Privacy Policy
Last updated: July 2026
1. Who is the data controller
The data controller for this website is Paul Halpin, trading as The Closed Session (the-closed-session.com).
Contact: support@the-closed-session.com
2. What personal data we collect and why
2.1 Newsletter subscriptions (Governance Decoded)
If you subscribe to the Governance Decoded newsletter via this website, we collect your email address and, if provided, your name.
Legal basis: Your consent (GDPR Article 6(1)(a)).
Purpose: To send you the Governance Decoded newsletter and associated product announcements.
Processor: Email subscriptions are managed through Beehiiv (Beehiiv, Inc.).
Your data is stored on Beehiiv's servers. Beehiiv's Privacy Policy
is available at beehiiv.com/privacy.
You may withdraw your consent and unsubscribe at any time using the unsubscribe link included in every newsletter email.
2.2 Purchases
If you purchase a product from The Closed Session, your payment and contact data is collected and processed by Paddle (Paddle.com Market Ltd), which acts as the Merchant of Record for all transactions. Paddle's Privacy Policy is available at paddle.com/legal/privacy.
Legal basis: Performance of a contract (GDPR Article 6(1)(b)).
What we receive from Paddle: The minimum information necessary
to fulfil your order — typically your email address and the product purchased.
2.3 Website infrastructure
This website is hosted on Cloudflare Pages (Cloudflare, Inc.). Cloudflare processes standard server log data, including IP addresses and request metadata, as part of its infrastructure and security services. This data is processed by Cloudflare in accordance with its Privacy Policy at cloudflare.com/privacypolicy.
We do not use advertising trackers, third-party analytics cookies, or behavioural tracking on this site.
3. How we use your data
We use your personal data only for the purposes described above. We do not sell, rent, share, or transfer your personal data to third parties for marketing or commercial purposes. We do not use your data for automated decision-making or profiling.
4. How long we keep your data
Newsletter subscription data is retained for as long as you remain subscribed, and for a reasonable period thereafter to comply with any legal retention obligations.
Purchase-related data is retained for as long as required by applicable Italian and EU law — typically seven years for tax and accounting records.
5. Your rights under GDPR
You have the following rights in relation to your personal data:
- Access: to request a copy of the personal data we hold about you
- Rectification: to request correction of inaccurate data
- Erasure: to request deletion of your data, subject to our legal retention obligations
- Objection: to object to processing where our legal basis is legitimate interest
- Portability: to receive your data in a portable format where technically feasible
- Withdrawal of consent: to withdraw consent at any time where processing is based on consent (this does not affect the lawfulness of prior processing)
To exercise any of these rights, contact us at: support@the-closed-session.com
We will respond to all valid requests within one month. Complex requests may take up to three months; we will inform you if this is the case.
6. The right to complain
If you believe we have handled your personal data unlawfully or not in accordance with this Policy, you have the right to lodge a complaint with the Italian Data Protection Authority:
Garante per la protezione dei dati personali
www.garanteprivacy.it
If you are based in another EU member state, you may also contact your national supervisory authority.
7. International data transfers
Your data may be processed outside the European Economic Area by our processors — principally Beehiiv (US) and Cloudflare (US). Both operate under appropriate data transfer safeguards, including Standard Contractual Clauses where applicable. Please refer to their respective privacy policies for details.
Paddle's data processing arrangements are described in Paddle's own Privacy Policy, available at paddle.com/legal/privacy.
8. Updates to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, processors, or applicable law. The current version will always be available at this address. Material changes will be communicated via the website or via the Governance Decoded newsletter.
9. Contact
For any privacy-related queries, please contact:
support@the-closed-session.com