How It WorksCompareAbout UsFree BooksFAQ Get Published
EnglishDeutsch

Privacy Policy

Last updated: June 2026

Preamble

With this privacy policy we inform you about which personal data (hereinafter „data“) we process when you visit this website and use our services, for which purposes and on which legal basis, and which rights you have.

We have deliberately kept this policy lean and describe only the processing activities that actually take place on this website. This is a convenience translation; in the event of any discrepancy, the German version prevails.

Controller

Lucid Page Media is an imprint of Orbita Media GmbH. The controller within the meaning of the General Data Protection Regulation is:

Orbita Media GmbH
Ericusspitze 4
20457 Hamburg, Germany

E-mail: contact@lucidpagemedia.com
Telephone: +49 15679 036138

We are not legally required to appoint a data protection officer. For any data protection questions, you can reach us at the contact details above.

Overview of processing activities

The following overview summarises the types of data processed, the purposes of processing and the categories of data subjects.

Types of data processed

  • Master data (e.g. name).
  • Contact data (e.g. e-mail address, telephone number).
  • Content data (e.g. entries in our forms, details about your book).
  • Usage data (e.g. pages visited, time of access, interest in content).
  • Meta, communication and procedural data (e.g. IP addresses, time stamps, proof of consent).

Categories of data subjects

  • Visitors to this website (users).
  • Interested parties and communication partners.
  • Authors and applicants who use our forms.

Purposes of processing

  • Provision of the website and user-friendliness.
  • Security measures and prevention of abuse.
  • Communication and handling of enquiries.
  • Initiation and handling of publishing and distribution relationships.
  • Reach measurement and optimisation of our service.
  • Compliance with legal obligations.

Relevant legal bases

The following is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the GDPR, the German Federal Data Protection Act (BDSG) and the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG) also apply.

  • Consent (Art. 6(1)(1)(a) GDPR) – You have given your consent to the processing for one or more specific purposes (e.g. statistics with Google Analytics or Microsoft Clarity).
  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(1)(b) GDPR) – Processing is necessary for the performance of a contract or to carry out pre-contractual measures (e.g. handling your book or book tester enquiry).
  • Legal obligation (Art. 6(1)(1)(c) GDPR) – Processing is necessary to comply with a legal obligation.
  • Legitimate interests (Art. 6(1)(1)(f) GDPR) – Processing is necessary to safeguard our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override them (e.g. secure and stable operation of the website, prevention of spam, cookieless reach measurement).

Note on national law (TDDDG): Where we store information on your device or access information already stored on it (e.g. consent-based statistics scripts), we do so on the basis of your consent pursuant to Section 25(1) TDDDG. Storing your cookie choice itself is strictly necessary and permitted without consent under Section 25(2) no. 2 TDDDG.

Security measures

In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. These include in particular the continuous encryption of data transmission via TLS/HTTPS, protection against unauthorised access, an upstream security layer to fend off attacks, as well as procedures to safeguard data subjects' rights and to erase data that is no longer required.

With all service providers who process data on our behalf, we have – where required – concluded data processing agreements pursuant to Art. 28 GDPR.

International data transfers

Our website is operated in a data centre in Germany. Some of the services used are provided by companies whose registered office or parent company is located in the USA (in particular Cloudflare and – only with your consent – Google and Microsoft). Insofar as data is transferred to the USA, we base this on the European Commission's adequacy decision regarding the EU-US Data Privacy Framework (Art. 45 GDPR) where the respective provider is certified, additionally on EU Standard Contractual Clauses (Art. 46 GDPR), and – for consent-based services – on your express consent pursuant to Art. 49(1)(a) GDPR.

Despite these safeguards, there is in principle a risk in the USA that authorities may access data for security and surveillance purposes without you having effective legal remedies against this to the same extent as in the EU. We expressly point this out to you here.

Retention and erasure of data

We erase personal data as soon as the purpose of its processing no longer applies and no statutory retention obligations prevent erasure. Server logs are deleted or anonymised after a short period. Enquiries submitted via our forms are processed until they have been conclusively handled, or for as long as the resulting business relationship continues. Statutory retention periods (e.g. under commercial and tax law) remain unaffected; for the duration of those periods we restrict the processing of the data accordingly.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of your data carried out on the basis of Art. 6(1)(f) GDPR.
  • Withdrawal of consent (Art. 7(3) GDPR): You may withdraw consent you have given at any time with effect for the future.
  • Right of access (Art. 15 GDPR): You may request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data or the completion of data concerning you.
  • Right to erasure and restriction (Art. 17 and 18 GDPR): You may request the erasure of your data or the restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format.
  • Complaint to a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Strasse 22, 20459 Hamburg, Germany.

Provision of the website and web hosting

In order to provide this website, we process certain technical data. This processing is necessary to display the content to you securely and reliably.

Server hosting (Hetzner): Our website is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in a data centre in Germany, and operated via the Coolify container platform. When you access the website, the server automatically processes access data (so-called server log files): the IP address of the requesting device, the date and time of access, the page accessed, the volume of data transferred, the previously visited page (referrer) as well as browser type and operating system. This data is technically required to deliver the website, ensure its stability and security and fend off attacks.

Content delivery network and security layer (Cloudflare): We use services of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, as an upstream content delivery network (CDN) and reverse proxy for secure and fast delivery and to fend off attacks. In doing so, Cloudflare processes the connection data required for delivery, in particular your IP address. Cloudflare is certified under the EU-US Data Privacy Framework.

  • Types of data processed: usage data, meta/communication data (in particular IP address, time of access).
  • Purposes: provision of the website, security and prevention of abuse.
  • Recipients: Hetzner Online GmbH, Cloudflare, Inc.
  • Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR) and Section 25(2) no. 2 TDDDG for the operations strictly necessary for secure delivery.

Self-hosted web fonts (no Google Fonts)

We use the „Poppins“ font, but deliver it exclusively self-hosted from our own server. When you access the website, no connection is therefore established to servers of Google or other third parties, and no data – in particular no IP address – is transferred to third parties for this purpose. This privacy-friendly delivery serves our legitimate interest in a consistent, fast and confidential presentation of our website (Art. 6(1)(1)(f) GDPR).

Storage on your device and consent management (cookie banner)

For the operation of this website we use only a technically necessary minimum of storage on your device. Instead of classic cookies, we use your browser's local storage (localStorage) for this purpose.

Necessary storage: We store only the consent choice you make via the banner locally in your browser. No cookies or comparable identifiers are transferred to third parties without your consent. This storage is necessary so that we can respect your privacy decision and is permitted without consent under Section 25(2) no. 2 TDDDG.

Optional content: Consent-based statistics services (see below) are loaded only after you have given your consent via our consent banner. You can change or withdraw your choice at any time via the „Cookie settings“ link in the footer.

  • Legal basis: consent (Art. 6(1)(1)(a) GDPR and Section 25(1) TDDDG) for optional content; Section 25(2) no. 2 TDDDG for the necessary storage of the choice.

Contacting us

When you contact us by e-mail or via our forms, we process the data you provide (in particular name, e-mail address and the content of your message) in order to handle your enquiry.

  • Types of data processed: master, contact and content data.
  • Purposes: handling enquiries and communication.
  • Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(1)(b) GDPR) where the enquiry is directed at a contract, otherwise legitimate interests (Art. 6(1)(1)(f) GDPR) in answering your request.

„Get published“ and „Become a book tester“ forms

Via our forms you can submit a book project for publication („Get published“) or apply to become a book tester („Become a book tester“). These forms are provided and processed via our own tool „FormFlow“ (formflow.orbita-media.de), which is operated on the same Hetzner/Coolify stack in Germany. No transfer to third-party providers such as Typeform takes place.

In doing so, we process the data you enter – in particular your contact data (name, e-mail address, telephone number where applicable) and your details about the book or your application – in order to handle your enquiry and to initiate and carry out the business relationship. The processing of applications submitted via the book tester form is supported by Pegoa Books GmbH & Co. KG; the controller remains Orbita Media GmbH.

  • Types of data processed: master, contact and content data.
  • Purposes: initiation and handling of publishing and distribution relationships, processing of applications.
  • Recipients: Orbita Media GmbH, Pegoa Books GmbH & Co. KG (for book tester applications), Hetzner Online GmbH (hosting).
  • Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(1)(b) GDPR).

Payments (PayPal)

For the processing of payments we use the payment service provider PayPal. The payment infrastructure is provided via our associated company Pegoa Books GmbH & Co. KG, Am Sandtorkai 27, 20457 Hamburg, Germany. When you make a payment via PayPal, the data required for this (in particular your payment and contact data) is transferred to PayPal; PayPal's privacy provisions additionally apply. We ourselves only process the details required to allocate and record the payment in this context.

  • Types of data processed: master, contact and contract data (payment-related).
  • Purposes: processing of payments.
  • Recipients: PayPal, Pegoa Books GmbH & Co. KG.
  • Legal basis: performance of a contract (Art. 6(1)(1)(b) GDPR) and legal obligation (Art. 6(1)(1)(c) GDPR) for retention under tax and commercial law.

Reach measurement and web analytics

In order to understand and improve our service, we measure the reach of our content. The consent-based services are loaded only after you have consented to the „Statistics“ category in the consent banner.

Plausible Analytics (self-hosted): We operate Plausible Analytics on our own server in Germany (plausible.orbita-media.de). Plausible works without cookies, does not create cross-device profiles and does not pass data on to third parties. Only aggregated, anonymous metrics are recorded (e.g. pages accessed, approximate region of origin, device type). Identification of individual persons is therefore not possible. Processing is based on our legitimate interest in privacy-friendly reach measurement (Art. 6(1)(1)(f) GDPR).

Google Analytics 4: In addition – only with your consent – we use Google Analytics 4, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, USA). Google Analytics uses cookies and similar technologies and in doing so also transfers data – including your truncated IP address (IP anonymisation) – to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.

Microsoft Clarity: Also only with your consent, we use Microsoft Clarity, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA. Clarity creates anonymised heatmaps and session recordings of your interactions (e.g. mouse and scroll movements, clicks) in order to analyse and improve the usability of our website. Data may be transferred to Microsoft servers, including in the USA.

  • Types of data processed: usage data, meta/communication data (in particular truncated IP address, device and access information, interaction data).
  • Purposes: reach measurement, analysis of usage behaviour, optimisation of our service.
  • Recipients: Google Ireland Limited / Google LLC, Microsoft Corporation; Plausible is operated exclusively by ourselves.
  • Legal basis: for Google Analytics 4 and Microsoft Clarity your consent (Art. 6(1)(1)(a) GDPR and Section 25(1) TDDDG); for the cookieless Plausible Analytics legitimate interests (Art. 6(1)(1)(f) GDPR).
  • Withdrawal: at any time via the „Cookie settings“ link in the footer.

Social media presences

We maintain a publicly accessible presence on Facebook in order to provide information about our offers and to communicate with users. The link on our website only opens the network after you click it; no data is transferred simply by accessing our page.

If you visit our profiles within the network or interact with us, the data protection provisions and terms of use of the operator additionally apply. The data processing by the network itself is beyond our control.

  • Purposes: public relations and communication.
  • Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR) in effective information and communication.

Changes and updates to this privacy policy

We ask you to inform yourself regularly about the content of this privacy policy. We adapt it as soon as changes to the processing we carry out or to the legal framework make this necessary. Where your involvement is required (e.g. consent), we will notify you separately.