contract performance.

Mollie’s privacy policy:
https://www.mollie.com/en/privacy

6.12 Thinkific Payments

Some transactions on Thinkific may be processed through Thinkific Payments, which is powered by Stripe. In this case, Stripe processes your payment details, billing address, and transaction metadata to complete the payment, while Thinkific processes your customer account data.

The use of Thinkific Payments is based on Article 6(1)(b) GDPR.

Thinkific’s privacy policy:
https://www.thinkific.com/privacy-policy/

7. Cookies and Similar Technologies

Our website uses cookies and similar technologies to provide essential functions, improve performance, and (with your consent) enable analytics and advertising features.

Cookies are small text files stored on your device. Some cookies are technically necessary for the operation of the website (e.g., security, session management). Other cookies are only used after you have provided consent through our cookie banner.

You can manage your cookie preferences at any time through the cookie settings available on our website. You can also configure your browser to block or delete cookies. If you block necessary cookies, some parts of the website may not function correctly.

The use of cookies requiring consent is based on Article 6(1)(a) GDPR and, where applicable, § 25(1) TTDSG. Necessary cookies are processed based on Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the proper functioning of the website.

8. International Data Transfers

Some of the third-party providers listed in this Privacy Policy may process personal data outside the European Union, including the United States and Canada. When personal data is transferred to a country without an EU adequacy decision, such transfers are safeguarded using the European Commission’s Standard Contractual Clauses (SCCs) and additional security measures implemented by the respective provider.

These providers are contractually obligated to process personal data in compliance with European data protection standards. More detailed information can be found in the privacy policies linked in each third-party section.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

• Data related to purchases and transactions is stored for the duration of applicable statutory retention periods (e.g., tax and accounting requirements).
• Account data and course access data (via PayHip or Thinkific) are retained for as long as your account remains active.
• Analytics and marketing data are retained only for as long as consent is valid and the purpose is required.
• Server logs (via Webflow) are generally retained for a short period to ensure security and system stability.

After the applicable retention period expires, data is deleted or anonymized in accordance with legal requirements.

10. Security

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration. These measures include secure hosting environments, encryption where appropriate, access controls, and regular monitoring of our systems.

We also ensure that all third-party processors handling personal data have adequate security measures in place according to Article 28 GDPR. However, no system can guarantee absolute security. Your use of the website takes place at your own risk to the extent permitted by law.

11. Your GDPR Rights

As a data subject within the meaning of the GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15 GDPR): You may request information about the personal data we process about you.
• Right to rectification (Article 16 GDPR): You may request the correction of inaccurate or incomplete data.
• Right to erasure (Article 17 GDPR): You may request the deletion of your data where legally permissible.
• Right to restriction of processing (Article 18 GDPR).
• Right to data portability (Article 20 GDPR).
• Right to object (Article 21 GDPR): You may object to processing based on legitimate interests or to direct marketing.
• Right to withdraw consent (Article 7(3) GDPR): You may withdraw consent at any time without affecting prior processing.

You also have the right to lodge a complaint with your local supervisory authority. In the Czech Republic, this is the Úřad pro ochranu osobních údajů (UOOU).

To exercise any of these rights, please contact us at support@20kgateway.com.

12. Children’s Data

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has submitted personal data to us, please contact us immediately so we can delete the information in accordance with legal requirements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or processing activities. The updated version will always be published on https://www.20kgateway.com. Changes take effect upon publication unless stated otherwise.

14. Contact

If you have questions or concerns about this Privacy Policy or your personal data, please contact us at:

Mads Rechenburg
Email: support@20kgateway.com
Website: https://www.20kgateway.com

‍