Privacy Policy

Last updated: 11-01-2026

This Privacy Policy describes how Stepup2ecommerce, operating under the personal brand “Osman Okumus” (“we”, “us”, “our”), collects, uses, discloses and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable international data protection laws.

1. Data Controller

Stepup2ecommerce
Trading as: Osman Okumus
Website: https://osmanokumus.com
Business address: mercuriusstraat 16, 6043 EX, Roermond, The Netherlands
Email (privacy matters): [email protected]

2. Scope

This Privacy Policy applies to all visitors, users, customers, leads, and subscribers interacting with:

  • Our websites and sales funnels hosted on HighLevel

  • Our advertising campaigns (Meta / Facebook)

  • Our email communications (Google Workspace)

  • Our payment and checkout processes (Stripe)

3. Categories of Personal Data Collected

We may process the following categories of personal data:

Identification & Contact Data

  • Full name

  • Email address

Transactional Data

  • Purchase history

  • Payment status

  • Stripe customer identifiers

  • Partial billing information as required for legal and accounting purposes

Technical & Usage Data

  • Device information

  • Browser data

  • Event tracking via Meta Pixel

  • Cookie identifiers

  • Approximate location data

  • IP addresses collected by third-party processors (e.g. Meta, Stripe, hosting providers)

Marketing & Behavioral Data

  • Funnel interactions

  • Page views

  • Email open and click behavior

  • Ad engagement and retargeting audiences

We do not intentionally collect special category data (Article 9 GDPR).

4. Lawful Bases for Processing (Article 6 GDPR)

Processing is based on one or more of the following legal grounds:

  • Performance of a contract

  • Consent (opt-ins, cookies, marketing communication)

  • Legitimate interest (marketing, analytics, security, business development)

  • Legal obligation (tax, accounting, fraud prevention)

5. Purposes of Processing

Personal data is processed for:

  • Account creation and access

  • Order processing and payment handling

  • Delivery of digital products and services

  • Customer support

  • Email communication and marketing

  • Advertising and retargeting (Meta Pixel)

  • Funnel optimization and analytics

  • Fraud prevention and platform security

  • Legal and compliance obligations

6. Cookies & Tracking Technologies

We use cookies and similar technologies, including but not limited to:

  • Meta (Facebook) Pixel

  • HighLevel tracking

  • Future session-recording and heat-mapping tools (e.g. Hotjar)

These tools may collect behavioral and technical data to measure conversions, improve user experience, and deliver personalized advertising.

Users may manage or withdraw cookie consent via browser settings or our cookie banner.

7. Third-Party Processors

We use the following categories of processors:

  • Payment processing: Stripe

  • Funnel & CRM: HighLevel

  • Email & communications: Google Workspace

  • Advertising & analytics: Meta Platforms Inc.

  • Hosting & infrastructure providers

  • Future UX analytics providers (e.g. Hotjar)

All processors operate under GDPR-compliant Data Processing Agreements and Standard Contractual Clauses where required.

8. International Data Transfers

Data may be transferred outside the European Economic Area. Such transfers are safeguarded by:

  • EU Standard Contractual Clauses

  • Adequacy decisions

  • Appropriate technical and organizational measures

9. Data Retention

Personal data is retained:

  • Until the data subject unsubscribes

  • Or until prolonged inactivity (e.g. no engagement after multiple communications)

  • Or as required by legal retention obligations

Transactional records are retained in accordance with Dutch tax law.

10. Data Subject Rights

Under Articles 12–23 GDPR, you have the right to:

  • Access your personal data

  • Rectification

  • Erasure (“right to be forgotten”)

  • Restriction of processing

  • Data portability

  • Objection to processing

  • Withdrawal of consent

  • Lodge a complaint with a supervisory authority

Requests may be submitted to: [email protected]

11. Automated Decision-Making & Profiling

We use automated profiling for advertising and marketing optimization (e.g. Meta ad audiences). No decisions producing legal or similarly significant effects are made solely by automated means.

12. Security Measures

We implement appropriate technical and organizational security measures including:

  • Encrypted data transmission

  • Access control

  • Secure hosting

  • Processor compliance verification

13. Policy Updates

We reserve the right to amend this Privacy Policy at any time. The current version will always be published on our website with the effective date.