Letters by Burk

Letters by Burk

Home
Notes
Membership (25% off)
Substack & Medium Guide
Best Purchase*
About

You agree to the privacy policy below, and the Privacy Policy for Substack, the technology provider.

Privacy Policy

Last updated: Dec 9, 2025.

1. Controller (+ Impressum)

The controller under the EU General Data Protection Regulation (GDPR) is:

Burkhard Rosemann
D‑24536 Neumuenster
Germany

Email: byburk (at) icloud.com

2. Purposes of Processing and Legal Bases

2.1 Newsletter and Content

When you subscribe to the “Letters by Burk” newsletter or read content on my Substack page, personal data is processed to:

  • Send newsletters and information about writing, tools, platforms, and related topics

  • Manage your subscription (e.g. email changes, cancellations)

  • Respond to replies, comments, or contact requests

The legal bases are:

  • Your consent under Article 6(1)(a) GDPR (e.g. newsletter subscription)

  • Performance of a contract or steps prior to entering into a contract under Article 6(1)(b) GDPR (e.g. paid subscriptions)

  • Legitimate interests under Article 6(1)(f) GDPR (e.g. reach measurement, abuse prevention, IT security)

2.2 Analytics and Reach Measurement

To a limited extent, I use statistics provided by Substack (for example open and click rates) to improve the newsletter and content. This analysis is based on my legitimate interest in offering a useful and engaging service (Article 6(1)(f) GDPR).

Where consent is required for specific tracking features, processing is based on Article 6(1)(a) GDPR.

3. Categories of Data Processed

Depending on how you use my Substack, the following personal data may be processed in particular:

  • Basic and contact data: email address, and optionally your name or display name

  • Usage data: subscription type (free/paid), preferences, read posts, open and click behaviour

  • Content data: comments, replies, messages you send to me

  • Meta/communication data: IP address, date and time of access, browser and device information

  • Payment data: for paid subscriptions, payment data is processed by payment providers used by Substack (for example Stripe). I do not receive full payment card details.

4. Substack Platform (Hosting and Infrastructure)

The newsletter and website are provided via the Substack service. The provider is Substack Inc., San Francisco, USA. Substack provides the technical platform for:

  • Hosting and displaying content

  • Managing subscriptions and accounts

  • Sending emails

  • Processing paid subscriptions (together with payment service providers)

Substack acts as an independent controller and, in parts, as a processor under GDPR. For certain processing operations (such as logs, platform tracking, the Substack account system) Substack is solely responsible. Substack’s privacy policy explains in more detail which data it processes, for what purposes, and how third‑country transfers are handled.

5. Data Transfers to Third Countries (in particular USA)

Because Substack is based in the USA and uses infrastructure in third countries, personal data may be transferred to the USA or other non‑EU/EEA countries.

Such transfers only take place where the requirements of Articles 44 et seq. GDPR are met, for example through:

  • An adequacy decision by the European Commission (such as the EU‑US Data Privacy Framework, where applicable), or

  • Appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional security measures.

Please note that in some third countries there may not be a level of data protection equivalent to that in the EU and authorities may have access to data.

6. Newsletter Registration and Double Opt‑In

To receive the newsletter, you must register with your email address (and possibly additional information). After signing up you will receive an email asking you to confirm your subscription (double opt‑in).

During this process, the following data is stored:

  • Your email address

  • Any name or display name you provide

  • Date, time, and IP address of registration and confirmation

This information is required to document your consent (Articles 6(1)(c) and 6(1)(f) GDPR).

You can withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter or by contacting me using the contact details above.

7. Payment Processing and Paid Subscriptions

If you purchase a paid subscription, payment is processed via payment service providers integrated by Substack (Stripe).

In this context:

  • Payment card or bank details are transmitted directly to the payment provider

  • Transaction data (such as amount, date, payment status) is linked to your Substack account or subscription

I usually only receive the information necessary to allocate the payment to your account (for example payment status, product, amount). This data is processed for contract performance (Article 6(1)(b) GDPR) and to comply with accounting and tax obligations (Article 6(1)(c) GDPR).

For further information on how payment providers process your data, please refer to their own privacy notices.

8. Comments, Replies, and Contact

If you comment on posts, reply to emails, or contact me directly, the data you provide (for example email address, name, message content) is processed in order to handle your request.

The legal bases are:

  • Article 6(1)(b) GDPR, where the communication relates to your subscription or other contractual matters

  • Article 6(1)(f) GDPR, as there is a legitimate interest in communicating with readers and subscribers

9. Affiliate Links and Advertising

Some of the links in my posts and emails are affiliate links. Those links are marked with an * symbol.

When you click such a link and later make a purchase, I may receive a commission at no extra cost to you.

Affiliate programs and networks may use cookies or similar technologies to track whether you have clicked a link from this publication and completed a purchase on a partner site. This may involve processing of your IP address, device information, time of click, and information about subsequent purchases.

The legal basis for this processing is my legitimate interest in monetizing and financing this publication (Article 6(1)(f) GDPR). Where affiliate cookies or comparable tracking technologies are not strictly necessary, the partner’s processing may additionally be based on your consent given on the partner website (Article 6(1)(a) GDPR).

I do not have access to the full personal data processed by affiliate networks or partner shops. For detailed information about data processing by these third parties, please refer to the privacy policies of the respective partner websites and affiliate networks.

10. Storage Period

Your data is stored only for as long as necessary for the purposes described or where there are statutory retention obligations. Typical periods are:

  • Newsletter data: for the duration of your subscription; after you unsubscribe, your data is removed from active mailing lists or retained on a suppression list to prevent unwanted future mailings

  • Contract and accounting data (for example for paid subscriptions): stored in line with tax and commercial law requirements, typically up to 10 years

  • Communication data: retained as long as necessary to process your request and, where applicable, for documentation

11. Your Rights under GDPR

Under applicable law, you have the following rights:

  • Right of access (Article 15 GDPR)

  • Right to rectification (Article 16 GDPR)

  • Right to erasure (“right to be forgotten”, Article 17 GDPR)

  • Right to restriction of processing (Article 18 GDPR)

  • Right to data portability (Article 20 GDPR)

  • Right to object to certain processing (Article 21 GDPR)

  • Right to withdraw consent at any time with future effect (Article 7(3) GDPR)

To exercise your rights, you can contact me using the contact details set out above. For processing where Substack acts as an independent controller, you may also need to contact Substack directly.

12. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR. You may contact any data protection authority within the EU.

13. Obligation to Provide Data

Providing your email address is required to send you the newsletter. Without this data, a subscription is not possible.

For paid subscriptions, you must also provide the information required for payment and billing. Without this information, a paid subscription cannot be set up.

14. Exports and Further Processing outside Substack

I do not currently export newsletter subscriber data from Substack into other systems. Processing of your data therefore takes place only within Substack and for the purposes described in this policy.

If this changes in the future (for example, if I start to use additional tools or external systems), this privacy policy will be updated and additional services, purposes, and legal bases will be described here.

15. Cookies and Similar Technologies

Substack uses its own cookies and similar technologies to provide the website, enable security features, and generate basic statistics. I have only limited influence over the scope and technical details of these cookies.

Where cookies or similar technologies involve the processing of personal data based on consent, the legal basis is Article 6(1)(a) GDPR. For strictly necessary cookies, processing is based on Article 6(1)(f) GDPR (legitimate interest in providing a secure and functional service).

Details on cookies used by Substack are provided in Substack’s own privacy policy.

16. Changes to this Privacy Policy

This privacy policy may be updated if legal requirements, data processing activities, or the services offered change. The latest version is always available on my Substack page.

If any changes significantly affect your consent, you will be informed separately and, where required, new consent will be requested.

© 2025 Burk · Publisher Privacy
Substack · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture