Personal data collected through the website and the sales pages for the "30-Day Metabolic Reset" product is processed under joint controllership between:
| Controller | Role | Contact |
|---|---|---|
| Milionline Consulting FZCO Building A1, Dubai Digital Park Dubai Silicon Oasis (DSO) Dubai, United Arab Emirates Owner: Anastasiya Agarysheva |
Seller; checkout management, invoicing, customer support, payments. | [email protected] |
| Dr. Luca Varcasia, MD Italy-licensed physician, registered with the Medical Board (Ordine dei Medici) of Sassari, Italy, reg. no. 5876 Online practice, operating base in the United Arab Emirates |
Author of the educational content; responsible for processing data relating to direct interactions with customers (e.g. general, non-clinical questions). | [email protected] |
The joint controllers have defined their respective responsibilities through an internal arrangement compliant with Art. 26 GDPR. You may contact either controller to exercise your rights.
The product is purely informational. We do not collect special-category health data (Art. 9 GDPR) such as medical diagnoses, lab results, medications taken, pathological conditions, or prescriptions. The product is not a clinical service and does not involve creating any medical record.
Technical cookies. The site uses technical cookies strictly necessary for operation (e.g. managing the user session on the Whop platform at checkout). These do not require consent.
Analytics. For basic web-traffic statistics the site uses Cloudflare Web Analytics, a cookie-less, privacy-friendly solution that does not require explicit consent.
Meta Pixel (Facebook/Instagram). The site uses the Meta Pixel (Meta Platforms Ireland Ltd.), a third-party tracking tool used to measure the effectiveness of advertising campaigns and to build remarketing and lookalike audiences. The Meta Pixel may involve transferring data to third countries (e.g. the United States) on the basis of the Standard Contractual Clauses adopted by Meta. The Meta Pixel is activated only with your consent, given through the dedicated banner on the site (legal basis: Art. 6.1.a GDPR — consent). You can refuse consent with no consequence for access to the content, or withdraw it at any time by clearing the site's data from your browser. Without consent the pixel is not loaded and no data is sent to Meta. More information on Meta's processing: Meta's privacy policy.
| Purpose | Legal basis | Retention |
|---|---|---|
| Delivering the digital product and managing the contractual relationship (delivery of materials, customer support, refund handling). | Performance of a contract (Art. 6.1.b GDPR) | 10 years from the purchase date (accounting-record retention obligation) |
| Compliance with tax, accounting and anti-money-laundering obligations. | Legal obligation (Art. 6.1.c GDPR) | 10 years (Art. 2220 Italian Civil Code) |
| Customer support; replying to your questions by email. | Performance of a contract (Art. 6.1.b) + legitimate interest (Art. 6.1.f) | 3 years from the last interaction |
| Aggregate web-traffic statistics (Cloudflare Analytics). | Legitimate interest (Art. 6.1.f) — anonymized analysis | Aggregate data not attributable to the user; retention 13 months |
| Legal defense in the event of disputes. | Legitimate interest (Art. 6.1.f) | For the duration of the dispute + applicable limitation periods |
Data may be disclosed to the following parties, appointed where necessary as processors under Art. 28 GDPR:
| Recipient | Purpose | Location / Non-EU transfer |
|---|---|---|
| Whop Inc. | Payment processing, checkout management, product access, transactional emails, refund handling. | United States. Non-EU transfer covered by the European Commission's Standard Contractual Clauses (SCC) and/or the EU-US Data Privacy Framework. |
| Cloudflare, Inc. | Site hosting (Cloudflare Pages), DNS, email routing, aggregate web analytics. | United States. Cloudflare participates in the EU-US Data Privacy Framework. |
| Google LLC (Gmail / Google Workspace) | Receiving customer-support emails via Cloudflare Email Routing to the dedicated Gmail inbox. | United States. Google participates in the EU-US Data Privacy Framework. |
| Professional advisors (accountants, lawyers, etc.) | Accounting, tax and legal compliance. | Italy / United Arab Emirates (depending on the advice). Subject to professional confidentiality. |
| Competent authorities | Compliance with legal obligations, requests from judicial or supervisory authorities. | Only where formally requested by an authority with jurisdiction. |
Personal data is never sold to third parties, nor used for third-party marketing.
Given the technical infrastructure used and Milionline Consulting FZCO's operating base in the United Arab Emirates, some personal data is transferred outside the European Union, in particular to:
For all transfers, the legal safeguards adopted include:
As a data subject, you have the right at any time to:
To exercise these rights, simply write to [email protected]. We respond within 30 days of the request, unless a justified extension is needed.
If you believe your personal data is being processed in breach of the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the EU Member State where you habitually reside. UK residents may contact the Information Commissioner's Office (ICO).
The joint controllers adopt appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction or disclosure. Key measures include: HTTPS encryption in transit, system access via two-factor authentication, the principle of least privilege for staff access, and periodic audits of external processors.
This Privacy Policy may be updated in the event of significant regulatory or operational changes. The last-updated date is shown at the top of the document. Material changes will be communicated by email to registered users and through a visible notice on the site.