Plain-language glossary of terms used in this policy:

GDPR — General Data Protection Regulation. The European Union law that protects your personal data and gives you rights over how it is used. It applies to any website that collects data from people in the EU, regardless of where the website owner is based.

EEA — European Economic Area. The 27 EU member states plus Iceland, Liechtenstein, and Norway. GDPR applies across the whole EEA.

Data Controller — the person or organisation that decides why and how your personal data is collected and used. In this case, that is Petra Piperati.

Data Processor — a third party that handles data on behalf of the Data Controller (for example, Substack stores your email so we can send the newsletter).

Personal data — any information that can identify you directly or indirectly, such as your email address or IP address.

Legal basis — GDPR requires a specific legal reason to collect and use personal data. We explain ours in Section 3.

IP address — a numerical label assigned to your device when it connects to the internet. It can indicate your approximate location.

BfDI — Bundesbeauftragte für den Datenschutz und die Informationsfreiheit. Germany's Federal Commissioner for Data Protection and Freedom of Information — the supervisory authority you can complain to if you are in Germany.

Contents

Who we are
What data we collect
Why we collect it (legal basis)
How we use your data
Where data is stored
How long we keep it
Your GDPR rights
Third-party services
Cookies
Minors
Changes to this policy
Contact & complaints

Who we are

Petra Piperati operates The Burned Out Diaries at burnedoutdiaries.com. For the purposes of the GDPR (General Data Protection Regulation — the EU law governing personal data), Petra Piperati is the Data Controller — meaning we decide how and why your data is used.

Contact: confide@burnedoutdiaries.com

This policy applies to all personal data collected through burnedoutdiaries.com, including the newsletter subscription form, email correspondence, and any interactive features on this site.

What data we collect

Data you provide directly

Email address — when you subscribe to the newsletter or download the Corporate Jargon Detox guide
Name — only if you voluntarily include it in email correspondence
Message content — if you email us at confide@burnedoutdiaries.com

Data collected automatically

Browser and device type — collected by Substack and Carrd for functional purposes
IP address (your device's internet identifier) — used only for security and anonymised analytics
Page visit data — anonymised analytics such as pages visited and time on page, collected via Google Analytics (see Section 8)
Cookie data — see Section 9 and our full Cookie Policy for details

We do not collect sensitive personal data such as health information, financial details, political opinions, or biometric data.

Why we collect it (legal basis)

GDPR (Article 6) requires us to have a specific legal reason — called a legal basis — for each type of data we collect. Here are ours:

Consent (Art. 6(1)(a)) — for newsletter subscription, lead magnet delivery, and analytics cookies. You can withdraw consent at any time by clicking "Unsubscribe" in any email, or by adjusting your cookie preferences.
Legitimate interests (Art. 6(1)(f)) — for basic site security and understanding how visitors use the site in aggregate. We have assessed that this does not override your privacy rights.
Legal obligation (Art. 6(1)(c)) — if required to comply with applicable law.

We never rely on pre-ticked boxes, bundled consent, or vague "by using this site you agree" language. Consent is always specific, informed, and freely given.

How we use your data

To deliver the Corporate Jargon Detox PDF you subscribed for
To send The Burned Out Diaries newsletter (you can unsubscribe at any time)
To respond to direct email enquiries
To understand how visitors use the site via anonymised analytics (Google Analytics, with your consent)
To monitor site performance and fix technical issues
To comply with legal obligations if required

We will never sell, rent, or share your personal data with third parties for their own marketing purposes. Full stop.

Where data is stored

Your email address and subscription data are stored by Substack, Inc., a company based in the USA. Substack is certified under the EU–US Data Privacy Framework, which means it meets the EU's standards for protecting personal data transferred outside the EEA (European Economic Area — the EU plus Iceland, Liechtenstein, and Norway).

The website is hosted by Carrd. Carrd stores minimal technical data and applies Standard Contractual Clauses (SCCs — legal agreements approved by the European Commission) for any data transfers outside the EEA.

Google Analytics is used to understand how visitors use this site. Google may transfer anonymised data to servers outside the EEA. Google LLC is certified under the EU–US Data Privacy Framework. Analytics cookies are only set with your explicit consent via the cookie banner.

Email correspondence sent to confide@burnedoutdiaries.com is stored on our email provider's servers within the EEA where possible.

How long we keep your data

Newsletter subscribers — your email is kept for as long as you are subscribed. After unsubscribing, it is removed from the active list within 30 days.
Email correspondence — kept for up to 2 years, then deleted.
Analytics data — anonymised and aggregated by Google Analytics. We have set the data retention period to 14 months inside Google Analytics.

You can request deletion of your data at any time — see Section 7.

Your GDPR rights

Under GDPR, you have the following rights. To exercise any of them, email confide@burnedoutdiaries.com with the subject line "Data Request — [right you are exercising]". We will respond within 30 days.

Right of access (Art. 15) — request a copy of the personal data we hold about you
Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data
Right to erasure (Art. 17) — ask us to delete your personal data (the "right to be forgotten")
Right to restrict processing (Art. 18) — ask us to pause how we use your data while a dispute is resolved
Right to data portability (Art. 20) — request your data in a common machine-readable format so you can move it elsewhere
Right to object (Art. 21) — object to us using your data based on legitimate interests
Right to withdraw consent — unsubscribe at any time via the link in any email, or update your cookie preferences at any time

You also have the right to complain to a supervisory authority — the data protection regulator in your country. In Germany, this is the BfDI (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit — Federal Commissioner for Data Protection) at bfdi.bund.de. In Greece: Hellenic Data Protection Authority (dpa.gr).

Third-party services

We use the following third-party services. Each acts as a Data Processor on our behalf — meaning they handle data according to our instructions and are contractually bound to protect it.

Substack, Inc. (USA) — newsletter delivery and subscriber management. Your email address is stored by Substack. Certified under the EU–US Data Privacy Framework. Privacy Policy →
Carrd — website hosting. Stores minimal technical/session data. Privacy Policy →
Google Analytics (Google LLC, USA) — anonymised website analytics. We use Google Analytics to understand how visitors use this site in aggregate — for example, which pages are visited most. No personal profiles are built. No advertising features are enabled. Analytics cookies are only set after you give explicit consent via the cookie banner. Google LLC is certified under the EU–US Data Privacy Framework. You can opt out at any time via the cookie settings link in the footer. Google Privacy Policy →
Google Fonts (Google LLC, USA) — fonts loaded from Google's servers. This transfers your IP address to Google as a technical necessity of loading the font files. Google Privacy Policy →

We do not use Facebook Pixel, Google Ads, or any behavioural advertising trackers.

Cookies

Cookies are small text files stored in your browser. They help the site function and, with your consent, help us understand how it is used. See our full Cookie Policy → for the complete list.

Strictly necessary cookies — required for the site to function. No consent needed.
Analytics cookies (Google Analytics) — only set after you explicitly accept via the cookie banner.
No advertising or tracking cookies are used on this site.

You can change your cookie preferences at any time via the "Cookie settings" link in the footer of any page.

Minors

This site is intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has submitted data to us, please contact us at confide@burnedoutdiaries.com and we will delete it immediately.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most current version. If we make significant changes — for example, adding a new third-party service or changing how we use your data — we will notify active subscribers by email.

Contact & complaints

Petra Piperati
The Burned Out Diaries

confide@burnedoutdiaries.com

We respond within 30 days. If you are not satisfied with our response, you have the right to complain to your national data protection authority.

Privacy Policy& GDPR