Privacy Policy

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] This Privacy Policy is a DRAFT and does not constitute legal advice. It must be reviewed and approved by qualified counsel before publication.

This Privacy Policy explains how we collect, use, store and protect personal data when you visit and use my-own-dolls.com (the "Service"), a paid 18+ subscription platform offering adult photo content. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG).

The controller responsible for data processing within the meaning of Art. 4(7) GDPR is: [[PLACEHOLDER: legal/company name]], [[PLACEHOLDER: street address, postal code, city, Germany]], VAT/USt-IdNr. [[PLACEHOLDER: USt-IdNr]]. You can reach us at [[PLACEHOLDER: contact email]]. Full corporate and contact details are also set out in our Imprint (Impressum).

Because of the sensitive, adult nature of the Service, we apply heightened safeguards. We never store your full payment card number, and our age-verification process stores only a verification token or status flag, not your identity documents (see Sections 5 and 6).

We have appointed a Data Protection Officer. You can contact our DPO on all questions relating to the processing of your personal data and the exercise of your rights under the GDPR at: [[PLACEHOLDER: DPO name / firm]], [[PLACEHOLDER: DPO postal address]], email [[PLACEHOLDER: dpo@ contact email]].

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Counsel should confirm whether a DPO is mandatory under Art. 37 GDPR / Sec. 38 BDSG for this operation. Given that the Service involves large-scale processing relating to a sensitive area and behavioural monitoring of users, appointment of a DPO is strongly advisable and may be legally required.

Account and identity data: username/display name, email address, hashed password, account status, language and content preferences, and the age-verification status associated with your account.

Subscription and transaction data: subscription tier, start and renewal dates, billing status, partial/masked card details and a payment-processor transaction reference or token, invoices and refund records. We do not receive or store your full primary account number (PAN), CVV/CVC or full card expiry — these are handled exclusively by our payment processor (see Section 5).

Usage and technical data: IP address, device and browser type, operating system, approximate location derived from IP, pages and content viewed, watch/playback events, session timestamps, referrer and log data, and cookie/identifier data (see our Cookie Policy).

Communications data: messages, support tickets, abuse or content-removal reports, and any correspondence you send us.

Age-verification data: a verification outcome (e.g. "verified adult") and a non-reversible token or reference returned by our age-verification provider. We are not provided with, and do not retain, the underlying identity documents, biometric data or document images used by the provider during the check.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Confirm with counsel whether any data category here qualifies as a "special category" under Art. 9 GDPR (e.g. inferences about sexual orientation from content consumption) and document the applicable Art. 9(2) condition.

Providing the Service and your account (account creation, login, delivering subscribed content, customer support): the legal basis is performance of a contract or steps prior to entering into a contract under Art. 6(1)(b) GDPR.

Processing payments, subscriptions, renewals, invoicing and chargebacks: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (compliance with tax, accounting and bookkeeping obligations under German law).

Age verification and operating a closed user group: we are legally required to ensure that adult content is only accessible to adults and through a closed user group under the German Interstate Treaty on the Protection of Minors in the Media (JMStV). The legal basis is Art. 6(1)(c) GDPR (legal obligation) and our legitimate interest in lawful operation under Art. 6(1)(f) GDPR.

Security, fraud prevention, abuse detection and content-integrity measures (including detecting and preventing illegal content and protecting our infrastructure): Art. 6(1)(f) GDPR (legitimate interests) and, where applicable, Art. 6(1)(c) GDPR.

Cookies, analytics and any marketing: storing or accessing information on your device requires your consent under Sec. 25 TDDDG; the corresponding processing of personal data is based on your consent under Art. 6(1)(a) GDPR, except where strictly necessary cookies rely on Art. 6(1)(f) GDPR. You can withdraw consent at any time (see Section 8 and our Cookie Policy).

Legal compliance and claims (responding to lawful requests, complying with the EU Digital Services Act (DSA), card-network rules, and mandatory reporting of illegal material): Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Where we rely on legitimate interests (Art. 6(1)(f)), a documented balancing test should be maintained and summarised here on request.

We use carefully selected service providers (processors) who act on our instructions under data processing agreements pursuant to Art. 28 GDPR. We do not sell your personal data. The categories of recipients are:

Hosting and infrastructure: [[PLACEHOLDER: Hetzner Online GmbH]], providing servers and storage within the EU (Germany/Finland). Content delivery network (CDN): [[PLACEHOLDER: CDN provider]], used to serve media efficiently.

Payment processing: [[PLACEHOLDER: payment processor / acquirer name]], which handles card and alternative payments. Card data is collected and processed directly by the processor in a PCI-DSS compliant environment; we receive only masked details and a transaction reference. Payments on the billing descriptor appear as [[PLACEHOLDER: billing descriptor]].

Age verification: [[PLACEHOLDER: age-verification provider]], which performs the identity/age check and returns only a verification token or status to us, as described in Sections 3 and 6.

Email and communications: [[PLACEHOLDER: transactional email/ESP provider]], used to send account, billing and support messages.

We may also disclose data to professional advisers, auditors, tax authorities, and law-enforcement or regulatory bodies where legally required, including reports of illegal content to the German Federal Criminal Police Office (BKA) and INHOPE/hotline channels.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Maintain a current, complete record of all processors with their roles, locations and safeguards; verify each Art. 28 DPA is in place before launch.

No card data stored: we have designed the Service so that we never store your full payment card number, security code or full expiry date. These are entered into and processed solely by our PCI-DSS compliant payment processor. We retain only the information necessary to manage your subscription and meet bookkeeping obligations, such as a masked card fragment, a processor token/reference, and invoice records.

Age-verification tokens only: to comply with the JMStV closed-user-group requirement and applicable card-network adult-content rules, your age is verified by an external provider. We store only the verification outcome and a token/reference; we do not store, and generally do not receive, copies of identity documents, selfies or biometric data. Document handling and any retention of source documents are governed by the provider's own privacy notice.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Counsel should confirm the exact data flow with the chosen age-verification provider and whether 18 U.S.C. §2257-style record-keeping (driven by Visa/Mastercard adult-content rules) imposes any custodian-of-records or retention obligations that affect this section. Custodian of records (if applicable): [[PLACEHOLDER: custodian-of-records name and address]].

Our primary hosting and storage take place within the European Union. Where a processor or sub-processor transfers personal data to a country outside the European Economic Area (a "third country"), we ensure an adequate level of protection in accordance with Chapter V of the GDPR.

Such safeguards include transfers to countries covered by a European Commission adequacy decision, or transfers based on the EU Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR, supplemented where necessary by additional technical and organisational measures.

You can request a copy of, or information about, the safeguards we rely on for a specific transfer by contacting our DPO (Section 2).

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] List the specific third-country recipients (e.g. CDN edge locations, email provider, payment processor) and the exact transfer mechanism for each, including any transfer impact assessments.

We keep personal data only for as long as necessary for the purposes described in this policy, after which it is deleted or anonymised.

Account data is retained for the duration of your subscription/account and for a reasonable period afterwards to handle disputes and reactivation, after which it is deleted. Billing, invoicing and tax records are retained for the statutory retention periods under German commercial and tax law (generally up to ten years under the HGB/AO). Server, security and access logs are retained for a short period for security and troubleshooting and then deleted or anonymised.

Age-verification tokens/status are retained for as long as your account exists and as required to demonstrate compliance with youth-protection obligations. Cookie and consent records are retained as set out in our Cookie Policy. Records relating to abuse reports or illegal-content investigations may be retained longer where required to comply with legal obligations or to establish, exercise or defend legal claims.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Replace the above with a concrete retention schedule per data category and confirm the applicable statutory periods with counsel.

Subject to the conditions in the GDPR, you have the right to: access your personal data (Art. 15); rectify inaccurate data (Art. 16); request erasure (Art. 17); restrict processing (Art. 18); data portability (Art. 20); and object to processing based on legitimate interests (Art. 21).

Where processing is based on your consent (e.g. non-essential cookies), you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).

Right to object: you have the right to object, on grounds relating to your particular situation, to processing based on Art. 6(1)(f). Where we process data for direct marketing, you may object at any time, after which we will stop such processing.

To exercise any of these rights, contact us at [[PLACEHOLDER: privacy/contact email]] or our DPO (Section 2). We may need to verify your identity, in a privacy-protective manner appropriate to the sensitive nature of the Service, before acting on a request. We will respond within one month, extendable by two further months for complex requests, as permitted by Art. 12(3) GDPR. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

Our competent supervisory authority is [[PLACEHOLDER: name of the competent German State Data Protection Authority]], [[PLACEHOLDER: authority address and contact details]].

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Insert the correct lead supervisory authority based on the controller's registered seat (e.g. the State Commissioner for Data Protection of the relevant Bundesland).

We use cookies and similar technologies. Strictly necessary cookies are required to operate the Service, maintain your session and enforce the closed user group; non-essential cookies (e.g. analytics) are used only with your consent under Sec. 25 TDDDG.

Full details of the cookies and similar technologies we use, their purposes, durations, and how to manage or withdraw your consent, are set out in our separate Cookie Policy, which forms part of this Privacy Policy. You can change your preferences at any time via the cookie settings on the Service.

We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect personal data against unauthorised access, loss, alteration or disclosure. These include encryption in transit (TLS), encryption or hashing of sensitive credentials, access controls, network segmentation, logging and monitoring, and contractual safeguards with our processors.

Given the sensitivity of adult-content usage data, we apply data-minimisation and confidentiality-by-design principles. No method of transmission or storage is completely secure, but we continually review and improve our measures.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Confirm the breach-notification process and timelines (Art. 33/34 GDPR) and the contact point for reporting suspected breaches.

The Service is strictly for adults aged 18 or over. We do not knowingly process the personal data of minors, and access is gated behind age verification and a closed user group as required by the JMStV.

We operate a zero-tolerance policy toward child sexual abuse material (CSAM) and other illegal content. Suspected illegal material is reported to the competent authorities, including the German Federal Criminal Police Office (BKA) and INHOPE-affiliated hotlines, and handled in line with our obligations under the EU Digital Services Act (DSA). We also provide notice-and-action and removal mechanisms, including for non-consensual intimate imagery (NCII), consistent with applicable law (e.g. DMCA notices and NCII/"TAKE IT DOWN" requirements). See our separate Content, DSA and Takedown policies for details.

We may use automated checks for fraud prevention, payment risk scoring and abuse/illegal-content detection. Where any such processing produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR, we will ensure an applicable legal basis and, where required, provide the right to human intervention, to express your point of view and to contest the decision.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] Confirm whether any automated process meets the Art. 22 threshold and document safeguards accordingly.

We may update this Privacy Policy from time to time to reflect changes in our processing, technology or legal requirements. The current version is always available on the Service, with the "last updated" date shown. Material changes will be communicated through appropriate means.

For any questions about this Privacy Policy or your personal data, contact: [[PLACEHOLDER: company name]], [[PLACEHOLDER: postal address]], email [[PLACEHOLDER: privacy/contact email]]; or our DPO at [[PLACEHOLDER: dpo@ contact email]].

Effective date: [[PLACEHOLDER: effective date]]. Version: [[PLACEHOLDER: version number]].